A New Linux malware strain could morph into serious threat
A new strain of malware that has been targeting Linux system is now being called as “ Linux/Shishiga” could pose as a dangerous security threat. The Eset disclosed about the threat that belongs to a new Lua family that has previously been overlooked on LuaBot malware.
The Linux/Shishiga uses four different protocols namely SSH, Telnet, HTTP and BitTorrent and Lua scripts for modularity says Detection Engineer Michal Malik, and Eset research team.
For those who don’ t know what is Lua? The Lua is a programming language characterized by its lightweight, embeddable nature scripting language. It supports procedural programming, object-oriented programming, functional programming, and data description.
The Linux/Shishiga uses the modules in the Lua language to make the malware more flexible. And it uses the brute force attack on weak credentials to get to the password list and uses the variety of different passwords to gain access.
The Shishiga is a binary packed with ultimate packer for executables (UPX) that has Shishiga adding data at the end of the packed file. After unpacking, it is linked to the Lua runtime library. It also combines the usage of Lua scripting language and linking it to Lua interpreter library.
" This means the authors either chose Lua as a scripting language for its ease of use," Malik said, " or inherited the code from another malware family, then decided to tailor it for each of the targeted architecture by linking statically the Lua library."
Despite the threat loomed in the air, the numbers of affected users were low and it clearly indicates that the work is still in progress. Eset warned the users that the count could increase rapidly and to stay vigilant at all times. Since it is using brute force attack on weak passwords, changing the passwords frequently could up the security against Shishiga.
To further barricade against this threat, especially if it is a data center, the users are warned not to use default Telnet and SSH credentials. According to Ansari, PCI/payments director at Schellman and company, " Defending against this category of threat requires the kind of defense in depth that security people have been talking about for a long time: aggressive patching, carefully reviewing log data, looking for suspicious files or processes, and rigorously tested incident response."
Even though these are now largely stored in the cloud rather than on your hard drive, they are still vendor specific for the most part.
Thus, one company may have identified a threat that another has missed.
The chances of a reputable company not having a signature for a new piece of malware for any length of time is slim but it does happen in the short-term.
I’ve downloaded a new a
Manually run an in-depth scan on a regular basis, maybe once a week, or use the functionality of the antivirus program itself to schedule a detailed scan, perhaps at a time when you are away from the machine
Checking that the program is fully up to date. This should happen automatically but I would advise confirming that all updates have been downloaded and installed from time to time
How it does that will be dependent upon which program you have installed but, in general, most security software will try and move suspicious files into a quarantine area to swiftly eliminate the risk of an infection spreading. Once there, the software will probably give you the option of trying to remove the infection or just deleting it altogether.
That’s not to say free antivirus programs should be dismissed out of hand though – some are actually very good and may well be sufficient for some people.
In terms of independent testing, AV-Test.org results over a period of time show that free antivirus programs do, on the whole, score lower than the paid-for alternatives in the marketplace and our own experience has taught us that free programs also tend to suffer from a lack of additional features, less than stellar support, an obsession with up-selling, or a combination of all three.