Hackers uncork experimental Linux-targeting malware
SSH... it's Shishiga
Hackers have unleashed a new malware strain that targets Linux-based systems.
The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) and Lua scripts for modularity, according to an analysis of the nasty by security researchers at ESET.
Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack, a common hacker tactic. A built-in password list allows the malware to try a variety of different passwords to see if any allow it in.
The latest Linux-system targeting nasty could still evolve and become more widespread, but the low number of victims, together with the constant addition, removal, and modification of the components, code comments and even debug information, clearly indicate that it’s a work in progress, according to ESET.
Shishiga is similar to other recent nasties in abusing weak Telnet and SSH credentials, but the usage of the BitTorrent protocol and Lua modules separates it from the herd, according to ESET.
Eset advises that "to prevent your devices from being infected by Shishiga and similar worms, you should not use default Telnet and SSH credentials." ®