securitybreach Posted July 5, 2019 Share Posted July 5, 2019 Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol. The malware, named Godlua, was detailed in a report published on Monday by the company's researchers. According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems. It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner. But Netlab researchers say the malware actually works as a DDoS bot and they've already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site........... https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/ 3 Quote Link to comment Share on other sites More sharing options...
Digerati Posted July 5, 2019 Share Posted July 5, 2019 I hope users notice this is designed to attack Linux based systems. Sadly, some think if they switch to Linux, they are safe. That is not true. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.