• No events
AEC v1.0.4

Cyber Security Info

Windigo – a large scale Linux botnet uncovered by Eset

March 19, 2014

Share Button

Eset in cooperation with other partners had undertaken a lot of analytic work to uncover a large-scale botnet affecting primarily Linux servers. The signs of the botnet Windigo were first dicovered in 2011 in connection with malware called Ebury which serves as an OpenSSH backdoor and stealer of admins’ credentials. However, Eset discovered that once a Linux server is compromised by Ebury, it not only steals credentials but also installs a variety of other malware. Linux/Cdorked serves to spread a Windows malware Win32/Boaxxe.G and Win32/Glubteta.M used for click fraud and spreading spam; Linux Onimiki used to infect DNS servers; and Perl/Calfbot used to distribute spam. The Windigo managed to infect over 26,000 Linux servers since 2011 with 10,000 still infected. The number of end-users infected with Windows or Python malware is not known, however it is supposed to be large since more than 1 million users wisited daily one of several proxy users used by the Linux/Cdorked malware.

Share Button