Uncovering “Operation Windigo”

Hackers have been able to develop a strong distribution platform for spam and malware by using a backdoor Trojan to infect Unix servers worldwide. In last couple of years, over 25,000 Unix servers have been infected. ESET, an anti-virus firm, has recently issued a report describing ‘Windigo’. The security firm in association with the European Organization for Nuclear Research (CERN), the Swedish National Infrastructure for Computing, CERT-Bund and other agencies has uncovered ‘Operation Windigo’. The Windigo attackers are usingOpenSSH backdoor and credential stealer (Linux/Ebury) to steal credentials of system administrators. Thehackers then exploit the credentials to redirect web visitors to malicious exploit pages and ads. ESET confirms that around 10,000 servers are infected worldwide by Operation Windigo. Around 35 million spams are being sent daily to end-users. Servers in the US, Italy, the UK, France and Germany are majorly impacted by this spam and malware campaign. As per a security intelligence program manager at ESET, their researchers are yet to find out how the OpenSSHbackdoor attacked servers initially. However, the hackers possibly do benefit financially from this campaign via unknown channels. This spam and malware campaign attacks different devices by redirecting them to different malicious contents. Windows computer users, for instance, are redirected to exploit links, iPhone users are redirected to pornographic ads and Mac users are served with dating-sites’ads. ESET further added that their researchers are getting in...

Read More