A CHINESE TROJAN, one of the few to be written for the Linux operating system, has seemingly made the jump to Windows.
First reported in May by Russian anti-malware software house Dr Web, the original malware known as “Linux.Dnsamp” is a Distributed Denial of Service (DDoS) Trojan, which, according to the company blog, transfers between Linux machines, altering the startup scripts, collecting and sending machine configuration data to the hackers’ server and then running silently waiting for orders.
Now it appears that the same hackers have ported the Trojan to run in Windows as “Trojan.Dnsamp.1”
The Windows version gains entry to the system under the guise of a Windows Service Test called “My Test 1”. It is then saved in the system folder of the infected machine under the name “vmware-vmx.exe”.
When triggered, just like its Linux counterpart, the Trojan sends system information back to the hackers’ central server and then awaits the signal to start a DDoS attack or start downloading other malicious programs.
Fortunately, the vast majority of the attacks using this method were aimed at other Chinese websites, which were attacked 28,093 times, but Dr Web warns that US websites came second with nine percent of attacks.
Although the threat of malware is an everyday hazard to most computer users, to find an attack on Linux is much rarer, and to find any kind of malware that has been ported from one operating system to another is almost unheard of.
In June, RSS reader service Feedly, note app Evernote and streaming music service Deezer all suffered DDoS attacks. Google is working on Project Shield, an initative designed to help smaller web servers fight off DDoS attacks.