The Operation Windigo research paper, released in March by ESET Research Lab from Canada, was awarded the Péter Szőr Award at Virus Bulletin Conference late last month. Ironically, the research paper was also recognized by the creators of malware behind Operation Windigo saying “Good job, ESET!“ within their code one month after it was released. ESET Researcher from the award-winning team was interviewed to bring updates on Operation Windigo to the public. The whole interview is now available at WeLiveSecurity.com.
After publishing the whitepaper on Operation Windigo, ESET has continued to monitor and protect against Linux/Ebury malware.
“Within a month, we’ve seen a new version of the malware attempting to evade our indicators of compromise,” said Marc-Étienne Léveillé from the ESET Research Lab in Canada in the interview for WeLiveSecurity.com.“Ebury no longer uses shared memory for keeping stolen credentials and inter-process communication. Instead, a new process is started and injected with the Ebury payload with LD_PRELOAD. Stolen credentials are kept in this new process address space. Inter Process Communication with OpenSSH is done over a UNIX domain socket,” explains in the interview.
ESET Researchers are constantly on watch - monitoring and then bolstering defenses to help protect its customers from this malware family. According to the researchers, the main problem with the Windigo is lack of Linux forensic knowledge.
“We want to reach out to the security community and help protect Internet-facing servers against the Windigo threat and other general purpose Linux malware”, concludes.
Operation Windigo was uncovered in March 2014 by ESET Research Lab in cooperation with the CERT-Bund, the Swedish National Infrastructure for Computing and other agencies. It seized control over 25,000 UNIX servers worldwide sending out millions of spam emails daily. Last month at Virus Bulletin Conference in Seattle the research paper on the Operation Windigo won annual Péter Szőr Award.
ESET Researchers will present the latest updates on the Windigo together with the evolution of the Linux malware at LinuxCon Europe on October 15th 2014 in Düsseldorf, Germany.