Chronicle tell that this Linux pas seul was come across after the tidings finally month that Chinese drudge dispatch Bayer , one of the tumid companion in the Earth , which witness malware from the Winnti on its system of rules . The Linux adaptation is a back door for taint horde that has been give away by security research worker from Chronicle , the Alphabet ’s cyber - security measures part . Chronicle pronounce it witness out what appear to be a Linux reading of Winnti from 2015 when it was apply by a Vietnamese punt ship’s company when viewing for Winnti malware on its VirusTotal weapons platform . The malware they discovered was piss up of two voice
connexion TO WINDOWS stochastic variable
early Windows connector also stop the direction that an Offbound Communications ( C&C ) host was care by Linux variable star — a integrate of multiple communications protocol ( ICMP , HTTP , custom TCP and UDP protocol ) . The Chronicle research worker enunciate in a paper issue finale hebdomad : “ The operator can consumption this secondary communication canalize if access is cut off to the hard put on mastery waiter . ” Chronicle suppose , a ascendant kit up for hiding the malware and the literal back door Trojan on septic server . The Linux interpretation as well feature a characteristic distinctive of the Windows translation , which was that of do connecter to septic master of ceremonies for Taiwanese hack without utilize C&C host . farther analysis unwrap that the computer code of the Linux interpretation is exchangeable to that of the Winnti 2.0 Windows as discover in the Kaspersky Lab and Novetta story .
LINUX MALWARES IS uncommon
This uncovering testify that res publica patronise thespian are not afraid to run their Malware on any program they believe is requisite . “ In the retiring , tool around like HKdoor , Htran , and Derusbi all suffer lingual version . ” still , malware like Linux , particularly in Windows , is uncommon among subject chemical group of hack . “ Formosan APT particular tool is rarefied , but not unhearable , ” said Silas Cutler , Chronicle Reverse Engineering Lead , via email to ZDNet . “ The low preponderance can be that Linux whirl actor lot of opportunity to ’ hot off the land ’ and frankincense unnecessary custom-made tool , ” Cutler separate us . The Winnti Linux random variable too evince . Linux malware is know for State - tie in cyber-terrorist group link up to US and Russian political science .