Operation Windigo botnet has infected 25,000 servers in the last two years

By on March 20, 2014, 9:15 AM
linux, unix, servers, hack, operation windigo

Security researchers from antivirus provider ESET on Tuesday announced a massive cyber attack that has managed to take control of at least 25,000 Linux/Unix servers over the last two years. The infected servers are used to steal credentials, send spam, and redirect web traffic to malicious web pages.

Dubbed Windigo, the cyber criminal operation has three main components: Linux/Ebury - an OpenSSH backdoor that controls servers and steals credentials, Linux/Cdorked - an HTTP backdoor that redirects web traffic to fraudulent content, and Perl/Calfbot - a spam-sending program.

According to the report, out of the 25,000 servers that Windigo infected over the last couple of years, around 10,000 are still under its control. It's not a small number considering the fact that each of these machines has access to significant bandwidth, storage, computing power, and memory. Researchers believe that the infrastructure is generating more than 35,000,000 spam messages per day.

Windigo has compromised Linux Foundation's kernel.org systems and the developers of the cPanel Web hosting control panel. Regions like Germany, France, the UK, and the US have been worst hit by the attack.

Researchers concluded that password authentication to access servers is inadequate, suggesting that two-factor authentication should be used instead. If you want to check your system for Windigo infection, you can do so by running the following command:

ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"

It's strongly recommend that operating systems of infected machines be completely reinstalled.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.