Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 23 Apr 2018, 11:40
All times are UTC - 4

 Forum index » Off-Topic Area » Security
25,000 co-opted Linux servers spread spam, drop malware etc
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [4 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 12821
Location: Arizona USA
PostPosted: Fri 21 Mar 2014, 23:19    Post subject:  25,000 co-opted Linux servers spread spam, drop malware etc  
25,000 co-opted Linux servers spread spam, drop malware and steal credentials
Quote:
Security company ESET has released a new report, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. This report was a joint research effort by ESET, CERT-Bund, SNIC and CERN. The key phrase in the report title is “server-side.”

Over the past two years, ESET has chronicled 25,000 malware-infected servers that have been instrumental in:

    Spam operations (averaging 35 million spam messages per day)
    Infecting site visitors’ computers via drive-by exploits
    Redirecting visitors to malicious website


The report talks about two well-known organizations that became victims of Windigo: "This operation has been ongoing since 2011 and has affected high-profile servers and companies, including cPanel and Linux Foundation’s kernel.org." ...

Actually, the way I read this, the fact that the servers were Linux makes no difference. They could just as easily have been Windows-based servers. There was no exploit, only a bit of password cracking to gain root privileges, then install some Windows-attacking malware.
Back to top
View user's profile Send private message 
Ted Dog


Joined: 13 Sep 2005
Posts: 4013
Location: Heart of Texas
PostPosted: Fri 21 Mar 2014, 23:36    Post subject:  
Windango? I think we could easily figure out who lead the charge and put the fire trucks in the street looking for a burning cigarette butt. Very Happy Who has most to gain by trying to teardown linux.. Wind.... something I suppose.
Funny thing is I bet those roped into playing along was able to name the effort so that we would not have to put forth the effort to follow the money on the data and report gathering..
It is self refuting and easy to dismiss as a normal bad people do bad things with technology. Windows just makes it easier most of the time. Twisted Evil
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 6717
Location: Kentucky
PostPosted: Sat 22 Mar 2014, 01:27    Post subject:  
http://blog.eset.ie/2014/03/18/operation-windigo-malware-used-to-attack-over-500000-computers-daily-after-25000-unix-servers-hijacked-by-backdoor-trojan/


Quote:
“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,”


Quote:
“Instead it is manually installed by a malicious attacker. The fact that they have managed to do this on tens of thousands of different servers is chilling. While anti-virus and two factor authentication is common on the desktop, it is rarely used to protect servers, making them vulnerable to credential stealing and easy malware deployment.”
Back to top
View user's profile Send private message 
Ted Dog


Joined: 13 Sep 2005
Posts: 4013
Location: Heart of Texas
PostPosted: Sat 22 Mar 2014, 02:18    Post subject:  
manual installed.... What the attackers had physical access to machines... Sorry that is a physical security issue first and foremost... I once got a co worker stumped.. seems I was being blamed for leaking a high level password.. One I did not know for even needed to know... When questions I answered I do not need to know any passwords to work or get at files.. Passwords are like front door locks. No need for a key if you can easily know how to lift the entire house ten feet in the air off its foundations and walk around without walls getting I the way.. I have been in IT for 30 years before this non IT job. How do you expect your support IT person to udate and fix issues when someone forgets a password. To drive the point home I backed into the most secure server known in the business. While still facing them and my back to keyboard. Forced a shutdown and reboot procedure and walked out of the room as they watched the machine finish its tasks and reboot... Of course that was a mission critical machine I would love to have them try to explain what occured.. Wink
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [4 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.0482s ][ Queries: 11 (0.0046s) ][ GZIP on ]