THis "can be said" as a new ELF malware. A DDoSer, encrypted (w/Xor) in comm. It looks like originated from China.
This malware is spotted in a well-thought infection scheme, I posted here: http://blog.malwaremustdie.org/2014/09/ ... a-elf.html
Sample is in VT here: https://www.virustotal.com/en/file/834e ... 411743709/
For the code used, as per sources, looks new design. But for the general works, it adapts IptabLes and AES.DDoS.
But this variant has specific XOR used.
So in the mean time I called it Linux/Xor.DDoS, some people will make their own name anyway.
Feel free to improve thread with analysis, new findings or opinion, thats related to the ELF malware used, PS: not the hack scheme used please.
Our MMD mates were dissecting the codes while I did the binary and checking overall scheme. Threat is up and alive, many things has to be shutdown in this scheme.
Rgds
This malware is spotted in a well-thought infection scheme, I posted here: http://blog.malwaremustdie.org/2014/09/ ... a-elf.html
Sample is in VT here: https://www.virustotal.com/en/file/834e ... 411743709/
For the code used, as per sources, looks new design. But for the general works, it adapts IptabLes and AES.DDoS.
But this variant has specific XOR used.
So in the mean time I called it Linux/Xor.DDoS, some people will make their own name anyway.
Feel free to improve thread with analysis, new findings or opinion, thats related to the ELF malware used, PS: not the hack scheme used please.
Our MMD mates were dissecting the codes while I did the binary and checking overall scheme. Threat is up and alive, many things has to be shutdown in this scheme.
Rgds
Attachments
7z/infected
(229.04 KiB) Downloaded 149 times
(229.04 KiB) Downloaded 149 times