newbie2
February 16th, 2008, 04:12 AM
13 February 2008 11:43 GMT
Botnets, a free tool and 6 years of Linux/Rst-B
I have mentioned before that we regularly see Linux malware infected with an old Linux virus, Linux/Rst-B.
It is 6 years to the day when we first saw Linux/Rst-B and despite reputable anti-virus solutions having being able to detect it since then, we keep seeing it appear on our honeypots. In fact, over the last 3 months roughly 70% of malware downloaded by hackers to one of our honeypots was infected with Linux/Rst-B.
Linux computers are very valuable to hackers. A bot army, similar to real armies, needs a general (controller) and infantry (zombies). Linux boxes are often used as servers, which means they have a high up-time - essential for a central control point. A Windows computer, on the other hand, is found at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal for infantry, or zombies.
http://www.sophos.com/security/blog/2008/02/1062.html
:rolleyes:
Botnets, a free tool and 6 years of Linux/Rst-B
I have mentioned before that we regularly see Linux malware infected with an old Linux virus, Linux/Rst-B.
It is 6 years to the day when we first saw Linux/Rst-B and despite reputable anti-virus solutions having being able to detect it since then, we keep seeing it appear on our honeypots. In fact, over the last 3 months roughly 70% of malware downloaded by hackers to one of our honeypots was infected with Linux/Rst-B.
Linux computers are very valuable to hackers. A bot army, similar to real armies, needs a general (controller) and infantry (zombies). Linux boxes are often used as servers, which means they have a high up-time - essential for a central control point. A Windows computer, on the other hand, is found at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal for infantry, or zombies.
http://www.sophos.com/security/blog/2008/02/1062.html
:rolleyes: