Skip to main content

A Research Team Warns the Spread of Linux/Shishiga Malware

A team of research found a new malware called Linux/Shishiga, which targets Lua programming language and script on Linux-based devices

A new strain of Linux Malware has been around for some times. The malware, which Eset Research and Michal Malik called “Linux/Shishiga”, could prose serious danger to the system. The new threat was reported to represent Lua Family, but it is not related to the existing LuaBot malware. Linux/Shishiga targets Lua script.

Lua contains a series of modules, which give the designers flexibility. Lua is known for as a lightweight and efficient scripting language. Lua language is widely used for procedural programming, functional programming, object-oriented programming, data description, and data-driven programming. Lua is now used for Flame and Evilbunny, and it is a popular choice among APT makers.

The programming language has been around since 1993. It was designed to meet the increasing demand for customizable programming language at that time. It includes mechanism for customizing the language, thus allowing the programmers to implement specific features. However, the language itself does not contain domain-specific features. The language is designed to improve programming speed, extensibility, portability, as well as user friendliness.

The coming of the new threat has been anticipated by many threat managers. Even though it may not create a new ground of damage, the new malware may come with existing techniques, which it derives from other strains of malware.

How Linux/Shishiga Malware Might Influence Lua

Lua programming language may be vulnerable to the malware. It uses a common infection vector, as it has weak bases for its built-in password list. As a result, the malware could use the list to find possible password combination to gain access to the system. Actually, Linux/Shishiga works in a similar way to Linux/Moose. Linux/Moose is also a malware. It primarily targets Linux-based DSL modems, routers, cable, and other embedded computers. It uses the infected devices to steal unencrypted network traffic and to provide the botnet operator with proxying services.

On the other hand, Linux/Shishiga uses four different protocols, namely SSH, BitTorrent, Telnet, and HTTP. Eset Research and Michal Malik also found that the new malware has several binaries for various architectures. They include ARM (armv41), MIPS, PowerPC, and i686. These are widely used in IoT devices.

Linux/Shishiga is a binary, which is packed with Ultimate Packer for Executables (UPX) 3.91. However, the tool is expected to have trouble in unpacking the binaries, since the new malware provides additional data at the end of the packed file. After trying to unpack the binaries, Eset Research Team and Michal Malik found that the malware is statistically related to Lua runtime library and symbols. That is why they associated the new threat with Lua malware family.

Actually, Eset research Team and Michal Malik had observed the malware for several weeks. They found minor changes during the last few weeks. They included rewriting of some parts of the modules, addition of testing modules, and removal of redundant files. These modifications have looked trivial so far, but they must be anticipated since the malware keeps working. The research team concluded that the malware authors might have used Lua as a scripting language, since it is easy to use. Alternatively, they derived the code from a different malware family and then integrated the targeted architecture with Lua library and symbols.

Is Linux/Shishiga Malware Dangerous?

Is Linux/Shishiga dangerous for your computer? The malware is different from any other threats, which target default credentials on IoT devices. Linux/Shishiga compromises Linux computers with weak password. It exploits easily guessed passwords for Linux, particularly over SSH or Telnet. So, How do you know if your devices have been affected?

The malware opens a backdoor on the effected computer and makes it potential to download malicious files. It spreads by brute forcing SSH credentials and Telnet. When your devices are infected, you will find files, which begin with $home/.local codes. Then, the malware will perform the following actions on your computer:

• It scans and infects other devices (computers) on external network addresses
• It downloads additional modules
• It downloads malicious files

So far, the malware has had few victims, but the ongoing process related to Linux/Shishiga indicates that it progresses. For instance, Eset Research Team found that there have been constant addition, removal, and modifications of components, debug information, as well as code comments. In addition, the research team warned that since the malware keeps growing, there might be future variants, which try another means of entry into the device system, beyond the password way.

How to Stay Safe from Linux/Shishiga Malware

The research team found that Linux/Shishiga malware seems to target data center or IoT devices. If the attackers successfully get into the computer’s system of an enterprise, huge troubles will result. It will be very difficult to retrieve the affected files unless the company finds fast solution. So, how to prevent your computer from the malware?

Malik and the Eset research team suggested Linux users to do the following steps to minimize the risk for being affected by the worm:

• Not using SSH credentials and default Telnet.
• Using difficult-to-guess password will minimize the risk. Ask your team to enforce a specific password policy, such as changing administrator passwords at a regular basis and using complex passwords, which are difficult to crack
• Administering a kind of in-depth defense system that can identify incoming threat in an immediate way
• Implementing aggressive patching, thorough looking for suspicious files, reviewing log data, and resting incident response.
• Using a powerful firewall to block incoming threats
• Disabling the AutoPlay feature on your computer to prevent the executable files from being automatically launched
• Turning on file sharing feature and any other file sharing apps, such as Bluetooth, only when necessary. If not used, it is better to turn off the file sharing to limit access and increase password protection
• Turning off or removing unnecessary services, particularly those that need internet connection. Such services can be used by attackers as a point of entry.

Removing the Linux/Shishiga is very likely as long as you use a powerful virus scan application on your computer. Make sure to use an updated anti-virus and run a full-system scan to identify any traces of the affected files.


Popular posts from this blog

Google Maps makes Traveling Easier

With the growth of technology, there has been an implausible development in the Google maps. It has become the hope for the people who love to travel many places. It makes people get through the details of many known and unknown places before visiting there. So on the whole Google Maps is one of the great applications created by Google.

While people are willing to visit new places at that time people can make their proper planning. In that context, Google made available the whole process by which the directions for travel can get quicker to the users.

For that reason, this availability of navigation introduced by Google created an ease by which the users can visit their favourite places. With the selection of favourite places, users can also have the facility to go there as per their feasibility. This clear organisation for future reference is also available in the Google Maps which adds to make the app user-friendly for the users.

For example, if any person wants a break from his…

Apple is No Longer the Most Valuable Brand in the World As Google Grabbed the Top Position

Topsy turvy goes the road for Apple as it steps down from its lead position in the global market. Google leaps up to be the leading brand in the world. Apple lacks innovation in its pipeline. Slipping down to the 2nd global position in the list of most valuable global brands it has brought the brand value of Apple Inc. way down.

Google, the leader in the market GOOGL,-0.60%, has shown considerable growth of 24%. The growth in its brand value ranged from $88.2 billion in 2016 to $109.5 billion in 2017. It was last in 2011 when Google was in the 1st position, stated by a strategy and valuation consultancy, ‘Brand Finance’. Its own search operating business is the focal point of advertising income. It has got no competition when it comes to search over the internet.

2017 VS Apple! 2017 has not begun with a bright sun for Apple. With a brand worth $107.1 billion in 2017, Apple AAPL, +6.10% manage to be in the 2nd spot. Although the market is growing, the company's share is getting re…

11 Free Online Tools for Graphic Designing

Graphic Design is also known as communication design. Good communication skills is an essential part of the designer’s toolkit. It includes a creative plan to solve a problem or achieve certain objectives with the use of images, symbols or words. Graphic designing is a type of visual communication and graphical expression of concepts.

Graphic designers use designs, illustrations, logos and symbols to make graphic design more impressive. They design your website visual in a way so that it reflects your motto. They used different types of fonts, spacing, color, images in their work to make visual reflective to your aim. Graphic designing can be described as digital art, where graphic designers use their talent and innovation together with digital tools and we get output in the form of strong visual.

Today, we will discuss the best free online tools that can help in designing great visuals. Each graphic designer has their own favorite tools because of their usefulness and reliability. S…

Top 5 Best Smart Watches

Did you ever think that your wrist watch can do many other things either than showing time or date? Yes, you can do many other things with the help of your watch if it is smart. Wearing normal traditional watches has gone old fashioned now because the entrance of smart watches has changed the whole scenario. It is the latest technology which came into existence by integration of both wristwatch and smartphone.

It is an innovative technology that lets you operate the standard functions of the smartphone with the help of a simple wearable watch. The functionalities and capabilities of the smart watch are almost same to the smart phone. The sensors smart watch such as accelerometer, gyroscope and compass etc integrates with your smart phone and enable you to perform various operations such as:-

• Running or closing mobile apps
• Connecting to the internet
• Sending text or video messages
• Picking up or disconnecting call
• Providing weather updates
• Fitness monitorin…