Debian Linux kernel targeted by drive-by rootkit infection

Posted on Thursday, Nov 22 2012 @ 18:03 CET by Thomas De Maesschalck
InfoWorld writes security researchers discovered a new rootkit that targets the latest 64-bit Debian Squeezy kernel (2.6.32-5). Named Rootkit.Linux.Snakso.a by Kaspersky Lab, the malware infects victims via an iFrame injection attack and enables attacks to take control over the target system.
After trying to hook into important kernel functions and trying to hide its own threads, Snasko sets out to take over the target system. Exactly what purpose lies this general ambition is unclear although the researchers suspect a conventional rather than political or nuisance motive.

The good news is that the rootkit looks like a work in progress, and contains enough programming rough edges to mark it out as 'in development'.

The malware''s relatively large binary size of 500k, and the inclusion of debug code, is another giveaway that this might be a work in progress.

As significant as its design is where it might have come from. In the view of the CrowdStrike analyst, Russia is the most likely origin which would put it in the realm of the professional cybercriminals.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments