What is X-bash? A look at the all-in-one malware threat

28th September 2018

nearly half of all global login attempts are made by hackersFollowing on from headline claiming malware like Petya, NotPetya and WannaCry, a new threat to computer users has emerged in the form of an all-in-one malware called X-bash.

What is X-Bash?

Researchers at Palo Alto Networks have named this new form of malware X-bash. They claim it combines bot net, cryptocurrency mining software and ransomware in one singular worm that specifically targets users of Linux and Windows.

Who created it?

The researchers, named ‘Unit 42’, have claimed that the malware can be tied to a collective known as the Iron Group (aka Rocke), who are known to be behind numerous other ransomware attacks.

What dangers does it pose?

The first point to note is X-bash’s botnet module. This is the prime method the malware utilizes to infect new Windows and Linux systems. It searches for unpatched security holes to get on to a server and can also brute-force several web servers.

It also contains a worm which, while it is said to be currently inactive, does have the ability to generate a list of IP addresses on the same network it has infected and test to see if ports are open.

Finally, X-bash also contains two modules which are used to extort money from the infected system’s user. The ransomware module attacks Linux servers, it looks for databases, destroys them and then leaves a ransom note which asks the user to pay a financial sum through an anonymous cryptocurrency payment. Similarly, X-bash contains a cryptominer which is deployed to Windows servers.

Worryingly, the team at Palo Alto Networks who discovered the threat have said that they have found no evidence that X-bash contains any capabilities of restoration, meaning that even if victims pay their ransom, it is unlikely they will ever have their data restored by the hackers.

How to protect your business

Businesses, organisations and individuals can protect their data by using strong passwords, keeping their patches up-to-date, using endpoint security on their systems, preventing access to unknown hosts on their servers and implementing a regular routine of data backups to prepare for the worst-case scenario.

Here at ECL we have extensive experience in protecting businesses against the latest malware, computer hacks, viruses, spam, phishing scams and other threats and can advise you on the best methods of protecting your business. We can also help businesses to update their systems to run the latest and most secure version of Windows available. For more information please, please call us on 01268 575300 or email us on info@ecl.co.uk.

Posted in

Get in touch

Can't find what you're looking for or have further questions, please give ECL a call on 01268 575300 or fill out the form below and we will get back in touch as soon as possible...

Please enter your name.
Please enter a valid email address.
Please type your message.

Please check the captcha to verify you are not a robot.

IT Support

ECL recognises that every client is different, and every client has a different IT support requirement. Whatever the size of your business, we can offer a support scenario to suit your needs.

Cloud Services

Whether your business already uses Cloud services or you’re considering the Cloud as a possible way forward, talk to us first. We can provide anything from fully hosted IT infrastructures on our own ECL Private Cloud, to simple on-line backups. We can also give expert advice on Office 365 and other Cloud platforms.

Disaster Recovery

How would losing access to your IT systems and data for days, or even weeks, affect your business? For many if not most companies this would be a nightmare scenario, with potentially very serious consequences.

Office 365

Cloud services could potentially lower your overall costs and gives your employees all the tools they need alongside the correct layers of security and compliance.

Client reviews