Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Linux.PNScan Trojan is Back Again! Indian x86 Linux Based Routers are on Target!

 

 

This is really a bad news for you, if you own an x86 Linux based router. A Linux.PNScan named Trojan is installing backdoor on all that routers, which are using x86 Linux architecture. This is an old Trojan which was first detected in August 2015, by security researchers of Dr Web. At that time this Linux.PNscan Trojan was infecting PowerPC, MIPS and ARM based routers.

 

A Brief Report on Old Linux.PNScan Trojan

Old Linux.PNScan Trojan was designed by its authors to perform Distributed Denial of Service (DDoS) Attacks. After infecting ARM, MIPS and PowerPC based routers, this Trojan was capable to organize ACK Flood, SYN Flood and UDP flood based DDoS attacks. This Trojan was infecting all the routers which were making contact with it. It was also capable to perform brute force attack. But it was using only three username and password combinations.

 

User Name: admin       Password: admin

User Name: root          Password: root

User Name: ubnt         Password: ubnt

 

How New Linux.PNScan Trojan is Doing Its Work?

According to security researchers of Dr Web, it is an updates version of Old Linux.PNScan Trojan. This Trojan has been complied by its authors with the help of ‘Toolchains” named compiler tool. Linux.PNScan has compatibility of GCC(GNU) 4.1.x. SSL enabled configuration has also been used by its authors to activate cross compiler option. This is hard coded Trojan, developed by its authors only to install backdoor in x86 Linux Based routers.

 

Hackers behind this Trojan, are using a twitter account to hide all the malicious traffic. After infecting an x86 Linux based router, it is creating some malicious files in system. These malicious files are listening to 2 ports which have been used by TCP. Trojan is sending specially crafted HTTP requests through SSL by using 443 port. This Trojan is capable to perform a dictionary attack too.

 

How to Detect This Trojan?

Linux.PNScan is creating some new files in the system. If these type of files are available in your router’s files system, you are also a victim. The list of files is as given below:

 

Permission                    Size              Date                    Filename                           Function

-rw-r- - r--                          387       Aug 23  12:06              list2                             < - - connected hosts

-rw-r- - r--                          4           Aug 23  12:02             MalwareFile.pid            < - - pids

-rw-r- - r--                          0           Aug 23   12:02            daemon.log                  < - - malware log

-rw-r- - r--                         35          Aug 23   12:02            login2                           < - - brute auth

drwxr-xr-x                         4096       Aug 23   12:02            files/                             < - - updates/downloads

 

Also read: Be Alert! GozNym Trojan is Back Once Again to Target Banks and Financial Services!

 

This Trojan is in direct contact with some special hardcoded IP Address (183.83.0.0/16). These IP addresses have been detected by security researchers and these are form Kashmir and Telangana Regions of INDIA. Dr Web said, the region of this malware might be in Russia.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.