Operation Windigo Victimizes cPanel, kernel.org, and 25k Servers

Security researchers at the Antivirus company ESET collaborated with CERT-Bund, the Swedish National Infrastructure for Computing and other agencies to uncover a widespread attack that has been named "Operation Windigo". Among the 25,000 Unix and Linux Servers compromised were well known organizations cPanel and kernel.org.

The ESET information security research team published details of their findings, today, 18 March, 2014. CyberCede has taken their findings and is working on a streamlined "Spot Check" offering to determine if customer systems are infected. The quick check offered on the ESET website produced erroneous, false-positive findings, when CyberCede tested it. A 'flush and fill' operation may be the most cost effective, and safe way to handle this backdoor trojan, if it is detected. It has been estimated that the infected servers are still attacking approximately 500,000 end-user systems per day, so this global security event is far from over.

Operation Windigo is said to still have approximately 10,000 compromised servers under its control and as a whole, transmitting over 35 million spam messages every day, according to Marc-Étienne Léveillé, an ESET security researcher. The infected systems also have their web servers redirecting unwitting users to malicious sites designed to compromise home user computers. Home computer users running versions of Microsoft Windows are more likely to be sent to sites that will attempt to infect them with known Windows exploits, while users of Apple's Macintosh and iOS operating systems are typically redirected to dating sites and sites with pornographic content respectively.

Give us a call today to set up an appointment to have your servers tested for the presence of the Operation Windigo related malware.