A new trojan virus attacks Linux servers, using servers working with the Redis NoSQL database for bitcoin mining. Almost 30,000 Redis servers may be assailable; because of inattentive system administrators who did not set any passwords bfore put servers online.
Named Linux.lady, a new trojan has been reported by Russian anti-virus firm Dr. Web. This malware attacks a poorly configured Redis server and turns it into a bitcoin miner for the attacker’s benefit. This trojan spreads on its own by infecting the other computers on the network. Russian anti-virus firm Dr. Web has recently discovered this malware. Interestingly, the malware is written in Google’s Go programming language and relies on open source Go libraries hosted on GitHub.
Firsty this trojan virus checks the system for keys and terminates itself if they are missing. The malware uses a more compact trojan called Linux.Downloader.196 to download the main payload after infection. Linux.Lady, once installed and running, sends basic information about the cracked system to the command-and-control server. Using the received information and number of CPUs, a configuration file is sent from the command-and-control server that starts the bitcoin mining process on the infected computer. Being a self-propagating malware, Linux.lady has the power to infect other computers on the network.
The Dr. Web advisory said:
“This malware possesses the ability to collect information about an infected computer and transfer it to the command-and-control server, download and launch a crypto-currency mining utility, and attack other computers on the network to install its own copy on them.”
The Redis database server which was attacked by Linux.lady has been criticised for poor security several times befor this insident. The Risk Based Security report offered in July that there were more than 6,300 endanger Redis servers online. For those who do not know, Redis is a NoSQL database system that is used to store data in key-value format. It makes use of an in-memory system for data handling and subsequent queries. It was described as an ideal for storing data in the key-value format, using an in-memory system for handling the data and following queries.
Redis is an open source project, which has been sponsored by VMware and Pivotal and because of it became one of the most popular in the world. The lack of security features partially accounts for the decent performance of Redis but as you can see, it became a huge mistake and was succesfully used by trojan virus attacks.