everyone: older news
Panther Shadow: A Linux Worm
by Brent Kirkpatrick
(Date Published: 6/29/2018.)
In February 2018, Intrepid Net Computing encountered this worm. This worm infects multiple variants of the Linux operating systems, including: Chrome Panther OS and CentOS. The payload of the worm is transmitted to an end-user computer when the computer connects to the Internet.
Recent patches for Meltdown and Spectre are sufficient to block the spread of this worm. This worm infects the memory of a host computer and downloads a rootkit payload that gives the attackers complete access to the infected computer. There are eighteen files in the rootkit which are detailed in the public report.
This worm has two modes, dynamic and persistent. In the dynamic mode, this worm probably infects nearly any Linux operating system. The system remains infected until it is rebooted. In the persistent mode, the worm first dynamically infects the Linux operating system, and then saves itself on the harddisk. In both the dynamic and persistent modes, the worm downloads a rootkit to install.
A report on the rootkit of this worm has been made public:
Panther Shadow: A Linux Worm -- the rootkit
For more information about this worm and other exploits, please use the defendIT (TM) service.
defendIT (TM). AI-driven incident response measures derived from security incident data.
Panther Shadow: A Linux Worm -- June 29, 2018