Posted on Thursday, July 06 2017 @ 13:29 CEST by Thomas De MaesschalckCiting figures from security firm AV-TEST, the site writes detections of the old Tsunami trojan hit new highs in recent years. Furthermore, AV-TEST points out a whopping 900,000 DSL routers of Telekom customers were infected by malware at the end of November.
Even though Linux is generally safer, there are a lot of kernel vulnerabilities and hardware like routers or Internet of Things devices in particular are very vulnerable due to poor security practices and lack of updating.
The company also says, "Other Linux malware, such as the Tsunami backdoor, has been causing trouble for several years now and can be easily modified for attacks against IoT devices. The detection systems of AV-TEST first detected the Tsunami malicious code in the year 2003. Although, at that time, practically no IoT devices existed, the Linux backdoor already offered attack functions which even today would be suitable for virtually unprotected attacks on routers: In this manner, Tsunami can download additional malicious code onto infected devices and thus make devices remote controllable for criminals. But the old malware can also be used for DDoS attacks. The Darlloz worm, known since 2013, as well as many other Linux and Unix malware programs, have similar attack patterns which AV-TEST has been detecting and analyzing for years."
