A new Linux backdoor botnet agent is fortunately only half-baked. From the article:
[Russian malware writers] have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.
The backdoor, dubbed Dklkt-1 was designed to be a cross-platform nasty capable of infecting both Windows and Linux machines.
Cyber-criminals planned to equip the program with a large number of functions typical of SOCKS proxy servers, remote shells, file managers, and so on.
However, at the moment, the malware ignores the majority of incoming commands due to programming mistakes.
If successfully planted, the malware tries to register itself in the system as a daemon (system service). Thereafter it uses LZO compression and the Blowfish encryption algorithm to chat to command and control servers. Every packet contains a checksum, so that the recipient could verify data integrity.
Dklkt-1 waits for incoming commands that can include launching a DDoS attack, starting SOCKS proxy server, running a specified application, rebooting the computer, or turning it off. Other commands are either ignored or processed incorrectly.
(Score: 0) by Anonymous Coward on Wednesday July 29 2015, @11:24PM
Whenever details are released about Linux malware, the vector is usually (or maybe always) stupid/horrible passwords on a public ssh listener. Amazing how many idiots are "admining" systems.
Not using pubkey? Your fired.
If it were a real exploit, it would have a name, and MS would have sent press releases to all the media by now.
(Score: 0) by Anonymous Coward on Thursday July 30 2015, @02:04AM
Indeed. And when somebody talks about Linux backdoor, you know you're being taken for the ride. Either you're in an alternative reality or talking some wishful thinking NSA hotshot. As in there is no such thing.
Zero bits of usable info, in the summary at least.