Security experts from ESET, together with CERT-Bund, the Swedish National Infrastructure for Computing and other agencies, discovered a cybercriminal campaign which has captured more than 25,000Unix servers all over the world.
Unix.jpg
The so-called Operation Windigo resulted in infecting servers sending out millions of spam emails. The letters were designed to hijack servers, infect the devices that visit them, and steal data. Among the victims you can find servers of cPanel and kernel.org.
A detailed technical report was published by ESETs security specialists, where they presented the findings of their investigations and malware analysis. The report in question also explained how to find out if your own systems were also affected, and instructed how to remove the malicious code.
Due to the sheer size and complexity of the operation, it managed to remain largely unnoticed by the security community which was too busy in its attempts to work out how to keep the US NSA out. It turned out that Windigo has been building for more than two and a half years, and so far has 10,000 servers under its control.
According to ESET security experts, the botnet sends out over 35 million spam messages daily to innocent users accounts, clogging up inboxes and putting computer systems at risk. Moreover, every day more than half a million PCs are put at risk of infection, because they visit websites already poisoned by web server malware from Operation Windigoand redirecting to malicious exploit kits and adverts.
The experts explained that Windigo-affected sites try to infect visiting Windows PCs with malware through an exploit kit, and Mac users are normally served advertisements for dating websites. As for iPhone users,they are redirected to online porn. They also point out that it could be more serious: over 60% of the world's sites are running on Linux servers, and many might not be aware they have been hacked.
Unix.jpg
The so-called Operation Windigo resulted in infecting servers sending out millions of spam emails. The letters were designed to hijack servers, infect the devices that visit them, and steal data. Among the victims you can find servers of cPanel and kernel.org.
A detailed technical report was published by ESETs security specialists, where they presented the findings of their investigations and malware analysis. The report in question also explained how to find out if your own systems were also affected, and instructed how to remove the malicious code.
Due to the sheer size and complexity of the operation, it managed to remain largely unnoticed by the security community which was too busy in its attempts to work out how to keep the US NSA out. It turned out that Windigo has been building for more than two and a half years, and so far has 10,000 servers under its control.
According to ESET security experts, the botnet sends out over 35 million spam messages daily to innocent users accounts, clogging up inboxes and putting computer systems at risk. Moreover, every day more than half a million PCs are put at risk of infection, because they visit websites already poisoned by web server malware from Operation Windigoand redirecting to malicious exploit kits and adverts.
The experts explained that Windigo-affected sites try to infect visiting Windows PCs with malware through an exploit kit, and Mac users are normally served advertisements for dating websites. As for iPhone users,they are redirected to online porn. They also point out that it could be more serious: over 60% of the world's sites are running on Linux servers, and many might not be aware they have been hacked.