news: http://news.drweb.com/show/?i=9625&c=5&lng=en&p=0
tech details:
Linux.Ellipsis.1 http://vms.drweb.com/virus/?i=7568733
Linux.Ellipsis.2 http://vms.drweb.com/virus/?i=7568721
To make it short, both trojans are distributed via SSH brute-force attack. First trojan has type of trojan-proxy, the latter one is a SSH brute-forcer.
Already hacked devices are used as proxy in process of infecting new devices (ie you won't see a real attacker's IP in your logs, like it happens with ChinaZ).
Samples @ attach.
https://www.virustotal.com/ru/file/90da ... /analysis/
https://www.virustotal.com/ru/file/d9e6 ... /analysis/
https://www.virustotal.com/ru/file/526e ... /analysis/
https://www.virustotal.com/ru/file/f609 ... /analysis/
tech details:
Linux.Ellipsis.1 http://vms.drweb.com/virus/?i=7568733
Linux.Ellipsis.2 http://vms.drweb.com/virus/?i=7568721
To make it short, both trojans are distributed via SSH brute-force attack. First trojan has type of trojan-proxy, the latter one is a SSH brute-forcer.
Already hacked devices are used as proxy in process of infecting new devices (ie you won't see a real attacker's IP in your logs, like it happens with ChinaZ).
Samples @ attach.
https://www.virustotal.com/ru/file/90da ... /analysis/
https://www.virustotal.com/ru/file/d9e6 ... /analysis/
https://www.virustotal.com/ru/file/526e ... /analysis/
https://www.virustotal.com/ru/file/f609 ... /analysis/
Attachments
infected
(805.75 KiB) Downloaded 59 times
(805.75 KiB) Downloaded 59 times
