- Jan 24, 2011
- 9,378
After being bombarded with new malware towards the end of last year, the Linux ecosystem is rocked again by the discovery of a new trojan family, identified by security researchers as Linux.BackDoor.Xudp.
The only detail that matters is that this new threat does not leverage automated scripts, vulnerabilities, or brute-force attacks to infect users and still relies on good ol' user stupidity in order to survive.
The infection scenario is simple, with users downloading malicious packages or applications from the Internet, and then giving them root privileges during the installation.
Linux.BackDoor.Xudp is installed via Linux.Downloader
Xudp is not distributed directly, but crooks lace these malicious packages with another malware called Linux.Downloader. This is what the infosec community calls a payload downloader, malware that's small enough to fit inside other apps, tasked only with downloading other malware.
In this particular case, after the user gives root privileges to an app laced with Linux.Downloader (version 77), this trojan will download an upgraded version of itself (version 116), which includes more features needed during Xudp's installation.
Version 116 will download and install Xudp in the "/lib/.socket1" or /lib/.loves" folders, add Xudp to the system's autorun scripts, and also wipe clean the local iptables firewall, if in use.
Read more: Linux Computers Targeted by New Backdoor and DDoS Trojan
The only detail that matters is that this new threat does not leverage automated scripts, vulnerabilities, or brute-force attacks to infect users and still relies on good ol' user stupidity in order to survive.
The infection scenario is simple, with users downloading malicious packages or applications from the Internet, and then giving them root privileges during the installation.
Linux.BackDoor.Xudp is installed via Linux.Downloader
Xudp is not distributed directly, but crooks lace these malicious packages with another malware called Linux.Downloader. This is what the infosec community calls a payload downloader, malware that's small enough to fit inside other apps, tasked only with downloading other malware.
In this particular case, after the user gives root privileges to an app laced with Linux.Downloader (version 77), this trojan will download an upgraded version of itself (version 116), which includes more features needed during Xudp's installation.
Version 116 will download and install Xudp in the "/lib/.socket1" or /lib/.loves" folders, add Xudp to the system's autorun scripts, and also wipe clean the local iptables firewall, if in use.
Read more: Linux Computers Targeted by New Backdoor and DDoS Trojan