Linux.Encoder Authors Couldn’t Correctly Disguise Encryption Key

Renowned Security Software Company in Russia named Doctor Web happened to be first to detect as well as report one wholly working ransomware Trojan created to infect Linux computers. A sample named Linux.Encoder.1 recently showed quite resembling activity with the notorious CryptoWall ransomware. Fifty percent of the widely used AV engines of VirusTotal could not recognize the sample which broke new ground during the Linux domain. The malware chiefly concentrated on hijacking computers using Web servers as also encrypted critical folders utilized during Web-hosting as well as within Web-development ambience.

The security company declared that it had detected one weakness within Linux.Encoder.1 that tried to encrypt and lock data files. The Trojan's creators reportedly abuse security flaws within WordPress that are yet to receive patches. This exploitation is done through intermediate plug-ins, the Magento CMS of eBay, and shopping cart mechanisms.

According to Internet search results obtained via Google search engine, the malady has attacked around 3,000 websites as of 15th November 2015. There is substantial danger from the Trojan to people owning Internet resources since plentiful profusely utilized CMS software have yet-to-be-patched security flaws. Besides, a few website admins don't pay attention to routine CMS updates which are critical security-wise. BusinessComputingWorld posted this, January 5, 2016.

To run the Linux.Encoder.1 ransomware, a collection of www-data rights same as those of Apache is required. As a result, it encodes any object inside the write-accessed directories created on target user's computer. In particular, this implies Linux.Encoder has enough liberty for encoding CMS modules and folders.

For getting around this hurdle, however, Linux.Encoder searches for archives/directories which have 'Backup' as one word in their names, and then attacks them. Naturally it's recommended that users maintain regular backup of their data onto an offline storage or remote server.

Luckily, the ransom Trojan attacking Linux servers failed to work, thanks to security experts' laudable efforts. The fact was that Linux.Encoder.1 creators couldn't correctly apply the encryption algorithms.

However, secure random codes got generated from the ransomware with the aid of a hashing utility for disguising 'end modification' time-value of the files. Encouragingly, BitDefender provides the Linux.Encoder decryption code for free.

» SPAMfighter News - 1/8/2016