New Linux Rootkit Attacks Internet Users

cd511 New Linux Rootkit Attacks Internet Users



Incapsula Protection



Printer Backdoor



Hardware malware



Nuclear Plant hacked



Java zero-day exploit



RedHack hacker

Sign up for Updates



New Linux Rootkit Attacks Internet Users

Author : Mohit Kumar

on

12/02/2012 05:19:00 AM

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits.

About Rootkit : Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy. Based on research, the rootkit may have been created by a Russia-based attacker
1878
.

The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor’s PC or handheld. Security holes in web browsers, Java and Flash plugins and the underlying operating system are typical targets.

Security researcher Georg Wicherski said that the code does not seem to be a variant of a publicly available rootkit, but a result of “contract work of an intermediate programmer with no extensive kernel experience”. The malware is also likely to have been customized by the buyer, which introduced critical flaws.

The rootkit looks like a work in progress, and contains enough programming rough edges to mark it out as ‘in development’. The malware”s relatively large binary size of 500k, and the inclusion of debug code, is another giveaway that this might be a work in progress.

About Author:


Mohit Kumar
aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more Secure. Follow him @ Twitter | LinkedIn | |

Tags:

,

,

,

,

,

,

,

,

The content of – New Linux Rootkit Attacks Internet Users and other Information in this article is only for Educational Purpose, provided by various legit sources and deep analysis of our Security Research Team. Please feel free to Contact us. Thank You !
Older Post

Home

‘; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
} function showpageCount2(json) var thisUrl = home_page_url;
var htmlMap = new Array();
var isLablePage = thisUrl.indexOf(“/search/label/”)!=-1;
var thisLable = isLablePage ? thisUrl.substr(thisUrl.indexOf(“/search/label/”)+14,thisUrl.length) : “”;
thisLable = thisLable.indexOf(“?”)!=-1 ? thisLable.substr(0,thisLable.indexOf(“?”)) : thisLable;
var thisNum = 1;
var postNum=1;
var itemCount = 0;
var fFlag = 0;
var eFlag = 0;
var html= ”;
var upPageHtml =”;
var downPageHtml =”; var labelHtml = ‘

‘;
var thisUrl = home_page_url; htmlMap[htmlMap.length]=labelHtml;
postNum++; for(var i=pageCount-1, post; post = json.feed.entry[i]; i=i+pageCount)
var timestamp1 = post.published.$t.substring(0,19)+post.published.$t.substring(23,29);
timestamp = encodeURIComponent(timestamp1); var title = post.title.$t; if(thisUrl.indexOf(timestamp)!=-1 )
thisNum = postNum;
if(title!=”) postNum++;
htmlMap[htmlMap.length] = ‘/search/label/’+thisLable+’?updated-max=’+timestamp+’&max-results=’+pageCount; itemCount++;
} var banyaknomer = htmlMap.length;
if (json.feed.entry.length % pageCount == 0)
var banyaknomer = htmlMap.length -1 ;
postNum=postNum-1;
; for(var p =0;p=(thisNum-displayPageNum-1) && p

‘;
}else
upPageHtml = ‘

‘+ upPageWord +’

‘;
fFlag++;
} if(p==(thisNum-1))
html += ‘

‘+thisNum+’

‘;
else
if(p==0)
html = labelHtml+’1′;
else
html += ‘

‘+ (p+1) +’

‘;

} if(eFlag ==0 && p == thisNum)
downPageHtml = ‘

‘+ downPageWord +’

‘;
eFlag++;

}
} if(thisNum>1)
if(!isLablePage)
html = ”+upPageHtml+’ ‘+html +’ ‘;
else
html = ”+upPageHtml+’ ‘+html +’ ‘;

} html = ‘

Pages (‘+(postNum-1)+’)’+html; if(thisNum’; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
}

Loading

;

See original article: 

New Linux Rootkit Attacks Internet Users

Leave a Reply

Post Navigation

%d bloggers like this:
Donate Bitcoins: 14VqDxDzkhvktP5Q5ejnL4xJHARwbTpfDY
Buy VPN