A Trojan for Linux

A new threat to Linux users is added. The emergence of new malware for this operating system seems to be increasingly become common. Now is the turn of a new Trojan, which although it was recently detected, is already beginning to talk about how it might affect all users of Linux.

The new threat is named Linux.Ekocms.1 , and was discovered a week once more ago by the Russian antivirus company Dr. Web, who had already detected some former Trojans as Rekoobe .

Dr. Web , on its website, has published the discovery of the virus,They have defined this as a Trojan. It is able to take screenshots and download different files that could compromise the security of your computer and user privacy.

The Trojan is designed to take screenshots after every 30 seconds, and stored in a temporary directory on your computer, format JPEG or BMP with a name containing the date and time when the picture was taken under the model ss%d-%s.sst , where %s is a time stamp. If there is an error saving the file, the Trojan uses the image format BMP .

Once launched, the Trojan scans the following two files

  1. $HOME/$DATA/.dropbox/DropboxCache
  2. $HOME/$DATA/.mozilla/firefox/profiled

If these files are not found, the Trojan is able to create its own copy.Once the connection between the server and Linux.Ekocms.1 established , through a proxy whose address is within. the trojan begins the transfer of encrypted information to the C & C. 

Finally, Linux.Ekocms.1 generates a list of filtering files to aa*.aat , dd*.ddt , kk*.kkt , ss*.sst  up in the directory and files to the server that match this criteria. Besides the ability to take screenshots, the Trojan has the ability to record audio and save it with the name of aa-%d-%s.aa  in the format ‘WAV’ . However, Dr. Web has not detected the use of this feature still far.

Leave a Reply