Windigo is a collection of threats that was developed to create a sophisticated network of botnets used to distribute spam and infect computer users' PCs with threats. In 2014, Windigo caught the attention of PC security researchers because Windigo had been used to infect nearly 25,000 servers with threats. Recently, in 2015, Windigo has garnered attention due to its use in compromising pornographic websites. Windigo is being used to target Steam, the online gaming platform, and using backdoor Trojans to compromise thousands of Web servers running on Linux and Unix. These capabilities have made Windigo-related threats particularly threatening and effective at distributing spam and threats to potential victims.
The 'Operation Windigo' is Affecting a Large Amount of Computers
Windigo is not a single threat infection. Rather, its perpetrators have established a sophisticated campaign nicknamed 'Operation Windigo' in order to carry out their attacks on an unprecedentedly large scale. PC security researchers have received news that malware analysts at various high profile intelligence institutions, such as CERN, have uncovered the sophisticated threat attacks involved in the operation Windigo. An OpenSSH backdoor Trojan known as Linux/Ebury is used to collect the administrator's login information, which allows third parties to then take over the server in order to redirect computer users to attack Web pages or to deliver spam emails and messages. The use of a complex Linux Trojan as the initial step in Windigo attacks points to the high threat level of these attacks.
Most Windigo attacks have taken place in the United States and European countries such as Germany, Italy and France. Windigo is responsible for millions of spam email messages sent every single day and has infected thousands of servers worldwide (which in turn infects hundreds of thousands of end users). Although the initial backdoor Trojan may enter servers in a variety of ways, these have not been entirely uncovered by PC security researchers. However, the ways in which Windigo is used to generate revenue are well known.
Assimilating the Complexity of the 'Operation Windigo'
The most important component of Windigo attacks is the SSH backdoor Trojan, since it carries out the initial attack on the targeted server, allows third parties to maintain their control over it and collect the administrators' credentials. Once these have been collected, third parties may use this data for a wide variety of purposes, including sending threats, spamming computer users, or taking over the server in order to redirect visitors to attack websites or to Web pages that generate revenue through advertising. However, Windigo attacks do not affect servers exclusively. End users have become victims of various misleading tactics. For example, Operation Windigo has resulted in end users on mobile devices being redirected to compromised websites, advertisements containing pornographic content or other types of click-fraud content. In many cases, the redirects are based on the platform of the end user. For example, iPhone users have noted that their device may display pornographic advertisements. Meanwhile, Windows users are directed to attack websites that attempt to exploit vulnerabilities in Windows. Mac users, which may not be as vulnerable to these kinds of attacks, instead receive advertisements for dubious dating websites.
Dealing with Windigo Attacks
Server administrators are advised to read up on Operation Windigo and to instate the highest possible security settings to prevent these types of attacks. Computer users should use strong passwords and authentication procedures and ensure that Firewalls and security software are always active. Simply running a Linux operating system is not enough to protect a computer from threats, especially when dealing with complex threat campaigns like Operation Windigo. End users are advised to use a strong anti-malware program to protect their computers from these types of attacks and take extra care when browsing the Web.
Do You Suspect Your PC May Be Infected with Windigo & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Windigo as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.