Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Windigo' Linux bot hijacks servers to feast on PCs behind sysadmins' backs

John E Dunn | March 20, 2014
The curious ‘Cdorked' Apache web server backdoor that alarmed admins a year ago was only one part of a larger 'Windigo' Linux-Unix botnet that has managed to hijack 26,000 Linux servers since 2011, security firm ESET has discovered.

Remediation? Servers affected by Windigo included those running Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture.

The answer was for admins to check their servers using the console command, $ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected", ESET said.

Anyone discovering an infection would have to wipe the affected system and re-install the OS. They should also consider using two-factor authentication in future.

"We realise that wiping your server and starting again from scratch is tough medicine, but if hackers have stolen or cracked your administrator credentials and had remote access to your servers, you cannot take any risks," said Lveill.

"Sadly, some of the victims we have been in touch with know that they are infected, but have done nothing to clean up their systems - potentially putting more internet users in the firing line."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.