New Trojan Attacks Linux Servers

Feb 10, 2015

The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.

The Dr. Web security group has announced the discovery of a multipurpose trojan that targets Linux server systems. The trojan, which is known as Xnote, is designed to implement several botnet-style attacks. Xnote does not break into a system by itself but is, instead, delivered to the victim’s computer after the attackers have already established a root SSL connection by other means.
Once in place, Xnote takes several steps to conceal itself, such as making a copy of itself and deleting the original. Once it settles in, Xnote then sends information about the victim’s system to a remote command and control server and waits for further instructions. If instructed to do so, Xnote can launch a SYN Flood, UDP Flood, HTTP Flood, or NTP Amplification attack. Xnote can also create and rename file and directories, accept files from the command and control server, start a SOCKS proxy, and communicate with the remote server through a hidden shell.
Researchers suspect Xnote was created by the Chinese hacker group ChinaZ.  

Related content

comments powered by Disqus

Issue 206/2018

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia