The new threat in Linux operating system can have 'incalculable' consequences.

A new virus that appears to attack a Linux system, called Linux / Shishiga, could become a major security threat.

The new threat in Linux operating system can have 'incalculable' consequences.

A new virus that appears to attack a Linux system, called "Linux / Shishiga", could become a major security threat.

On Tuesday, security company Eset revealed the threat, it is a new Lua group, but has nothing to do with the previously known type of LuaBot.

Summary of the most frightening "virus worms" on computer systems

On an online post, engineer Michal Malik and security company Eset said: Linux / Shishiga uses four different protocols - SSH, Telnet, HTTP, BitTorrent - and Lua scripts for modules.

Cyphort senior director Nick Bilogorskiy said: "Lua is the programming language selected by the APT manufacturer . "

The new threat in Linux operating system can have 'incalculable' consequences. Picture 1

According to Cyphort discovered and for LinuxInsider good: Lua is used for Flame and EvilBunny.

Lua is a programming language characterized by its compactness and embedded nature, which turns Lua into an effective system programming language. It supports procedural programming, object-oriented programming, functional-oriented programming, data-driven programming and data description.

Jacob Ansari - PCI Director at Schellman & Company said: "Although this type of malware does not break any security holes, it will refine some existing techniques that it" borrowed. "from other malicious software."

Jacob / Ansari said: "Linux / Shishiga uses a series of modules in a scripting language called 'Lua', which gives it a more flexible design . " It is very likely that variants of this code and many other interesting capabilities will spread by designing this module.

You can consult: How to install and use Kali Linux on VmWare virtual machine

So what does Linux / Shishiga do?

Linux / Shishiga targeted GNU / Linux systems using a common type of infection based on Brute-force technology applied to built-in password lists. This technique is a kind of continuous error proofing on certain login sections, often using the password libraries available to automatically log in until successful. Because it is based on Brute-fore, the malware also uses the password list to try different types of passwords in order to try to access the system. This is the same approach that malicious software that Linux / Moose uses with the added ability of Brute-forcing attack.

If compared, Linux / Moose is a group of malware primarily targeting Linux-based routers, cable and DSL modems as well as other embedded computers. When poisoned, compromised devices were used by hackers to steal unencrypted network traffic and provide proxies for bonet operators.

Eset has found a number of Linux / Shishiga (binary) pairs for different architectures, including MIPS (both big-endian and little-endian), ARM (armv4l), i686 and PowerPC, commonly used in IoT devices. Other structures like SPARC, SH-4 or m68k can also be supported.

Details about Shishiga

The new threat in Linux operating system can have 'incalculable' consequences. Picture 2

Linux / Shishiga is a closed duo with UPX (Ultimate Packer Executable) 3.91. The UPX tool may have trouble extracting by Shishiga adding data at the end of compressed files. After extracting, it is statically linked to the Lua runtime library and removes all traces.

Mr. Malik and his colleagues have noticed some minor changes such as parts of some modules that have been rewritten, other modules being checked are added and backup files have been deleted. They also acknowledge, all these changes are not really remarkable.

Mr. Malik and his team also added: The main function of the server.lua module is to create an HTTP server with the port defined in config.lua as port 8888. The server only responds to requests / info and / upload.

" The combination of using scripting language and linking it to the Lua interpreter library is very interesting." Mr. Mounir Hahad - Senior director at Cyphort's laboratory said.

He told LinuxInsider: " This means the authors have chosen Lua as a scripting language for ease of use, or to get code from another malware group, then adjust it for each structure. specifically by linking static to Lua library ".

Differences of Linux / Shishiga

According to Malik and Eset's researchers: Despite the striking resemblance to LuaBot's versions that were spread on Telnet and SSH, Linux / Shishiga is still different. It uses BitTorrent protocol and Lua module.

Hahad said: "Unlike the malware Mirai of IoT is aimed at default information on IoT devices, this Brute-force attack technique targets attacks on protected Linux computers. by weak password ".

He also pointed out: "Normally, Linux users are quite knowledgeable and will not use such passwords for their registration activities. Therefore, it is not sure if this malware can spread widely. cobble."

Eset researchers have warned that the number of victims is currently low, but may increase in the future.

The new threat in Linux operating system can have 'incalculable' consequences. Picture 3

According to Mr. Ansari of Schellman & Company: This is likely to happen. This new malware exploits default or easy-to-guess passwords for Linux systems, usually via Telnet or SSH.

Keep safe

Mr. Vikram Kapoor, chief technology officer at Lacework, noted: Most Linux machines are running in data centers or embedded in IoT devices. And Shishiga seems to have been created to target those data centers and IoT devices.

Mr. Kapoor said: IoT devices are easily attacked by Brute-force technology via SSH / Telnet because there are too many default passwords. In addition, data centers are lucrative targets and if hackers successfully use Shishiga to attack data centers, businesses will have difficulty finding their traces unless they There are several solutions, such as VM activity analysis and east-west traffic (traffic from server to server).

Malik and team Eset suggested: To prevent your device from being infected by Shishiga and similar viruses, you should not use the default Telnet and SSH login information.

According to Ansari, fighting this malware requires modifying the administrator password, especially for the forgotten users who are hidden in the corners of the system. In order to combat this kind of threat, there is a need for extensive protection measures that security personnel have mentioned many times: positive recovery, careful consideration of data logs, file search, process Suspicious and strict inspection of feedback.

10 things to keep in mind when switching to Linux mobile operating system
because it is an important component of the android operating system (os), linux is still very important to the mobile world. however, while android uses the linux kernel, it is just a linux distribution, but linux for mobile devices offers a completely different experience. find out why using a linux mobile phone is a great option, as well as a downside when switching from your favorite mobile operating system to this operating system.
Compare the most popular Linux distributions today
it can be said that linux is not a complete operating system, it is just a kernel operating system, which is the foundation for developing other operating systems.
12 best Linux server operating systems
although linux operating systems provide a great desktop environment, linux can also successfully complete the task of a server. linux often provides advanced permissions, increasing flexibility and stability.
Instructions for installing Linux operating system on Chromebook
linux operating system is becoming very popular because of its amazing performance as well as many features in this compact operating system. and above all, this operating system is completely free. now the problem that confuses users is how to install linux chromebook. please follow the instructions later.
Is Linux the operating system or the kernel?
one of the questions you will probably find on most tech forums is whether linux is the operating system or the kernel. even for some proficient linux users, this question can be relatively difficult to answer.
Compare 4 current TV operating systems
up to now, you only pay attention to the operating system on the phone and the computer but forget the operating system on the tv. refer to our article for more information, the advantages and disadvantages of the 4 current tv operating systems!
How to Install Linux Mint Operating System
linux mint is a linux operating system distribution that is becoming increasingly popular quickly, largely because of its ease of use and simplicity, neat interface, and friendliness to windows operating system users who want to change their operating systems. change the air. like most other linux distributions, because this is a free distribution, you can install it as many times as you want on as many devices as you want. over the years, the process of installing linux has become much simpler than before, even simpler than installing the windows operating system. read on to learn how to install and use linux mint.
10 reasons to switch to Linux right in 2012
some people 'denigrate' the diversity of linux to cause fragmentation problems, but in fact this is one of the best strengths of linux. users have numerous linux distributions (distros) to choose from, whether it's mint or ubuntu, which is top-notch, or fedora with a variety of features for businesses and especially security.
28 interesting facts about Linux
linux is a computer operating system and is also the kernel name of the operating system. it is probably the most famous example of the concept of free software and of open source development.
8 best lightweight operating systems for Raspberry Pi
the operating system for the pi must be compact, so many of the features commonly found in the linux desktop are not required on the raspberry pi.
Some basic Terminal commands in Linux Mint 11
in the following article, we will show you some basic terminal command syntax that is widely and widely used in linux mint 11. however, just like the open source operating system versions. previously, they were very difficult to use and could have unfortunate consequences if the user did not grasp the basic concepts.
Interesting operating systems may be unknown to you
in addition to the usual operating systems such as windows, mac os or linux, there are many other operating systems suitable for many different uses. here are 8 interesting operating systems that you may not know yet.