Linux.Zorroten

Security Bulletins

2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

10/19/2013

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

10/18/2013

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

10/15/2013

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

10/15/2013

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

10/15/2013

Latest Malware Updates

Downloader.Busadom!g1

02/27/2015

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

W32.Tempedreve.D!inf

02/25/2015

SONAR.PUA!AlnadInsta

02/25/2015

SONAR.Infostealer!g5

02/25/2015

SONAR.Infostealer!g4

02/25/2015

02/23/2015

Linux.Zorroten

Type: Trojan
Discovered: 23.02.2015
Updated: 23.02.2015
Affected systems: Linux
AV Vendor: Symantec

Description:

When the Trojan is executed, it changes its process name to the following:

n1mWrb6l1t67Gvj

The Trojan then scans random IP addresses for Telnet services (TCP port 23) using the following user name/password combinations:

root/root
root/admin
root/[BLANK]
root/1234
root/12345
root/123456
root/1111
root/password
root/dreambox
root/vizxv
root/system
admin/admin
admin/[BLANK]
admin/password
admin/1234
admin/12345
admin/123456
admin/1111
admin/smcadmin
admin/4321
support/support

If the Trojan is able to gain access to a Telnet service, it then sends the IP address, user name, and password to the following remote location:

[http://]104.192.0.18/[REMOVED]

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

Multiple Vulnerabilities in Linux kernel

03/04/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015