The time now is Mon 23 Apr 2018, 11:40
All times are UTC - 4 |
Author |
Message |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 12821 Location: Arizona USA
|
Posted: Fri 21 Mar 2014, 23:19 Post subject:
25,000 co-opted Linux servers spread spam, drop malware etc |
|
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
Quote: | Security company ESET has released a new report, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. This report was a joint research effort by ESET, CERT-Bund, SNIC and CERN. The key phrase in the report title is “server-side.”
Over the past two years, ESET has chronicled 25,000 malware-infected servers that have been instrumental in:
Spam operations (averaging 35 million spam messages per day)
Infecting site visitors’ computers via drive-by exploits
Redirecting visitors to malicious website
The report talks about two well-known organizations that became victims of Windigo: "This operation has been ongoing since 2011 and has affected high-profile servers and companies, including cPanel and Linux Foundation’s kernel.org." ... |
Actually, the way I read this, the fact that the servers were Linux makes no difference. They could just as easily have been Windows-based servers. There was no exploit, only a bit of password cracking to gain root privileges, then install some Windows-attacking malware.
|
Back to top
|
|
 |
Ted Dog

Joined: 13 Sep 2005 Posts: 4013 Location: Heart of Texas
|
Posted: Fri 21 Mar 2014, 23:36 Post subject:
|
|
Windango? I think we could easily figure out who lead the charge and put the fire trucks in the street looking for a burning cigarette butt. Who has most to gain by trying to teardown linux.. Wind.... something I suppose.
Funny thing is I bet those roped into playing along was able to name the effort so that we would not have to put forth the effort to follow the money on the data and report gathering..
It is self refuting and easy to dismiss as a normal bad people do bad things with technology. Windows just makes it easier most of the time.
|
Back to top
|
|
 |
James C

Joined: 26 Mar 2009 Posts: 6717 Location: Kentucky
|
Posted: Sat 22 Mar 2014, 01:27 Post subject:
|
|
http://blog.eset.ie/2014/03/18/operation-windigo-malware-used-to-attack-over-500000-computers-daily-after-25000-unix-servers-hijacked-by-backdoor-trojan/
Quote: | “The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,” |
Quote: | “Instead it is manually installed by a malicious attacker. The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment.” |
|
Back to top
|
|
 |
Ted Dog

Joined: 13 Sep 2005 Posts: 4013 Location: Heart of Texas
|
Posted: Sat 22 Mar 2014, 02:18 Post subject:
|
|
manual installed.... What the attackers had physical access to machines... Sorry that is a physical security issue first and foremost... I once got a co worker stumped.. seems I was being blamed for leaking a high level password.. One I did not know for even needed to know... When questions I answered I do not need to know any passwords to work or get at files.. Passwords are like front door locks. No need for a key if you can easily know how to lift the entire house ten feet in the air off its foundations and walk around without walls getting I the way.. I have been in IT for 30 years before this non IT job. How do you expect your support IT person to udate and fix issues when someone forgets a password. To drive the point home I backed into the most secure server known in the business. While still facing them and my back to keyboard. Forced a shutdown and reboot procedure and walked out of the room as they watched the machine finish its tasks and reboot... Of course that was a mission critical machine I would love to have them try to explain what occured..
|
Back to top
|
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|