Thanks Steve Which is why I posted the link here to get a balance view because the rootkit did not ring true
I still only play with linux - and working on making the big jump from billy ware later this year - new pc - new operating system - linux of some flavour Currently running ipcop firewall and gentoo with samba for file server. Need to drop the windows 2k server and my desktop. Maurice -----Original Message----- From: Steve Holdoway [mailto:[EMAIL PROTECTED] Sent: Saturday, 6 October 2007 10:05 p.m. To: [email protected] Subject: Re: eBay: Phishers getting better organised, using Linux On Sat, 06 Oct 2007 20:41:18 +1300 Maurice Butler <[EMAIL PROTECTED]> wrote: > EBAY: PHISHERS GETTING BETTER ORGANISED, USING LINUX > > http://s0.tx.co.nz/at/tep34n736205j130069i181588f2c285953a4t9s4z > > "The vast majority of the threats we saw were rootkitted Linux boxes, > which was rather startling. We expected Microsoft boxes," says CISO > This is, of course, b*ll*x. None of the linux boxes are rootkitted at all. The way that they work is to add a subdirectory to the existing url with their code. The usual way they get in - ftp logins aren't encrypted, so sniffing will work easily - and of course many people use ftp ( dreamweaver, etc ) to maintain their sites. The reason that linux is hit hardest: the equivalent hardware can support orders of magnitude more websites using linux/apache when compared to windows/iis - so of course they'll be using linux. It's the mom'n'pop websites that're being targeted by this kind of scam, and they just can't really be expected to be aware of this kind of attack. I wish our press actually knew what they were talking about at times ): Steve
