The Operation Windigo botnet has compromised 25,000 Unix servers. This, in turn has churned out 35 million spam emails on a daily basis. A campaign organised by cybercriminals called Operation Windigo, has seized control of 25,000 Unix servers, which attacks a staggering half a million computers daily.
60% of the total websites on the net are run on Unix servers. This means the potential threat posed by Windigo is astoundingly big, with the cybercriminals behind the manoeuvre having created a powerful platform for the distribution of both malware and spam email.
Operation Windigo was exposed by security researchers at ESET, in collaboration with CERT-Bund and the Swedish National Infrastructure for Computing, alongside with other tech agencies. What is disconcerting is the operation has been running behind the scenes for approximately three years. The websites that are affected by Windigo typically flash malware to anyone visiting from a Windows PC whilst those users on Apple’s Mac OS X are bombarded with ads for dating sites while iPhone users are redirected to pornographic websites.
ESET security researcher Marc-Étienne Léveillé said, “Windigo has been gathering strength, largely unnoticed by the security community, for over two and a half years, and currently has 10,000 servers under its control…Over 35 million spam messages are being sent every day to innocent users’ accounts, clogging up inboxes and putting computer systems at risk. Worse still, each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements.”
ESET is asking that all website administrators check if their servers have been infected and if they have, to wipe the operating system and software and reinstall it fresh, with new passwords and private keys. The existing credentials are to be considered compromised. “We realise that wiping your server and starting again from scratch is tough medicine, but if hackers have stolen or cracked your administrator credentials and had remote access to your servers, you cannot take any risks,” said Léveillé.
If you have any sensible comments regarding this story, please leave your comments in the section below.
[Image via habermerkezim]