BASHLITE

BASHLITE
Technical name	As BashLite ELF/Gafgyt.[letter]!tr (Fortinet); Backdoor.Linux.BASHLITE.[letter] (Trend Micro); As Gafgyt ELF/Gafgyt.[letter]!tr (Fortinet); HEUR:Backdoor.Linux.Gafgyt.[letter] (Kaspersky); DDoS:Linux/Gafgyt.YA!MTB (Microsoft); ELF_GAFGYT.[letter] (Trend Micro); As QBot Trojan-PSW.Win32.Qbot (Kaspersky); Backdoor.Qbot (Malwarebytes); Win32/Qakbot (Microsoft); Bck/QBot (Panda); Mal/Qbot-[letter] (Sophos); W32.Qakbot (Symantec); BKDR_QAKBOT (Trend Micro); TROJ_QAKBOT (Trend Micro); TSPY_QAKBOT (Trend Micro); WORM_QAKBOT (Trend Micro); Backdoor.Qakbot (VirusBuster); As PinkSlip W32/Pinkslipbot (McAfee); As Torlus
Aliases	Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus, LizardStresser
Type	Botnet
Author(s)	Lizard Squad
Operating system(s) affected	Linux
Written in	C

BASHLITE (also known as Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus and LizardStresser) is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

The original version in 2014 exploited a flaw in the bash shell - the Shellshock software bug - to exploit devices running BusyBox. A few months later a variant was detected that could also infect other vulnerable devices in the local network. In 2015 its source code was leaked, causing a proliferation of different variants, and by 2016 it was reported that one million devices have been infected.

Of the identifiable devices participating in these botnets in August 2016 almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers - and less than 1 percent were compromised Linux servers.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.