 |
| (pc-google images) |
Researchers at Doctor Web said the Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a P2P botnet.
The Trojan, initially known as Drupal ransomware, was written in the Go programming language and can attack web servers that use various content management systems (CMS), can perform DDoS attacks, send out spam messages, and even distribute itself over networks.
The malware has the ability to hack websites built using Drupal by exploiting a well-known SQL injection flaw.
The analysis published by Dr Web stated “Linux.Rex.1 is a Trojan that can create such P2P botnets by implementing a protocol responsible for sharing data with other infected computers. Once the Trojan is launched, a computer that has been infected starts operating as one of this network’s nodes.” continues the analysis. “The malware program receives directives over the HTTPS protocol and sends them to other botnet nodes, if necessary. When commanded by cybercriminal starts or stops a DDoS attack on a specified IP address.”
“It also searches for network hardware that runs AirOS, and exploits known vulnerabilities in order to get hold of user lists, private SSH keys, and login credentials stored on remote servers. However, this information cannot always be obtained successfully,” reads the analysis.
