Operation Windigo (Malware)
A collection of malware developed to create a sophisticated network of botnets that can distribute spam, redirect Web traffic and infect users’ computers with malware, all while keeping the location of the cyber criminals perpetrating the attacks a secret.
Operation Windigo is believed to have been growing behind the scenes for the past three years. It gained public attention in March 2014, when software security firm ESET revealed it was responsible for compromising more than 25,000 Linux servers. At one point during this time the Windigo network was sending 35 million daily spam messages and redirecting more than 500,000 web visitors to exploits kits each day, according to ESET.
Operation Windigo primarily relies on two Linux backdoors, Linux/Ebury and Linux/Cdorked, to steal login credentials, compromise Web servers and redirect traffic. Notable victims of Operation Windigo have included cPanel, a popular web hosting control panel platform, and kernel.org.
How to Identify and Clean a System Compromised by Windigo
ESET researchers dubbed the network Windigo after a mythical cannibalistic creature of Algonquian Native American folklore. The security firm recommends administrators and webmasters run the following command to identify if their server has been compromised by Operation Windigo:
$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo “System clean” || echo “System infected”
Servers infected by Operation Windigo should be wiped completely clean and have their operating system and applications reinstalled. Unique passwords and private keys need to be created for future access to a previously infected system in order to help prevent the server from being compromised again.
Read Also:
- Microsoft Office on iPad
According to recent news reports, Microsoft is planning to release a version of its Office Suite, including Word, Excel, Power Point and OneNote for Apple’s iPad mobile computing device. As noted on ComputerWorld, Microsoft will announce Office apps for iPad on March 27, 2014, during a public press conference by Microsoft CEO Satya Nadella. The […]
- Bring Your Own Cloud (BYOC)
A term similar to BYOD (Bring Your Own Device) in which corporate employees utilize their own personal clouds or a combination of public or private cloud services from third-party cloud providers instead of the company’s own cloud services. Bring Your Own Cloud (BYOC), or Build Your Own Cloud, provides employees with the flexibility to store […]
- Electronic Medical Record (EMR)
EMR is short for electronic medical record. An electronic medical record is a digital version of the paper file used in a physician’s office or clinic. The EMR contains the medical history of all patients who use the practice and is part of the internal patient record-keeping process. An EMR provides immediate access to each […]
- AirWatch
An enterprise mobility management (EMM) and mobile device management (MDM) provider that offers solutions for handling the management of mobile devices, applications and mobile content in the enterprise. AirWatch competes in the mobile device management market with other MDM companies such as Citrix Systems (Xenprise), Perimeter, SAP Sybase, IBM (Fiberlink), Oracle (Bitzer), Continuum and MobileIron. […]
- Amazon SimpleDB
A non-relational database cloud service that can be used to store and query data items via web services requests through Amazon Web Services (AWS). Amazon SimpleDB frees companies from the administrative tasks of maintaining databases while providing high availability and flexibility to its customers. As its name implies, Amazon SimpleDB is suited more for less […]