Bkav experts discovered that Linux servers in Vietnam are at risk of being attacked to steal information and become a botnet network due to a series of virus variants that once raged in China.

In October and November, receiving requests from businesses, Bkav experts reviewed Linux servers and discovered many virus samples that were variants of the Elknot virus family. This is an ELF format virus, a binary file that executes on Linux kernel operating systems.

The main behaviors of Elknot variants include: stealing information from the host they infect; gain control, execute hacker's remote commands, turn the server into a bot in the DDOS attack botnet.

To make investigation and removal difficult, viruses disguise and replace tools in the system such as network tools (netstat, ss), process management tools (ps). Besides, viruses are also capable of using many different methods to automatically start with the system.

To avoid being attacked by this malicious code, Bkav recommends:

- Administrators immediately check for viruses on servers and need to do so regularly.

- Enterprises need to have policies or regulations on periodically evaluating the security of server services running publicly, updating new versions, and patches for services running on the server.