Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 Linux malware threats 2016 - bots, backdoors, Trojans and malicious apps

John E Dunn | June 27, 2016
Malware attacking Linux systems is rare but when it appears it shouldn't be ignored

Linux doesn't get malware, right? Historically, by Windows standards, that has been true but as Linux-based servers have become the backbone of the Web, criminals have started targetting them like any other infrastructure. As nation state malware has ramped up, desktops have even faced rare attacks too. Linux is still diverse and difficult to penetrate, its user base mroe savvy. Unfortunately, public servers aren't always secured as well.

1. Hand of Thief Trojan - 2013

Hand of Thief Trojan - 2013
Image: Avast

Possibly the most significant desktop Linux malware of recent times, Hand of Thief was built to run on 15 Linux distros as a data and credential stealer. Discovered for sale on the Russian crime underground.

2. Jellyfish graphics card malware - 2015

Jellyfish graphics card malware - 2015
Image: iStock

Created by researchers as a proof-of-concept malware platform designed to highlight the possibility that malware could hide on or use GPUs. Not a new worrybut a neat implementation that offered a Linux rootkit and a Windows-based Remote Access Trojan.

3. 'HEUR' backdoor Java app - 2014

'HEUR' backdoor Java app - 2014
Image: Kaspersky Lab

A malicious Java application (which runs across Windows and Mac as well as Linux),this threat hit unpatched flaws on that platform with glee. Infected systems became part of an old-fashioned desktop DDoS bot.

4. Linux 'Mayhem' botnet - 2014

Linux 'Mayhem' botnet - 2014
Image: Yandex

Another Linux botnet but this time one found by Russian firm Yandex to be exploiting the Shellshock security flaw discovered in 2014. Patch your we servers.

5. Linux Chapro - 2012

Linux Chapro - 2012
Image: ESET

Essentially a malicious module designed to run under Apache web servers, Chapro injected compromised pages into those served by the infected system as a way of spreading malware such as banking Trojans.

6. IPtables botnet - 2014

IPtables botnet - 2014
Image: Akamai

Typical of the modern threat to Linux servers, the hard-to-detect Iptables attacks Apache servers to add them to its DDoS botnet. Akamai reckoned this bot and its Linux slaves was used in major attacks during the year.

7. Wirenet Trojan - 2012

Wirenet Trojan - 2012
Image: Webroot

Unusual for infecting Linux as well as Mac, Linux and even Solaris desktops, Wirenet was designed to steal passwords, probably as part of highly-targeted attacks. Non mainstream, perhaps, but a warning about the potential of cross-platform malware.

8. Spike toolkit - 2014

Spike toolkit - 2014
Image: Akamai


1  2  Next Page 

Sign up for CIO Asia eNewsletters.