(credit: Jeremy Brooks) A stealthy backdoor undetected by antimalware providers is giving unknown attackers complete control over at least 100 Linux servers that appear to be used in business production environments, warn researchers. In a blog post published Wednesday, Montreal-based GoSecure claimed that a piece of malware dubbed “Chaos” is infecting poorly secured systems by guessing weak passwords protecting secure shell application administrators use to remotely control Unix-based computers. The secure shell, or SSH, accounts being compromised run as root, and this is how the backdoor is able to get such access as well. Normally, firewalls in front of servers block such backdoors from communicating with the outside Internet. Once installed, Chaos bypasses those protections by using what’s known as a “raw socket” to covertly monitor all data sent over the network. “With Chaos using a raw socket, the backdoor can be triggered on ports running an existing legitimate service,” Sebastian Feldmann, a master’s degree student intern working for GoSecure, wrote. “As an example, a Webserver that would only expose SSH (22), HTTP (80), and HTTPS (443) would not be reachable via a traditional backdoor due to the fact that those services are in use, but with Chaos it becomes possible.” Read 5 remaining paragraphs | Comments Source: https://arstechnica.com/?p=1261143 Tags: > Tech and Science | #ScienceTech, #pch3lp, #TechNews, Hacking | #Hacked, Malware Alert | #Malware, news, pch3lp, Linux | #Linux, PCH3lp, TechNews
Original Post: https://droolindog.net/2018/02/16/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/
Original Post: https://droolindog.net/2018/02/16/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/
No comments:
Post a Comment