Operation Windigo: Compromised Thousand of Linux Server

Today ESET security firm have published a technical analysis report on Linux system. As per the report, last month firm had discovered a OpenSSH backdoor and credential stealer on the Linux system. From last few weeks thousands of the Linux users had been notified that there server have been infected, and for this issue firm have made a announcement to raise further awareness.

A Operation Windigo - the scheme runs on an infrastructure entirely hosted on compromised computers: 25,000 Linux servers in total over the last two years, with over 10,000 still infected today.

ESET team have point out that, each of these systems has access to significant bandwidth, storage, computing power, and memory. They also mention that, developer of this malware have designed it to steal the credentials, redirect web traffic to the malicious destination and also capable to send spam message.  The malware have made a large impact in the Germany, France, the UK, and the US.

As per the security firm, Malware redirect a half of millions web traffic at malicious destination on the daily basis. ESET team also mention that, attacker were able to send more then 35,000,000 of spam message in a day with the current infected Linux servers. Following are the Linux based system that are affected by the spam components- Linux, FreeBSD, OpenBSD, OS X, and Windows (with Perl running under Cygwin).

You can check the Operation Windigo Whitepaper here.