There comes a new online malware aimed at the Debian distribution that can “infect” the TCP functions by malignant.
Security experts in the Linux world said in the future may have to deal with a new threat. In recent days, in fact, appeared on the Full Disclosure mailing list of the portal a binary file containing a malware designed to infect users of the penguin and the first analysis, the project seems to have been made in Russia by particularly experienced hands.
At present, however, the malware would still be under development, enabling any necessary precautions.
Specifically, it is a rootkit intended for distribution Debian in Squeezy version 6, with particular reference to the kernel 2.6.32-5-amd64, one of the last available. After sneaking into the victim’s computer, one of the main things it does is replace the function tcp_sendmsg, responsible for sending packets using TCP, with its own version specifically designed to perform unspecified operations on each web page served to the outside.
The malware in question for that reason could in one fell swoop infect hundreds of Web sites, especially where authors succeed in installing him inside the server hosting company. Every single page processed and sent to the client may affect the safety of the latter, since the attack based on the foundations of the HTTP protocol. According to the security company CrowdStrikes, in addition, it would also be relatively easy to modify the source code in order to launch attacks against specific targets clearly identified, making the whole issue of particular importance.
Several other are also the companies operating in the field of computer security, which analyzed the malware and the common denominator of each report is the surprise before a very advanced rootkit, made with techniques not generally adopted earlier, but also able to hit where would not expect an attack. The software, however, showed clear signs of development is not finished yet, but soon the black market could reach a final version can create many problems in the world of security.