Use your computer fearlessly.




Mission Services Articles Research





everyone: older news

business: Worms


Panther Shadow: A Linux Worm

by Brent Kirkpatrick

(Date Published: .)



This worm infects most variants of Linux and leaves behind a rootkit.



Much of the Internet infrastructure has been infected by a Linux worm. This worm spreads by exploiting Meltdown and Spectre, and it was released before patches were available. It is crucial to update infrastructure computers with patches for Meltdown and Spectre, and it is crucial to remove the rootkit that is associated with this worm.

In February 2018, Intrepid Net Computing encountered this worm. This worm infects multiple variants of the Linux operating systems, including: Chrome Panther OS and CentOS. The payload of the worm is transmitted to an end-user computer when the computer connects to the Internet.

Recent patches for Meltdown and Spectre are sufficient to block the spread of this worm. This worm infects the memory of a host computer and downloads a rootkit payload that gives the attackers complete access to the infected computer. There are eighteen files in the rootkit which are detailed in the public report.

This worm has two modes, dynamic and persistent. In the dynamic mode, this worm probably infects nearly any Linux operating system. The system remains infected until it is rebooted. In the persistent mode, the worm first dynamically infects the Linux operating system, and then saves itself on the harddisk. In both the dynamic and persistent modes, the worm downloads a rootkit to install.

A report on the rootkit of this worm has been made public:

Panther Shadow: A Linux Worm -- the rootkit

For more information about this worm and other exploits, please use the defendIT service.


defendIT image

defendIT. AI-driven incident response measures derived from security incident data.


White Paper

Panther Shadow: A Linux Worm -- June 29, 2018


Business Articles

Worms

Why Clean-Up Hacking?







INC Logo




What Is New? | Contact | Tips


© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.