New rootkit against servers on Linux
Malicious software directed against servers running Linux allows an attacker to inject his code into any page located on an infected server (including error pages).
There is a perception among specialists that the rootkit has been sharpened specifically for servers managed by the 64-bit version of Debian Squeeze and Nginx.
An analysis of the rootkit has shown that it inserts the HTML IFRAME onto each page from the infected server, replacing the code that creates TCP / IP packets (tcp_sendmsg) with its own.
')
A rootkit identified by Kaspersky Lab as Rootkit.Linux.Snasko.a is considered a novelty. Since it infects the entire server, and not any specific pages, it can affect the operation of tens and hundreds of sites, infecting, for example, the server hosting provider.
According to a specialist from Crowdstrike , the rootkit was most likely created by a Russian hacker who didn’t have much experience. At the same time, the expert adds that such a rootkit can be successfully used in cases when it is necessary to make an attack on any target audience and leave almost no traces.
via
There is a perception among specialists that the rootkit has been sharpened specifically for servers managed by the 64-bit version of Debian Squeeze and Nginx.
An analysis of the rootkit has shown that it inserts the HTML IFRAME onto each page from the infected server, replacing the code that creates TCP / IP packets (tcp_sendmsg) with its own.
')
A rootkit identified by Kaspersky Lab as Rootkit.Linux.Snasko.a is considered a novelty. Since it infects the entire server, and not any specific pages, it can affect the operation of tens and hundreds of sites, infecting, for example, the server hosting provider.
According to a specialist from Crowdstrike , the rootkit was most likely created by a Russian hacker who didn’t have much experience. At the same time, the expert adds that such a rootkit can be successfully used in cases when it is necessary to make an attack on any target audience and leave almost no traces.
via
Source: https://habr.com/ru/post/159757/
All Articles