A Linux Trojan gets ported to Windows


While most people consider Linux safe and secure, it isn't always the case. When the bad guys of the internet have a will, they find a way. That's why, back in May of this year, security firm Dr. Web reported a new family of Linux Trojans designed for DDoS attacks.

Now the company reports that one member of that family, known by the catchy name of "Trojan.DnsAmp.1" has been ported over to the Windows side of the computing world.

"It is installed into the system under the guise of the Windows service Test My Test Server 1.0 whose executable file is saved in the system folder under the name vmware-vmx.exe", the security firm announces.

Once it launches it will send a signal to the attacker and then obediently await commands to begin the DDoS attack. Worse, it's capable of downloading and running other malicious programs, leading to an even bigger problem for the end user.

"Certain features discovered by Doctor Web's researchers in the Trojan's code indicate that it has been written by the virus makers behind Linux.DDoS and Linux.BackDoor.Gates malware", the security firm says.

Dr. Web also states that, during monitoring between June 5 and August 13, the largest amount of attacks carried out by this particular Trojan family were actually directed against Chinese servers, though the US managed a second place finish. The firm reports that it has added the signature of this threat to its software, and customers should be protected from it.

Image Credit: Sadik Gulec / Shutterstock

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.