A new Trojan allows hackers to hide their IP addresses, allowing them to carry out whatever nefarious online deeds they like, by turning Linux machines into proxy servers.
Linux.Proxy.10, the name of the Trojan, was discovered in December by cybersecurity firm Doctor Web. They have since found thousands of infected machines, but they expect to find more. The Trojan is inserted onto machines using other Trojans which they use to create a backdoor to the servers. Their signature? The username to access the backdoor is “mother”. The password is a six-letter word that commonly follows “mother” and is used to complete an expletive phrase.
The Trojan isn’t terribly advanced. It uses freeware source code to set up a proxy after breaking into the machine.
To make sure you aren’t a victim of Linux.Proxy.10, get your admin to disable remote root access and be on the lookout for new users. If you have no idea how to do any of that, get in touch with us.