A paper entitled 'Dissecting Linux/Moose' by Olivier Bilodeau and Thomas Dupuy looks into the issue of the issue of the new breed of Linux focused malware.
Summarized by the authors as thus:
'Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to botnet operators. In practice these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate "follows", "views" and "likes" on such sites.'
Among the key findings:
- Built for deep network penetration spreading past firewalls
- It can eavesdrop on communications to and from devices connected behind the infected router, including desktops, laptops and mobile phones
- Moose runs a comprehensive proxy service (SOCKS and HTTP) that can be accessed only by a specific list of IP addresses
- Moose can be configured to reroute DNS traffic, enabling Man-In-The-Middle attacks
- Moose affects Linux embedded devices running on ARM and MIPS architecture
0 comments:
Post a Comment