Symantec Reveals that Cybercriminals Employ New Linux Trojan to Embezzle Data

Security researchers of well-known security firm 'Symantec' have identified a cyber-criminal operation which relies on a new-fangled Linux backdoor, nicknamed Linux.Fokirtor, to embezzle data without being discovered.

An assault in which Linux Trojan was employed was done in May this year against a huge hosting provider. The cyber-criminals got access to passwords, usernames, email ids, and also financial information.

The scammers have used a Linux Trojan which conceals inner server processes like Secure Shell (SSH) as suspicious traffic or files would have immediately prompted a security review.

The threat infuses its' own-self into a procedure and supervises traffic for assured character sequences instead of opening network sockets or communicating with command and control (C&C) servers.

The commands are then encrypted and after that encoded.

The assaulter could then make usual connection wishes through SSH or additional protocols and merely embeds this clandestine sequence inside some genuine traffic to shun detection and the commands will be executed with the attacker receiving the result. This backdoor code is not similar to any other Linux backdoor that has been analyzed before.

The disjointed file is a library that's shared and emerges to clasp many functions and an activated code, following actions can be performed by it: executing any command submitted by attacker, executing one of many pre-configured commands and retrieval of output from those commands, retrieving the subsequent data from individual SSH connection which is connecting hostname, IP address, port, username, password or SSH key. Encrypt embezzle data or command results employing blowfish and later sending them to the attacker.

To spot the existence of this backdoor on your computer's network, lookout for traffic which has the ':!;.' string (without quotes). Traffic having this string shall not show in SSH logs. An additional method of identification is to leave the SSHD (Solid State Hybrid Drive) procedure and look for certain strings.

On a concluding note, security experts at Symantec advise users' to install the latest version of anti-virus software on their computers to mitigate the chances of being victimized by this malware known as Linux.Fokirtor being distributed by the nefarious cyber crooks.

» SPAMfighter News - 11/26/2013