We found a backdoor that uses network sniffing to provide a reverse shell. Additionally, it fully encrypts and integrity checks it network traffic with session keys. It was first presented at GoSec 2017 in Montreal and was found using a new honeypot SSH tool.
This backdoor was first used in 2012 as part of the 'sebd' rootkit but seems to have been reactivated within the scope of a rising botnet.
10 août 2017
New results related to our research about Linux/Moose, an IoT botnet that conducts social media fraud (SMF), were published in the scientific journal, Social Media & Society, last week. The article is open-source and available at: http://dl.acm.org/citation.cfm?id=3097301. However, if you don’t want to bother reading it, the blog post provides a quick summary of the main findings.
20 juillet 2017
In this blog post, we discuss the basic strategy to integrate CSP into an existing website. It covers the theory and the new features of CSP Auditor.
30 juin 2017
In the last few days, we closely followed the malicious software outbreak that took control of about 12,500 devices, mostly in Ukraine and Russia, demanding a $300 ransom from the infected device’s owner. Although this new attack is fascinating, we noticed that the associated stories quickly got out of hand.