Casa > cibernético Notícias > More Details on Linux Malware by Google’s VirusTotal

Mais detalhes sobre Linux Malware por VirusTotal do Google

The surge of Linux infecting malware has caught the eye of VirusTotal – a tool designed for malware hunters owned by Google. The VirusTotal database is a Must-Have for any security researcher who wants to be aware of the top malware threats on the market.

VirusTotal can be used by anyone who wants to see if the major antivirus products detect a suspicious file uploaded in the tool. Naturalmente, the product is intended for use by security researchers and analysts, mas, infelizmente, black hat hackers have been enjoying its perks lately. It was shortly discovered that cyber criminals have been testing their malware against antivirus programs before they start releasing it in the wild.

While VirusTotal can provide details about numerous malicious files that can compromise Windows, the tool does not maintain information about Linux malware, probably because it is not that common. All it can offer in such cases is basic information about the separate sample files for Linux. Additional data that is usually provided for Windows lacks.

This might have been all right in the past, but in the recent years a new type of Linux malware aiming for vulnerable servers has been designed.

Previous AttacksOperation Mayhem

Operation Mayhem was one of the most popular attacks targeting *nix servers (Unix and Linux). A previous attack used Linux Cdorked malware to distribute Windows malware to web servers.

Probably because of the insufficient information antivirus companies responded too slowly to Linux malware samples. Na maioria dos casos, the samples were submitted in the form of ELF files.

Recently the amount of the submitted ELF files is growing. In only one week over 35 000 suspicious files were submitted to VirusTotal. For comparison – the number of the Microsoft Word files for the same period is 44 000.

The issues with the web tool for Linux malware will be addressed as soon as possible. “Even though the popularity of the Windows OS among average end-user systems has meant that attackers have mostly focused on developing malware for Windows systems, ELF badness is a growing concern,” a representative of the company wrote on Tuesday.

Researchers with the Malware Must Die have discovered most of the malicious ELF files in the last two years. They have also provided detailed information about the Linux malware exploiting the Shellshock vulnerability in Bash, and the first ones who spotted Mayhem.

Additional information about malicious ELF files would raise the detection rates among the producers of antivirus products. “The Ukraine/Russia-based Mayhem and the cDorked ELF malware were all having very low detection rates among antivirus engines,” said the company’s spokesman.

Neste ponto, the malware was detected only by four AV programs. After ELF- awareness had been raised, 15 para 20 antivirus products started recognizing it.

Recentemente, a group of Chinese hacker is suspected to use ELF malware in campaigns targeting web servers to launch DDoS attacks.

More Details on Linux Malware by Google's VirusTotal


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar