Linux users have yet another trojan to worry about, and as always, crooks are deploying it mostly to hijack devices running Linux-based operating systems and use them to launch DDoS attacks at their behest.
Dr.Web security researchers, the ones who have discovered this threat, say the trojan seems to infect Linux machines via the Shellshock vulnerability, still unpatched in a large number of devices.
The trojan, going by the generic name of Linux.DDoS.93, will first and foremost modify the /var/run/dhcpclient-eth0.pid file in such a way that its process is started with every computer boot. If the file doesn’t exist, the trojan will create it itself.
Once the trojan is initiated after a boot-up, it operates using two processes. One is used to talk to the C&C server, while the second makes sure the trojan’s parent process is always up and running.
When the attacker in control of the trojan’s botnet issues an attack command, the trojan launches 25 child processes that carry out the DDoS attack.
Submitted by: Arnfried Walbrecht