A specific support ticket was created and a failure analysis was conducted in order to determine the root cause of this behavior, apparently unexplainable. It was found out that a virus - in the form of an ELF executable - was uploaded by an attacker [1]. Two instances of this executable were running when the machine when it was analyzed. These processes overloaded the processor, causing the overall slowing down of the machine, as reported by the customer. Likely this virus is has been used to perform further attacks illegitimate actions on the Internet such as [[https://en.wikipedia.org/wiki/Denial-of-service_attack DDoS]].

The machine was initially installed in a proprietary severely controlled private LAN with no access to the Internet. Then it was configured with a public static IP address and was moved to public network connected to the Internet. However, it was not verified that the original configuration is suited for such a use. From the security perspective, the system was affected by clear vulnerabilities such as the use of <code>telnet</code> service, combined with a weak <code>root</code> password. Thus it was trivial for the attacker to get access to the machine with <code>root</code> privileges. The protection level was so low, that maybe the attack was even carried out by an automatic hacking tool.

This document aims to raise system integrators awareness of these issues and to provide some practical suggestions  This article is not a

[1] See also https://www.virustotal.com/en/file/1917f27f64fe8770e43a8087ad4529593dfb3cc4d9317ababb91e3bfea60a179/analysis/.