In October and November, receiving requests from businesses, Bkav experts scanned Linux servers and discovered many virus samples that were variants of the Elknot virus family. This is an ELF format virus, which is a binary file that runs on Linux operating systems.
Linux servers have just detected many virus samples that are variants of the Elknot virus family.
The main behaviors of Elknot variants include: stealing information from the server they infect; taking control, executing remote commands of hackers, turning the server into a bot in a DDOS attack botnet.
To make it difficult to investigate and remove, the virus disguises itself and replaces system tools such as network tools (netstat, ss), process management tools (ps). In addition, the virus can also use many different methods to automatically start with the system.
To avoid being attacked by this malware, Bkav recommends:
- Administrators should immediately scan servers for viruses and do so regularly.
- Enterprises need to have policies or regulations on periodically assessing the security of publicly running server services, updating new versions and patches for services running on the server.
- Use anti-virus software and network security solutions to ensure the safety of personal computers as well as systems in agencies, organizations and businesses.
Source link
Comment (0)