View Full Version : The C&C infrastructure of the Flame malware ran on Ubuntu

Dry Lips
June 4th, 2012, 08:08 PM
"The unknown authors of Flame shut down the sprawling command-and-control (C&C) infrastructure immediately after last Monday's disclosure (http://arstechnica.com/security/2012/05/spy-malware-infecting-iranian-networks-is-engineering-marvel-to-behold/) that the highly sophisticated malware had remained undetected for at least two years on computers belonging to government-run organizations, private companies, and others."
"Over the past four years, the Flame C&C infrastructure relied on at least 22 separate IP addresses. Servers that ran the channels appeared to be running the Ubuntu Linux distribution. "

Source: http://arstechnica.com/security/2012/06/flame-espionage-malware-used-huge-network-to-steal-blueprints/

Now, are we supposed to be proud or disturbed about the fact that the creators of this virus favours Ubuntu over distros like CentOS or Red Hat? ;)

(Of course it could have been any distro on those servers.)

P.S Don't worry! This isn't about Flame "infecting" Ubuntu machines. What were talking about here is that those who made this virus used a network of Ubuntu servers in order to handle the data that the virus stole from the infected machines.

June 4th, 2012, 08:29 PM
Well, of course it was run from Linux boxes. They didn't want to run the risk of infecting their own computers.

June 4th, 2012, 08:54 PM
Given that the global Internet is, overwhelmingly, UNIX served and driven and that Ubuntu is one of the most widely available GNU/Linux distros then this is no surprise at all. A dozen years ago if you'd scratched a cracker any where in the world you'd have found him working off a redhat box. C'est la vie, innit?


June 4th, 2012, 09:00 PM
Nothing at all to be proud of