Sophos is warning Linux users of the importance of properly securing their systems, following findings that a long-established threat, known as Linux/Rst-B, is still infecting computers and servers, says Brett Myroff, CEO of Sophos distributor Netxactics.
"Analysis of malware in Sophos's Linux honey-pots has shown almost 70% of the infections are due to this six-year-old malicious program. A detection tool is, however, freely available from Sophos to help Linux users find out whether they are unwittingly infected with this virus."
Myroff says Linux servers are very valuable to hackers. "Servers, by their nature, are rarely turned off and often found to be running no or insufficient protection against malware attacks. This makes the Linux systems ideal candidates for the role of controller in a botnet - the central control point when creating and managing an army of infected computers, known as bots or zombies," he explains.
Dropping malware
This week's roundup of low to medium threats includes the W32/Alman-E virus, which is affecting Windows users, says Myroff. "It is spreading via network shares and infected files. Its main side-effect includes dropping more malware."
W32/Alman-E is a DLL component helper virus for the Windows platform, Myroff adds.
"Also affecting Windows users is the Troj/Inject-CC Trojan. It predominantly downloads code from the Internet."
When run, Troj/Inject-CC injects code into a running instance of svchost.exe. The injected code downloads additional malware. Once the victimised instance of svchost.exe has finished the download, Troj/Inject-CC then runs the new malware, Myroff explains.
"The Troj/Dload-BL Trojan is also making the rounds and downloads code from the Internet."
Furthermore, says Myroff, the JS/DwnLdr-HBA has also been noted and is a Javascript Trojan for the Windows platform. It contains functionality to download files from a remote computer via HTTP.
"Where Linux systems are most often found to be running as a server, Windows machines are more frequently used at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal as bots or zombies," Myroff says.
"The number of malware in existence is around 350 000, and while only a small number of these targets Linux, it seems as though hackers are taking advantage of this false sense of security.
"Information on the Linux/Rst-B detection tool is available on the SophosLabs blog. Sophos underlines that running the detection tool will only detect versions of Linux/Rst-B," Myroff concludes.
Share