Linux.Mirai is a new Trojan recently found to be at fault for DdoS attacks. The malware was first registered in May, 2016, when it was detected by Dr. Web. Back then, it was added to the company’s virus databases under the name Linux.DDoS.87. The Trojan is compatible with SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.
The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.
Linux.Mirai searches the memory for the processes of other Trojans and terminates them upon its launch. The Trojan then creates a .shinigami file in its folder and verifies its presence regularly to bypass terminating itself. The malware is also designed to connect to a command & control server for further instructions.
If any instructions say so, the Trojan can launch UDP flood, UDP flood over GRE, DNS flood, TCP flood (several types), and HTTP flood DDoS attacks, SC Magazine reports.
Dr. Web researchers recommend users to run a full scan of all disk partitions to prevent the Trojan from infecting them.