The security solutions company ESET said that Windigo, while largely unnoticed by the security community, has been in operation for more than two and a half years. Pierre-Marc Bureau, security intelligence program manager at ESET, said Windigo currently has 10,000 servers under its control. “This number is significant if you consider each of these systems have access to significant bandwidth, storage, computing power and memory.” Exploring this campaign, the ESET security research team collaborated with CERT-Bund, the Swedish National Infrastructure for Computing and other agencies, observing that, once infected, victims’ systems are used to redirect web traffic to malicious content and send spam.
With thousands of Linux and Unix servers compromised, the Windigo operation is recognized as a large-scale effort. Its purpose seems to be monetary profit, the team said. The main components of the Windigo operation are an OpenSSH backdoor, a web redirection module and a spam-sending program. Servers located throughout the U.S., Germany, France and the UK are among those infected
Read more at: Phys.org