A new Linux backdoor botnet agent is fortunately only half-baked. From the article:
[Russian malware writers] have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.
The backdoor, dubbed Dklkt-1 was designed to be a cross-platform nasty capable of infecting both Windows and Linux machines.
Cyber-criminals planned to equip the program with a large number of functions typical of SOCKS proxy servers, remote shells, file managers, and so on.
However, at the moment, the malware ignores the majority of incoming commands due to programming mistakes.
If successfully planted, the malware tries to register itself in the system as a daemon (system service). Thereafter it uses LZO compression and the Blowfish encryption algorithm to chat to command and control servers. Every packet contains a checksum, so that the recipient could verify data integrity.
Dklkt-1 waits for incoming commands that can include launching a DDoS attack, starting SOCKS proxy server, running a specified application, rebooting the computer, or turning it off. Other commands are either ignored or processed incorrectly.
(Score: 1) by anubi on Thursday July 30 2015, @03:50AM
And, by running it, you also have a significant probability that this will actually infect your system with it.
Thousands of Windows system users have already found out that software that purports to fix one's system often IS the problem!
Just because you paid for it does not make it legit.
Street cred ( MalwareBytes, for example ) is a lot more trustworthy than some flashy web page from some unknown. Even more risky if it wants a credit card number.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]