March 10, 2011, 12:27 PM — More evidence malware writers have become at least as sophisticated as the companies they target:
Trend Micro reports a new bit of malware circulating as an executable that targets routers running operating systems or kernels based on Unix, Linux and other Unix-like embedded operating systems.
The code arrives as an Executable and Linkable Format (ELF) -- Unix or Linux executable file -- that creates a backdoor into Internet Relay Chat applications. It may also do brute-force attacks to get username/password lists from the routers they infect.
Most infections by the trojan called ELF_Tsunami-R so far have been in Latin America, especially against D-Link routers, though it probably works on others as well.
There are desperately few bits of malware designed to attack Linux machines, especially compared to Windows, or even the MacOS.
Linux-based routers have also been targeted successfully in the past, at least once to build a botnet of respectable size.
Coding for routers is dicier than for Windows machines because there are so many fewer safeguards between the code and the processor, the operating systems are far more specialized and the range of commands is more limited.
Many run Linux kernels, full operating systems or Linux-like OSes that let them share executables with various Linux and Unix machines with relatively little modification.
Targeting routers, and Linux routers at that, sounds pretty abstruse, but Linux or Linux kernels are pretty common inside both home routers and larger, more powerful routers designed for corporate networks.
There is a huge, barely acknowledged installed base of Linux within corporate IT as a matter of fact.
Replacing the OS with Linux and configuring an aging server or PC as a cheap base for firewalls, routers, spam filters or other specific jobs allows many IT departments to fill specific needs for which there is often no budget to buy new hardware.