On the Internet, I discovered a new Trojan that causes the server to mine Bitcoin
New Trojan that focuses on Linux servers has been detected on the network, the server uses for Bitcoin mining, running Redis NoSQL database.
Up to 30,000 Redis servers may be vulnerable, largely because careless system administrators have put them on the Internet without having to install a password.
Malicious Trojan Linux.Lady was discovered by a Russian Dr Web anti-virus software. Trojan is written using a programming language from the Google Go, mostly based on open source library Go, posted on GitHub.
The malware uses a more compact Trojan called Linux.Downloader.196 to download the main payload after infection. Linux.Lady once up and running, according to the basic information about the cracked system for command and server control (C & C).
The next step in the process of infection, the configuration file is sent to the C & C server to begin the process of crypto-currency in favor of the production of malware controllers. Linux.Lady and self-propagating.
"This malware has the ability to collect information about the infected computer and send it to the C & C server, download and run the utility cryptocurrency mining and attack other computers on the network to install your own copy of them,"
- Said the consultant Dr. Web.
Redis database server has been criticized for the low level of security in July was more than 6,300 burglaries Redis online.
Redis is a database system and NoSQL "is ideal for the storage of data in key-value format, using an in-memory system for processing and subsequent queries", according to Softpedia.
The lack of security functions partially explains Redis decent performance in the default configuration.
Redis is REmote DIctionary Server and is the product of an open source project, released in April 2009 under the sponsorship of VMware and Pivotal and therefore is a popular choice.
Source: http://bitcoininfo.ru/news/v-seti-internet-obnaruzhen-novyy-troyan-zastavlyayushchiy-servery-dobyvat-bitkoin
387$ on the post and no one commented - must be interesting content.
Do you have a link to the original article or any information about how the malware leverages Redis to so its bidding?