Zlovred received the Linux designation.DDOS.93 — It infects computers with operating systems on the Linux nucleus. Presumably, Trojan is distributed by a set of shellshock vulnerabilities in the GNU Bash program.
Once on the car, Zlovred creates two subsidiaries. The first exchange information with the control server, and the second in a continuous cycle checks whether the parental process works, and in case of stopping, it restarts it. In turn, the parental process also monitors the subsidiary and restarts it if necessary — So Trojan supports his continuous work on an infected computer.
The malware allows you to carry out DDOS attacks in various ways — Methods UDP Flood, TCP Flood, HTTP FLOOD using Get/Post/HEAD questions and others. Having received the command to carry out the attack, Trojan stops all subsidiaries, and then launches 25 new processes, which carry out the DDOS campaign by the indicated attackers by the method.
Source:
- Drweb.com