I didn't try to worm-out of it, I was just correcting the article's
mistake in saying that the webserver that was installed was mallware.
It was just the means of putting the malware on the net.
When I said they rooted the box, I was referring to gaining access to
the root account, analogous to the admin account on windows, which is
usually done through an escalation of privileges that is brought
around by a buffer overflow or some other vulnerability in a piece of
software that is running on the machine. My apologies for not
clarifying that in the original message.
It would be like someone doing the reboot to safe-mode admin account
workaround on XP home edition, creating a new administrator account,
logging into that account, and then enabling remote desktop and
sharing a folder on your computer that was filled with malware. In
that case, there was no root kit installed, no malware installed, and
yet there still was a security breach.
It's not technically a virus, or malware that got them in, it was a
clever exploitation of a vulnerability, that may or may not have been
there because of a lack of upkeep and maintenance.
I agree, every system is vulnerable in some way, some systems are just
more hardened than others, and Linux/Unix/Mac are currently more
secure, on average, than windows.(at least XP through 3.1, vista made
some small leaps with UAC, and I can't speak for windows 7)
But again, in the end, it comes down to the user/sysadmin keeping the
system up to date and patched.
For the record I am a Linux user, and therefore am slightly biased,
but I try to keep my opinions out of matters and deal with the facts.
I hope nothing I've said comes across as arrogant or leaves the wrong
impression.
On 9/14/09, Loren Faeth <lfa...@leadingchange.com> wrote:
> My point exactly. Every OS is vulnerable in some way. (Many ways)
> You tried to worm out by saying the malware was "not a virus." THen
> you went on to say they probably installed a rootkit. It is
> malware, and malware is malware, whether some piece of it is "legit"
> or not. Linux is vulnerable to malware. Those who claim otherwise
> are fools. Whether the malware is technically a "virus" or not is
> immaterial.
>
>
>
>
> At 04:49 AM 9/14/2009, you wrote:
>>The "infected" machines/vm's were probably behind on software updates.
>>Linux still has that fatal flaw called the user, if the user doesn't
>>update when a bug is found and patched, then the system stays
>>vulnerable.
>>
>>In all, what probably happened was a service on the servers was
>>vulnerable in some way, the attacker rooted the box, and then
>>installed nginx(which is not a virus, it's a legit web server) on a
>>non-standard port, and Bob's your uncle, you got a place to serve
>>whatever ya want.
>>
>>Just my 2 cents.
>>
>>On Mon, Sep 14, 2009 at 12:01 AM, Loren Faeth
>><lfa...@leadingchange.com> wrote:
>> >
>> >
>> >
>> >
>> >
>> > Uh, Wonko, what was that about no virus on linux. We all know
it is
>> > invincible because it is open source...
>> >
>> > RIGHT! WHO IS THIS REALLY? (Noah)
>> >
>> >
>> > At 03:23 PM 9/12/2009, you wrote:
>> >>
>> >> Attack of the open source zombies
>> >> ...........................................
>> >> A security researcher has discovered a cluster of infected Linux
>> >> servers
>> >> that have been corralled into a special ops botnet of sorts and
used to
>> >> distribute malware to unwitting people browsing the web.
>> >> Each of the infected machines examined so far is a dedicated or
virtual
>> >> dedicated server running a legitimate website, Denis Sinegubko, an
>> >> independent researcher based in Magnitogorsk, Russia, told The
>> Register. But
>> >> in addition to running an Apache webserver to dish up benign
content,
>> >> they've also been hacked to run a second webserver known as nginx,
>> >> which
>> >> serves malware.
>> >>
>> >> "What we see here is a long awaited botnet of zombie web
servers! A
>> >> group
>> >> of interconnected infected web servers with [a] common control
center
>> >> involved in malware distribution," Sinegubko wrote here. "To make
>> >> things
>> >> more complex, this botnet of web servers is connected with the
botnet
>> >> of
>> >> infected home computer(s)."
>> >> The finding highlights the continuing evolution of bot herders
as they
>> >> look for new ways to issue commands to the hundreds of thousands
>> of infected
>> >> zombies under their control. It came the same day anti-virus
provider
>> >> Symantec reported "Google Groups" was being used as a master
>> control channel
>> >> for a recently discovered trojan. Four weeks ago, a researcher
from
>> >> Arbor
>> >> Networks made a similar discovery when he found several "Twitter"
>> >> profiles
>> >> being used to run a botnet.....snip
>> >>
http://www.theregister.co.uk/2009/09/12/linux_zombies_push_malware/
>> >>
>> >> _______________________________________
>> >> http://www.okiebenz.com
>> >> For new and used parts go to www.okiebenz.com
>> >> To search list archives http://www.okiebenz.com/archive/
>> >>
>> >> To Unsubscribe or change delivery options go to:
>> >> http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
>> >
>> > Loren Faeth
>> >
>> > _______________________________________
>> > http://www.okiebenz.com
>> > For new and used parts go to www.okiebenz.com
>> > To search list archives http://www.okiebenz.com/archive/
>> >
>> > To Unsubscribe or change delivery options go to:
>> > http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
>> >
>>
>>_______________________________________
>>http://www.okiebenz.com
>>For new and used parts go to www.okiebenz.com
>>To search list archives http://www.okiebenz.com/archive/
>>
>>To Unsubscribe or change delivery options go to:
>>http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
>
> Loren Faeth
>
>
> _______________________________________
> http://www.okiebenz.com
> For new and used parts go to www.okiebenz.com
> To search list archives http://www.okiebenz.com/archive/
>
> To Unsubscribe or change delivery options go to:
> http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
>
_______________________________________
http://www.okiebenz.com
For new and used parts go to www.okiebenz.com
To search list archives http://www.okiebenz.com/archive/
To Unsubscribe or change delivery options go to:
http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
