ELF botnet

By GoldSparrow in Trojans

The ELF (Executable and Linking Format (computer data format) botnet that introduces itself in a Linus platform when its Command and Control server is in a Windows platform in the listening mode holding back for callbacks delivered by the installer of the bot. As soon as this threat has the remote host infected, the installer ELF will be able to read all the information on the server processes. Then, it will collect the data and send it to its C2 present in the URL to notify the C2 the infected systems to collect statistic of the affected computer and send traffic information to the affected machine containing an upgrading binary, which will make possible additional infections. Then, a Windows C2 utility tool named 'Manager will classify the gathered data and send it to a steady page housed on a second host.

The ELF botnet is a Distributed-Denial-of-Service (DDoS) family, which can be rented by criminals and used for different purposes. Computer users and admins can prevent the ELF botnet infection by applying all patches for known vulnerabilities, having strong security measures installed and keeping a strong anti-malware product running 24/7 on their machines.


Most Viewed