Bkav experts discovered that Linux servers in Vietnam are at risk of being attacked to steal information and become botnets by a series of variants of the virus that once raged in China.
In October and November, receiving requests from businesses, Bkav experts scanned Linux servers and discovered many virus samples that were variants of the Elknot virus family. This is an ELF format virus, which is a binary file that runs on Linux operating systems.
The main behaviors of Elknot variants include: stealing information from the server they infect; taking control, executing remote commands from hackers, turning the server into a bot in a DDOS attack botnet.
To make it difficult to investigate and remove, the virus disguises itself and replaces system tools such as network tools (netstat, ss), process management tools (ps). In addition, the virus can also use many different methods to automatically start with the system.
To avoid being attacked by this malware, Bkav recommends: Administrators should immediately scan for viruses on servers and do so regularly; Enterprises should have policies or regulations on periodically assessing the security of public server services, updating new versions and patches for services running on servers; Use anti-virus software and network security solutions to ensure the safety of personal computers as well as systems in agencies, organizations, and businesses....
BA TAN
Source
Comment (0)