You may have heard the phrase that came with the operating system Linux, which says this is the best OS in terms of security. In general this is true, but there are some issues in the program that may affect it security of.
Recently SophosLab, posted one reference about a new malware, called Cloud Snooper, that can violate the security of server based on Linux or any other operating system, through one driver of the core.
Attackers can now execute commands at network, using the new Cloud Snooper malware.
What is Cloud Snooper?
Cloud Snooper is a new sophisticated malware software, which creates communication with the cloud computing server, bypassing the firewall.
How does it infect servers?
As you probably know, everything on the Linux operating system is files. So malicious users take advantage of the Linux kernel driver file called 'snd_floppy'.
The file name was chosen to resemble other Linux driver programs that start with "snd" such as snd_pcm, snd_hda_intel, snd_hda_codec and snd_timer.
In order to spy on the server, the attacker uses a signaling method, in which the hidden monitoring command is added to the normal network traffic data to perform malicious actions.
The script acts as secret data, which is extracted from the network traffic from the snd_floppy driver file. The intruder uses the 16-bit TCP source port to send the command, bypassing the crawl from the firewall.
How to protect the server from Cloud Snooper?
The first thing you can do is modify the current firewall security rules to detect and block packages from an illegal source port.
If the firewall still does not restrict the entry of an infected file, you can add another layer of protection to prevent a script from running. You can use any tool which can monitor and delete dangerously programs kernel driver or other unwanted programs from your server.
You can also add two-factor authentication as an additional level of security.