New Linux SSH Brute-force LUA Bot Shishiga Detected in the Wild

A new Linux malware has been spotted in the wild by security researchers at Eset, and it is much more sophisticated than any of the previously known Linux based malware. The security researchers have named this malware as “Linux/Shishiga” which utilizes four different protocols according to Eset research team. The protocols used are Telnet, HTTP and BitTorrent, SSH and Lua scripts.

A new Lua Family

Eset researchers revealed that the malware is a new Lua family which means it’s written in Lua programming language and is capable of doing much more damage than any of the previously known malware. Michal Malik of Eset writes in his blog post that “Linux/Shishiga (meaning female swamp (or forest) creature in the Russian language) is a binary packed with UPX (ultimate packer for executables) 3.91.”

The Luabot malware was discovered last year infecting Linux devices and using them to conduct DDoS (Distributed Denial of Service) attacks. The researchers who discovered LuaBot botnet defined it as “the most advanced botnet hitting Linux-based IoT devices”:

Brute-force attack

The malware access the victim’s computer by trying a variety of passwords and the infected PC can then be used by the hacker to offer proxy services or steal unencrypted traffic. It’s safe to say that Linux/Shishiga is a similar version of Linux/Moose. However, the use of brute-force SSH credential attacks makes it quite complicated.

A work-in-progress

According to security researchers, Linux/Shishiga is still a work in progress, and we might get to see some evolved forms of it pretty soon. Mr. Mounir Hahad, Director of Cyphot Labs told Linux Insider that “Unlike the IoT malware Mirai, which targeted default credentials on IoT devices, this brute force attempt to compromise Linux computers is targeting weak passwords people would have chosen.”

How to Tackle this Malware?

It is a fact that IoT devices are vulnerable to brute force password attacks since a number of devices are shipped to customers with default login credentials. The users can protect their devices and network from this malware by changing the default password with a strong one. DO NOT use default Telnet and SSH credentials, instead use a strong password! SSH stands for Secure Shell, and it’s a secure way to remotely access a site’s server however in Shishiga’s case situation is different.

Remember, after the development of Mirai malware botnet, IoT devices have become extremely vulnerable to large-scale cyber attack. It was due to Mirai malware that Internet’s largest ever DDoS attack took place last year. Therefore calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator and browse safely.

Related Posts