Jump to content


First-ever malware strain spotted abusing new DoH (DNS over HTTPS) pro


  • Please log in to reply
1 reply to this topic

#1 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,661 posts

Posted 05 July 2019 - 10:20 AM

Quote

Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.

The malware, named Godlua, was detailed in a report published on Monday by the company's researchers.

According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems.

It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.

But Netlab researchers say the malware actually works as a DDoS bot and they've already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site...........

https://www.zdnet.co...https-protocol/
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   Digerati

Digerati

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 285 posts

Posted 05 July 2019 - 01:17 PM

I hope users notice this is designed to attack Linux based systems. Sadly, some think if they switch to Linux, they are safe. That is not true.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users