SUBSCRIBE

BEST OF THE WEB

Attackers Exploit Solaris Vulnerability To Install BPFDoor Malware

IT World Canada Staff
IT World Canada Staff

Threat actors are exploiting an old Solaris vulnerability to install BPFDoor malware.

The malicious software was discovered by researchers at PricewaterhouseCoopers (PwC) and linked to a China-based threat actor tracked as Red Menshen.

BPFDoor is a custom backdoor that has been in use for the last 5 years. It cannot be stopped by firewalls, it can work without opening any ports and does not require a command and control server as it can receive commands from any IP address on the web.

According to CrowdStrike, attackers are targeting Linux and Solaris systems that use the custom-built BPFDoor implant on telecommunications providers to steal personal user data.

The researchers pointed out that detecting BPFDoor/JustForFun implants on a Linux system can be very difficult, as the threat actors modifies existing SysVinit scripts on the host to achieve persistence. Therefore, reviewing the lines of code in SysVinit scripts is unlikely to reveal the reference to the implant.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

SUBSCRIBE
Previous article
Dyson Develops Robots To Help With Household Chores
Next article
Pay For In-demand IT Skills Rises In Q1 2022

More Best of The Web

Popular Stories This Week

ITWC Network

Follow Us

©

2024

IT World Canada. All Rights Reserved.

SUBSCRIBE