This is really a bad news for you, if you own an x86 Linux based router. A Linux.PNScan named Trojan is installing backdoor on all that routers, which are using x86 Linux architecture. This is an old Trojan which was first detected in August 2015, by security researchers of Dr Web. At that time this Linux.PNscan Trojan was infecting PowerPC, MIPS and ARM based routers.
A Brief Report on Old Linux.PNScan Trojan
Old Linux.PNScan Trojan was designed by its authors to perform Distributed Denial of Service (DDoS) Attacks. After infecting ARM, MIPS and PowerPC based routers, this Trojan was capable to organize ACK Flood, SYN Flood and UDP flood based DDoS attacks. This Trojan was infecting all the routers which were making contact with it. It was also capable to perform brute force attack. But it was using only three username and password combinations.
User Name: admin Password: admin
User Name: root Password: root
User Name: ubnt Password: ubnt
How New Linux.PNScan Trojan is Doing Its Work?
According to security researchers of Dr Web, it is an updates version of Old Linux.PNScan Trojan. This Trojan has been complied by its authors with the help of ‘Toolchains” named compiler tool. Linux.PNScan has compatibility of GCC(GNU) 4.1.x. SSL enabled configuration has also been used by its authors to activate cross compiler option. This is hard coded Trojan, developed by its authors only to install backdoor in x86 Linux Based routers.
Hackers behind this Trojan, are using a twitter account to hide all the malicious traffic. After infecting an x86 Linux based router, it is creating some malicious files in system. These malicious files are listening to 2 ports which have been used by TCP. Trojan is sending specially crafted HTTP requests through SSL by using 443 port. This Trojan is capable to perform a dictionary attack too.
How to Detect This Trojan?
Linux.PNScan is creating some new files in the system. If these type of files are available in your router’s files system, you are also a victim. The list of files is as given below:
Permission Size Date Filename Function
-rw-r- - r-- 387 Aug 23 12:06 list2 < - - connected hosts
-rw-r- - r-- 4 Aug 23 12:02 MalwareFile.pid < - - pids
-rw-r- - r-- 0 Aug 23 12:02 daemon.log < - - malware log
-rw-r- - r-- 35 Aug 23 12:02 login2 < - - brute auth
drwxr-xr-x 4096 Aug 23 12:02 files/ < - - updates/downloads
1 comments:
SSN FULLZ AVAILABLE
Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector
Premium Accounts (Netflix, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
Post a Comment