/
1 min read

ESET Researchers Win 1st Peter Szor Award for their Operation Windigo Research

 

ESET researchers were honored with the award on their brilliant research on Windigo malware during VB2014 in Seattle, WA, USA.

Eset anitvirus ESET, a global pioneer in proactive protection for  more than 25 years, won the first annual ‘Peter  Szor Award’ by Virus Bulletin for their vb 2014research on Operation Windigo – the credential-stealing Linux server-side malware. Operation Windigo was led by ESET researchers Olivier Bilodeau, Pierre-Marc Bureau, Joan Calvet, Alexis Dorais-Joncas, Marc-Etienne Léveillé and Benjamin Vanheuverzwijn.

For Peter Szor Award, four pieces of research were nominated, out of which ESET’s Operation Windigo research bagged this prestigious award. Peter Szor Award aims to recognize the best piece of technical security research published each year.

Mr Pankaj Jain, Director at ESET India said, “Three years of continuous research on Operation Windigo by our researchers has helped uncover the compromised servers, to provide cleaning tips and simple recommendations for Linux users. We believe we have the technical expertise to drive ESET to the leadership position in the AV segment.

In March 2014, ESET gained public attention when it has revealed that more than 500,000 PCs and 25,000 unique servers have been compromised in the last two years by Operation Windigo. ESET has also stated that, the Windigo network was sending 35 million daily spam messages and redirecting more than 500,000 web visitors to exploits kits each day.

This operation has been ongoing since at least 2011 and has affected high profile servers and companies. ESET researchers have done a detail report on operating this and provided details on the number of users that have been victimized and the exact type of resources that are now in control of the gang. Furthermore, the team has provided a detailed analysis for the three main malicious components of this operation: Linux/Ebury*, Linux/Cdorked* and Perl/Calfbot*.


*Windigo is a malicious group which has compromised thousands of Linux and Unix servers. The compromised servers are used to steal SSH (Secure Shell) credentials, redirect web visitors to malicious content and sen spam.

*Linux/Ebury – an OpenSSH backdoor used to keep control of the servers and steal credentials

*Linux/Cdorked – an HTTP backdoor used to redirect web traffic. We also detail the infrastructure deployed to redirect traffic, including a modified DNS server used to resolve arbitrary IP addresses labeled as Linux/Onimiki

*Perl/Calfbot – a Perl script used to send spam