Windigo

Windigo is a collection of threats that was developed to create a sophisticated network of botnets used to distribute spam and infect computer users' PCs with threats. In 2014, Windigo caught the attention of PC security researchers because Windigo had been used to infect nearly 25,000 servers with threats. Recently, in 2015, Windigo has garnered attention due to its use in compromising pornographic websites. Windigo is being used to target Steam, the online gaming platform, and using backdoor Trojans to compromise thousands of Web servers running on Linux and Unix. These capabilities have made Windigo-related threats particularly threatening and effective at distributing spam and threats to potential victims.

The 'Operation Windigo' is Affecting a Large Amount of Computers

Windigo is not a single threat infection. Rather, its perpetrators have established a sophisticated campaign nicknamed 'Operation Windigo' in order to carry out their attacks on an unprecedentedly large scale. PC security researchers have received news that malware analysts at various high profile intelligence institutions, such as CERN, have uncovered the sophisticated threat attacks involved in the operation Windigo. An OpenSSH backdoor Trojan known as Linux/Ebury is used to collect the administrator's login information, which allows third parties to then take over the server in order to redirect computer users to attack Web pages or to deliver spam emails and messages. The use of a complex Linux Trojan as the initial step in Windigo attacks points to the high threat level of these attacks.

Most Windigo attacks have taken place in the United States and European countries such as Germany, Italy and France. Windigo is responsible for millions of spam email messages sent every single day and has infected thousands of servers worldwide (which in turn infects hundreds of thousands of end users). Although the initial backdoor Trojan may enter servers in a variety of ways, these have not been entirely uncovered by PC security researchers. However, the ways in which Windigo is used to generate revenue are well known.

Assimilating the Complexity of the 'Operation Windigo'

The most important component of Windigo attacks is the SSH backdoor Trojan, since it carries out the initial attack on the targeted server, allows third parties to maintain their control over it and collect the administrators' credentials. Once these have been collected, third parties may use this data for a wide variety of purposes, including sending threats, spamming computer users, or taking over the server in order to redirect visitors to attack websites or to Web pages that generate revenue through advertising. However, Windigo attacks do not affect servers exclusively. End users have become victims of various misleading tactics. For example, Operation Windigo has resulted in end users on mobile devices being redirected to compromised websites, advertisements containing pornographic content or other types of click-fraud content. In many cases, the redirects are based on the platform of the end user. For example, iPhone users have noted that their device may display pornographic advertisements. Meanwhile, Windows users are directed to attack websites that attempt to exploit vulnerabilities in Windows. Mac users, which may not be as vulnerable to these kinds of attacks, instead receive advertisements for dubious dating websites.

Dealing with Windigo Attacks

Server administrators are advised to read up on Operation Windigo and to instate the highest possible security settings to prevent these types of attacks. Computer users should use strong passwords and authentication procedures and ensure that Firewalls and security software are always active. Simply running a Linux operating system is not enough to protect a computer from threats, especially when dealing with complex threat campaigns like Operation Windigo. End users are advised to use a strong anti-malware program to protect their computers from these types of attacks and take extra care when browsing the Web.