A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #26838  by tWiCe
 Tue Sep 29, 2015 10:00 am
news: http://news.drweb.com/show/?i=9625&c=5&lng=en&p=0

tech details:
Linux.Ellipsis.1 http://vms.drweb.com/virus/?i=7568733
Linux.Ellipsis.2 http://vms.drweb.com/virus/?i=7568721

To make it short, both trojans are distributed via SSH brute-force attack. First trojan has type of trojan-proxy, the latter one is a SSH brute-forcer.

Already hacked devices are used as proxy in process of infecting new devices (ie you won't see a real attacker's IP in your logs, like it happens with ChinaZ).

Samples @ attach.

https://www.virustotal.com/ru/file/90da ... /analysis/
https://www.virustotal.com/ru/file/d9e6 ... /analysis/
https://www.virustotal.com/ru/file/526e ... /analysis/
https://www.virustotal.com/ru/file/f609 ... /analysis/
Attachments
infected
(805.75 KiB) Downloaded 59 times