Some say it’s a worm. Some say it might be a BitCoin miner. \u00a0We say that it might be forming\/building a new type of BotNet. We’re talking about the Darlloz identified and labeled last year by Symantec.<\/p>\n
What it is? Well, it’s a „good crafted” type of „malware something” by someone from Africa (as we know by now, yet it might be spreaded out by an innocent victim located there) and it’s a new kind of malware that attacks Linux and Linux powered embedded devices. \u00a0And it’s generic, as it tends to buildup\/use binaries for ARM, MIPS and many more architectures (it attacks several types of devices found in a network enviroment).<\/p>\n
How does it spread? Well, it uses some exploits that are found in basic Linux distributions and, as it seems, a database with common credentials found on different embedded devices (routers, NASes, DVRs, NVRs, IP Cameras, maybe SmartTVs). \u00a0And it doesn’t stop here: it also tries to attack x86(Intel\/AMD) based servers.<\/p>\n
How to check for it? Login into your ethernet\/Internet enabled device and search for a process\/file\/folder that’s named zollard<\/em>. If you find it, take extra care measures inside your network.<\/p>\n We’ll be releasing soon more information about it and, probably, an automated tool to test\/verify local presence of this „linux-targeted” malware.<\/p>\n","protected":false},"excerpt":{"rendered":" Some say it’s a worm. Some say it might be a BitCoin miner. \u00a0We say that it might be forming\/building a new type of BotNet. We’re talking about the Darlloz identified and labeled last year by Symantec. What it is? Well, it’s a „good crafted” type of „malware something” by …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[99],"tags":[97,94,96,95,93,92],"class_list":["post-1097","post","type-post","status-publish","format-standard","hentry","category-it-security-newsupdates","tag-botnet","tag-darlloz","tag-embedded","tag-linux-malware","tag-zolard","tag-zollard"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"pl","enabled_languages":["en","da","de","es","fi","fr","it","hu","nl","no","pl","pt","ru","sv"],"languages":{"en":{"title":true,"content":true,"excerpt":false},"da":{"title":false,"content":false,"excerpt":false},"de":{"title":false,"content":false,"excerpt":false},"es":{"title":false,"content":false,"excerpt":false},"fi":{"title":false,"content":false,"excerpt":false},"fr":{"title":false,"content":false,"excerpt":false},"it":{"title":false,"content":false,"excerpt":false},"hu":{"title":false,"content":false,"excerpt":false},"nl":{"title":false,"content":false,"excerpt":false},"no":{"title":false,"content":false,"excerpt":false},"pl":{"title":false,"content":false,"excerpt":false},"pt":{"title":false,"content":false,"excerpt":false},"ru":{"title":false,"content":false,"excerpt":false},"sv":{"title":false,"content":false,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/posts\/1097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/comments?post=1097"}],"version-history":[{"count":1,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/posts\/1097\/revisions"}],"predecessor-version":[{"id":1098,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/posts\/1097\/revisions\/1098"}],"wp:attachment":[{"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/media?parent=1097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/categories?post=1097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evosec.eu\/pl\/wp-json\/wp\/v2\/tags?post=1097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}