I was reading this today about ebay phishing using compromise Linux systems.

The article seems to try to take a hit on linux at the end by trying not to get noticed. Our systems are priced in the underground internet :)

http://www.pcworld.com/article/id,138043-c,spam/article.html

What do you all think?

Not so bad:

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

They try to say linux gets hacked, but the quote still says linux is used because it is reliable, and flexible, and it usually is a controlling node rather than a lowly bot. Nice to see that when linux is a zombie, it is a head zombie rather than a lowly peon.

article is FUD, the facts say linux is great and they twist it to make it look like linux has security flaws. Waste of time reading it, pcw is bias ALWAYS

article is FUD, the facts say linux is great and they twist it to make it look like linux has security flaws. Waste of time reading it, pcw is bias ALWAYS

I had the same impression

Not so bad:

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

They try to say linux gets hacked, but the quote still says linux is used because it is reliable, and flexible, and it usually is a controlling node rather than a lowly bot. Nice to see that when linux is a zombie, it is a head zombie rather than a lowly peon.
:lolflag: That actually does sound kind of nice, in mindless sort of way.
Yeah i don't think this is that bad.

Nice to see that when linux is a zombie, it is a head zombie rather than a lowly peon.

lol!

Actually the article is accurate. There are a lot of compromised Linux boxes. The problem is that there are many security issues in the software that people don't bother to update to the secure versions.

The second problem is that when a server or pc is exposed to the internet an insecure SSH password leaves it wide open for attack.

Servers that are not secured properly by inexperienced admins is also a problem.

It's nice for PC World to state what we all know already: That Linux is superior in whichever sector it is used in.:)

Not so bad:

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

They try to say linux gets hacked, but the quote still says linux is used because it is reliable, and flexible, and it usually is a controlling node rather than a lowly bot. Nice to see that when linux is a zombie, it is a head zombie rather than a lowly peon.

So it really just says "the hackers are using Linux to control compromised Windows machines." This is kind of like how my cousin said, "the problem with computers is that the people who know how to use them never use Windows." People who are really good with computers get sick of putting up with Windows and switch to Mac, Linux, or BSD. That leaves the people who don't know how to protect a computer running Windows and having every person who does know about computers looking at them going, "I don't know....I don't do Windows."

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9040838&intsrc=hm_list



did not know linux was a target for this

Neither did I. Still, security is as strong as the user makes it. If the firewall is open/non-existent, then malicious hackers/phishers will find a way in!

So it really just says "the hackers are using Linux to control compromised Windows machines."


And using compromised Linux boxes to host phony websites.

speaking at a Microsoft-sponsored security symposium

I laughed.

speaking at a Microsoft-sponsored security symposium
And I stopped reading right there.

speaking at a Microsoft-sponsored security symposium

I laughed.
+1

TBH, I didn't notice that bit. But what I said above still follows. Just because it is Linux doesn't mean it can't be hacked. It can.

Actually the article is accurate. There are a lot of compromised Linux boxes. The problem is that there are many security issues in the software that people don't bother to update to the secure versions.

The second problem is that when a server or pc is exposed to the internet an insecure SSH password leaves it wide open for attack.

Servers that are not secured properly by inexperienced admins is also a problem.

Any admin that sets up an SSH box without a Public/Private Keypair shout be taken out and shot! The same goes for anyone running SSH1.

TBH, I didn't notice that bit. But what I said above still follows. Just because it is Linux doesn't mean it can't be hacked. It can.

Very true. Anything can be hacked.

Also from Computerworld:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001435

Consider the source.

I read this earlier, but stopped when I noticed it was MS FUD.

Now I read it again, and noticed this:


Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine

Seems the Linux bos needs to be both unpatched and misconfigured.
to be vulnerable :)

Also this one is quite interesting:

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

Since phishing is done from servers, it's only natural that Linux is used, since Linux is the current superior server platform. But the phishing software is placed there on purpose, by persons with access to install it.
So this does not describe a security flaw in Linux, but rather that Linux is the preffered platform for those that attack other systems.

Despite all this being MS propaganda, it is evident that Linux is the more secure platform compared to Windows. As we all already know.
Microsoft tries to make it look like Windows is vulnerable, because it is attacked by evil Linux systems.
Just the kind of mumbo jumbo one can expect from MS.

It's nice for PC World to state what we all know already: That Linux is superior in whichever sector it is used in.:)

Of course! Any time I want to play any game I choose I can just pop the disc in the drive and...

Oh wait.

I read this earlier, but stopped when I noticed it was MS FUD.

Now I read it again, and noticed this:



Seems the Linux bos needs to be both unpatched and misconfigured.
to be vulnerable :)

Also this one is quite interesting:


Since phishing is done from servers, it's only natural that Linux is used, since Linux is the current superior server platform. But the phishing software is placed there on purpose, by persons with access to install it.
So this does not describe a security flaw in Linux, but rather that Linux is the preffered platform for those that attack other systems.

Despite all this being MS propaganda, it is evident that Linux is the more secure platform compared to Windows. As we all already know.
Microsoft tries to make it look like Windows is vulnerable, because it is attacked by evil Linux systems.
Just the kind of mumbo jumbo one can expect from MS.

You know, the article has a point, and just belittling the messenger does us a disservice.

I worry about Linux users becoming complacent with their security.

The fact is, yes, a stock Linux box is safer than a Windows box, but that does not mean that the owner/admin can go to bed at night thinking they don't have work to do on the security front simply because they are using Linux.

I was over on the PC-BSD forums the other day, and there was someone that posted some bogus thing that 5/8 Ubuntu servers have been compromised...I think they were talking about the repo servers issue a while back, but that just illustrates to my mind that all sorts of damage can be done by not listening to your critics and allowing ourselves to be less vigilant with our systems.

Just because Symatec was talking at a Microsoft event does not mean that we should automatically discredit the comment. Linux servers can, have been, and will be hacked: there are smart people out there running these phishing schemes and there is a lot of money, data, and reputations at stake.

I read this earlier, but stopped when I noticed it was MS FUD.

Try Ebay. All Microsoft did was sponsor a speech.


Seems the Linux bos needs to be both unpatched and misconfigured.
to be vulnerable :)

That's one way. Of course people might not be aware of a flaw and it doesn't get fixed.


Since phishing is done from servers, it's only natural that Linux is used, since Linux is the current superior server platform. But the phishing software is placed there on purpose, by persons with access to install it.
So this does not describe a security flaw in Linux, but rather that Linux is the preffered platform for those that attack other systems.


Since Ebay hasn't released it's data, we don't know. It could very well be a security flaw. For all we know it could be a handful of compromised Linux boxes running hundreds of webpages.

No Linux flaw was revealed.
No successful lbot attack on any Linux system was revealed.

I'm saying that the whole article is bogus, unless they offer more specific info.
A lot of "theoretically" - "maybe" and "if", doesn't change that.

Microsoft is not a credible source, and they are known to lie and to pay others to lie for them...

No Linux flaw was revealed.
No successful lbot attack on any Linux system was revealed.

Who said it had to be a flaw in Linux? Could be lazy/incompetent admins. Could be one Linux cluster that was rootkit-ed, someone had a really asy user password to crack, or *gasp*, vulnerabilities in phpbb or something similar.


I'm saying that the whole article is bogus, unless they offer more specific info.
A lot of "theoretically" - "maybe" and "if", doesn't change that.

That seems silly.


Microsoft is not a credible source, and they are known to lie and to pay others to lie for them...

Your right. Ebay made it all up. No hacker has ever compromised a Linux machine.

Who said it had to be a flaw in Linux? Could be lazy/incompetent admins. Could be one Linux cluster that was rootkit-ed, someone had a really asy user password to crack, or *gasp*, vulnerabilities in phpbb or something similar.

could if maybe....


That seems silly.
From previous experience, I don't think so.


Your right. Ebay made it all up. No hacker has ever compromised a Linux machine.
I don't think they made it all up, rather that they twist the facts, for their own purposes.

I doubt they even try to compromise Linux systems, the return must be dismal. Scanning an address range, 1% are Linux computers your vulnerabilities have to match an unpatched system with specific software installed and possibly even distro specific.

Nope they just hunt down 95/98/ME/XP. Of which the return is immense, port scanning for trojans shows you the magnitude of vulnerable Windows systems out there.

I doubt they even try to compromise Linux systems, the return must be dismal. Scanning an address range, 1% are Linux computers your vulnerabilities have to match an unpatched system with specific software installed and possibly even distro specific.

Nope they just hunt down 95/98/ME/XP. Of which the return is immense, port scanning for trojans shows you the magnitude of vulnerable Windows systems out there.

Not true I have seen many compromised Linux servers. If you not vigilant in keeping them patched they will exploit known vulnerabilities

Not true I have seen many compromised Linux servers. If you not vigilant in keeping them patched they will exploit known vulnerabilities

And the moral of the story is, keep your Linux-box updated and nothing should happen.

rootkitted Linux boxes (http://computerworld.co.nz/news.nsf/scrt/CD0B9D97EE6FE411CC25736A000E4723)

eBay: Phishers getting better organized, using Linux
"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," says CISO


By Robert McMillan San Francisco | Thursday, 4 October, 2007

When it comes to launching online attacks, criminals are getting more organized and branching out from the Windows operating system, says eBay's security chief.

eBay recently did an in-depth analysis of its threat situation, and while the company is not releasing the results of this analysis, it did uncover a huge number of hacked, botnet computers, said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium at Santa Clara University.

Cullinane, who one year ago downplayed the role of organized crime in phishing ("It's not the Sopranos," he said), believes that online attackers are indeed becoming more sophisticated, with malware developers now being funded to develop new and improved attacks.

In the past year, Cullinane has seen better organization by eBay fraudsters. Criminals are being paid to develop better types of attacks, and the attacks are getting harder to detect, he added. "The phishing emails I see are extremely sophisticated," he said.

Apparently, this growing professionalism has even cut down on mangled grammar. "The language they're using is very good." Cullinane said.

Last week eBay said data on 1,200 eBay members had probably been stolen via an phishing scam. The members' data was posted to the company's Trust & Safety discussion forum.

Cullinane's experience with phishing goes back to his previous employer, Washington Mutual, which has been one of the top phishing targets in the US.

While there, he noticed an unusual trend when taking down phishing sites.

"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.

Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.

Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.

Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake websites, hoping to lure victims into disclosing their passwords.

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, said Iftach Amit, director of security research with Finjan's malicious code research centre.

Capabilities like this make Linux machines highly coveted by online attackers, and they fetch a premium in the underground marketplace for compromised machines, Amit said.

You are a couple of days and 29 posts late

http://ubuntuforums.org/showthread.php?t=567050&page=3

Threads merged.

I doubt they even try to compromise Linux systems, the return must be dismal. Scanning an address range, 1% are Linux computers your vulnerabilities have to match an unpatched system with specific software installed and possibly even distro specific.

Nope they just hunt down 95/98/ME/XP. Of which the return is immense, port scanning for trojans shows you the magnitude of vulnerable Windows systems out there.

as was stated, linux servers have been compromised in the past and will continue to be in the future. nothing's secure unless it's unplugged, packed in a box, and shoved in a corner.

This may be slightly off-topic, but does anyone have any idea how reliable and accurate chkrootkit and rkhunter are? Also, are they seemingly aware of and prepared for all the known linux rootkits out in the wild?

If not, does anyone know of any better or more reliable rootkit detection software available for Ubuntu?