nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Hackers uncork experimental Linux-targeting malware

SSH... it's Shishiga

By John Leyden, 25 Apr 2017

Hackers have unleashed a new malware strain that targets Linux-based systems.

The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) and Lua scripts for modularity, according to an analysis of the nasty by security researchers at ESET.

Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack, a common hacker tactic. A built-in password list allows the malware to try a variety of different passwords to see if any allow it in.

The latest Linux-system targeting nasty could still evolve and become more widespread, but the low number of victims, together with the constant addition, removal, and modification of the components, code comments and even debug information, clearly indicate that it’s a work in progress, according to ESET.

Shishiga is similar to other recent nasties in abusing weak Telnet and SSH credentials, but the usage of the BitTorrent protocol and Lua modules separates it from the herd, according to ESET.

Eset advises that "to prevent your devices from being infected by Shishiga and similar worms, you should not use default Telnet and SSH credentials." ®

The Register - Independent news and views for the tech community. Part of Situation Publishing