Moose worm targeting Linux-based routers and systems


ESET researchers have uncovered a new worm dubbed Linux/Moose that is targeting Linux-based routers as well as other Linux-based, embedded systems.

The researchers classified the malware as a worm because most of its threats are used to find and infect other devices automatically.

"Our monitoring of the botnet indicates that this threat is used to steal unencrypted HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate 'follows' and 'views' on the same sites via a SOCKS proxy server built into the malware," explained ESET researcher Olivier Bilodeau, in a blog post.

The worm targeted social networks, including Twitter, Instagram, Soundcloud, Youtube, Yahoo and Yandex.

Bilodeau explained that the attackers are generating revenue through social network fraud. "The consumer routers under attack provide a means to proxy malicious traffic from the operators through to the social network sites leveraging highly reputable Internet Service Providers' (ISPs) IP addresses," he wrote.

The worm also has DNS hijacking capabilities and will shut down other malware competing for limited resources on the router or other embedded systems.

According to security blogger Graham Cluley, the worm also appears able to infect medical devices, such as the Hospira drug infusion pump, which runs on Linux.

Individuals are "advised to be on their guard, ensure that they install the latest security patches and never use default or easy-to-crack passwords on their internet-connected devices," Cluley concluded.

For more:
- read the ESET blog post
- check out Cluley's blog post

Related Articles:
Trojanized open source SSH software tool PuTTY used to steal information
Serious virtual machine bug VENOM could threaten cloud providers