The IT security researchers at Russian firm Doctor Web have discovered yet another trojan that is specifically developed to target Linux-based devices and conduct Distributed Denial of Service (DDoS) attacks.
Dubbed Linux.Mirai by researchers; the trojan works with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.
An important fact about Linux.Mirai is that it was previously found by Doctor Web in May 2016 under the name of Linux.DDoS.87. It has similar features as Linux.BackDoor.Fgt, a backdoor that was found infecting Linux operating system back in 2014. But Linux.DDoS.87 targets Linux operating system by killing old and existing trojans. In order to avoid removing itself, the trojan creates a file named .shinigami, (Shinigami means “god of death” or “death spirit” in the Japanese language), in its folder and check its presence time by time.
Furthermore, the trojan connects back to a command-and-control server to get more instructions and also sends the MAC addresses and the architecture of the infected system. If commanded to run a DDoS it can launch attacks like UDP flood; UDP flood over GRE; DNS flood; TCP flood (several types); HTTP flood.
Submitted by: Arnfried Walbrecht