Shishiga - Linux Malware

The newly discovered Linux malware, dubbed Shishiga, uses Lua scripts which is a programming language and is partially based off the previously known malware ‘Luabot’. This threat uses 4 different protocols (SSH, Telnet, HTTP and BitTorrent) and uses brute force to infect systems with weak credentials. There are similarities to the malware Linux/Moose aside from brute forcing SSH credentials, but overall Shishiga is considered to be a little more sophisticated.

Over a short period of time, researchers noticed minor changes in Shishiga’s make up where some modules were rewritten. These changes suggest Shishiga is still evolving and could become widespread but at the time of writing, the number of victims remains low.

Researchers also found several binaries of Linux/Shishiga for various architectures such as MIPS (both big- and little-endian), ARM (armv4l), i686 and also PowerPC - these are common for IoT (Internet of Things) devices.

The use of brute force techniques to compromise a variety of vulnerable systems is a concern because as previously mentioned in section 2, there is a large pool of devices that do not have strong passwords or are still using default credentials. Changing default credentials when setting up a system is one of the first actions to follow in terms of best security practices. A strong password will mitigate an attack from compromising a system via SSH, Telnet, HTTP, BitTorrent or any other protocol.