Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Internet

25,000 web servers are infected with Windigo

See also

Some antivirus products detect the virus but most do not.

Web server system administrators should be aware that several pieces of Linux malware such as the rootkit known as Ebury SSH are part of an operation, which has infected approximately 25,000 web servers over the past two years, according to The Whir who reported about it on March 19. Administrators are strongly urged to check their web servers for Ebury SSH, which is being used as a key part of a larger and more sophisticated malware operation called “Windigo.” Windigo redirects web traffic through tools HTTP backdoor Linux/Cdorked and uses a Perl script, Perl/Calfbot, to send spam.

Since at least 2011, Windigo has compromised a wide range of operating systems including Linux (and Linux on the ARM architecture), Microsoft Windows (through Cygwin), FreeBSD, OpenBSD and Apple OS X. According to CERT-Bund, a German government research agency, Ebury is a Secure Shell rootkit/backdoor trojan for Unix and Linux-style OS. Attackers can use a backdoor Ebury provides to get a remote root shell on infected hosts, says CERT-Bund.

SSH login credentials are stolen using Ebury from incoming and outgoing SSH connections. Ebury compromised systems are infected at the root-level. Rather than trying to clean it up they are best dealt with by reinstalling the entire operating system. Some antivirus products, generally as ‘Sshdkit’ or ‘SSHDoor’ are capable of detecting Ebury but ClamAV and tools such as rkhunter and chkrootkit presently do not detect Ebury.

Both Windows end-users and Linux/Unix server operators whose servers were compromised may be victims of Windigo when users visit legitimate websites hosted on compromised servers, ESET notes. Over 700 web servers are presently redirecting visitors to malicious content and 35 million spam messages on average are sent per day, courtesy of Windigo. Using web hosting coupons can help when this happens.

Stay on top of all things Internet by subscribing. You can also like this writer on Facebook and follow her on Twitter and Pinterest.

Advertisement

Don't Miss

  • Unity
    'Assassin's Creed Unity' preview: Ubisoft comes home to its urban origins
    Games Preview
  • Smart vending machine
    This smart vending machine will recommend drinks for you based on your gender and age
    Video
    Tech Buzz
  • Destiny
    The 'Destiny' beta: 7 things we absolutely love about Bungie's new franchise
    Games Feature
  • Wi-Fi
    Find out how to stretch your Wi-Fi signal where it has never gone before
    Tech Tips
  • Unity Exclusive
    'Assassin's Creed Unity' exclusive: Tell the world, 'I'm coming home'
    Games Interview
  • Gamer ghost
    Gamer finds and plays with ghost of deceased father on a classic game
    Video
    Headlines