Search This Blog

Wednesday, April 26, 2017

Linux Shishiga malware using LUA scripts

Among all the Linux samples that we receive every day, we noticed one sample detected only by Dr.Web – their detection name was Linux.LuaBot. We deemed this to be suspicious as our detection rates for the Luabot family have generally been high. Upon analysis, it turned out that this was, indeed, a bot written in Lua, but it represents a new family, and is not related to previously seen Luabot malware. Thus, we’ve given it a new name: Linux/Shishiga. It uses 4 different protocols (SSH – Telnet – HTTP – BitTorrent) and Lua scripts for modularity.



Linux Shishiga malware using LUA scripts

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.