Linux/DDoSMan
Linux/DDoSMan is a backdoor Trojan that coordinates Denial-of-Service attacks for crashing targeted servers by taking over vulnerable Linux systems. This threat includes significant persistence features and may update itself with additional capabilities over time. Users should protect themselves with appropriate server settings, password management, and dedicated anti-malware products for deleting Linux/DDoSMan and its components.
Ready-Made DDoSes for Chinese Hackers
Thanks to researchers, the cyber-security industry has a heads-up on a new Trojan that makes effective use of an old one. Even more worrying than either Linux/DDoSMan or its more elderly Elknot component, however, is the fact that its payload is easily accessible, user-friendly, and is taking advantage of apparent 'training sessions.' The identities of the Chinese hackers who are responsible for Linux/DDoSMan and, presumably, its future attacks are, for the moment, concealing their identities successfully.
Linux/DDoSMan's Chinese-language admin interface encourages the backdoor Trojan's introduction to Linux servers via port-scanning exploits. After compromising the server or other, vulnerable system, the attacker runs the Linux/DDoSMan's installer, which handles maintaining the threat's persistence across reboots, updating itself, and dropping other threats. So far, malware experts corroborate Linux/DDoSMan's running no more than one, additional program: Elknot, an old, Distributed-Denial-of-Service or DDoS Trojan.
Elknot exploits the compromised system for generating fake traffic to flood and crash servers that the threat actor denotes for attacking. It supports various protocols for the feature, including UDP, TCP and others. Some readers may be familiar with this component of Linux/DDoSMan, which also is discoverable in separate campaigns, by its other alias: the 'BillGates' malware. As usual, DDoS functions have no deliberate symptoms on display for the user of any compromised hardware but may cause side effects like poor performance.
The Worst Elves to Have around Your Files
Linux/DDoSMan's threat actors may, merely, be using conveniently-available tools, since Elknot's history goes back to 2014 and is well-known throughout China. However, the recent nature of the Linux/DDoSMan's development raises new possibilities of the DDoS Trojan getting updates that, hitherto, weren't on its horizon. Preventative security measures are, as always, ideal for limiting Linux/DDoSMan's growth and capacity for causing harm to its targets.
Both Linux/DDoSMan and Elknot are Linux-based threats that, through an easy-to-use CMD and panel combination interface, can coordinate attacks using their ELF botnet. This 'Executable and Linkable' format is highly-portable and flexible concerning its running requirements, although malware experts find no signs of either Elknot or Linux/DDoSMan's running on non-Linux systems. Implementing appropriate password and firewall security, as well as updating your server software, will help with fending off attacks, and quality anti-malware products should delete Linux/DDoSMan automatically.
Although it's starting its life in China, Linux/DDoSMan propagates with strategies that don't respect borders. Anyone on Linux should concern themselves with their security, assuming they don't want to play host to two or more unwanted Trojans.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.