In computing, the Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. It was chosen as the standard binary file format for Unix and Unix-like systems [
Wikipedia].
Even though the popularity of the Windows OS among average end-user systems has meant that attackers have mostly focused on developing malware for Windows systems, ELF badness is a growing concern. The colleagues over at
Malware Must Die are making a huge effort to put some focus on ELF malware, their article entitled
China ELF botnet malware infection & distribution scheme unleashed is just an example.
Today we are rolling out a tool to generate detailed structural information regarding ELFs. This information includes: file header specifics (ABI version, required architecture, etc.), sections, segments, shared libraries used, imported symbols, exported symbols, packers used, etc. You may take a look at this new information in the File Details tab of the following report:
https://www.virustotal.com/en/file/cc5833d039943bcf06cb185500b21a19d4e1f73a3362943d27697fc93f7b9602/analysis/
Hopefully all this new information will bring some attention to malware targeting linux systems and will lead to better world-wide defenses against these threats.