Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Linux webserver botnet discovered

  1. #1
    Join Date
    Jul 2007
    Location
    The Internet
    Beans
    Hidden!
    Distro
    Ubuntu

    Exclamation Linux webserver botnet discovered

    The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware.
    "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"
    http://linux.slashdot.org/story/09/0...ers-Discovered

    Source: http://blog.unmaskparasites.com/2009...e-web-servers/
    Last edited by dmizer; September 13th, 2009 at 02:49 PM. Reason: Edit to include source article.

  2. #2
    Join Date
    Oct 2007
    Location
    Cincinnati, Ohio
    Beans
    Hidden!
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: Linux webserver botnet discovered

    Well hopefully they can figure out a way to solve this.

    OS: Kubuntu 12.04 LTS|| CPU: AMD Athlon 64x2 || RAM: 3GB DDR2(PC-6400) || Display: NVIDIA GeForce 9400 GT 1024mb

  3. #3
    Join Date
    Jun 2005
    Beans
    6,115

    Re: Linux webserver botnet discovered

    Quote Originally Posted by Ms_Angel_D View Post
    Well hopefully they can figure out a way to solve this.
    Give them a few seconds
    HOME BUILT SYSTEM! http://brainstorm.ubuntu.com/idea/22804/ Please vote up!
    remember kiddies: sudo rm -rf= BAD!, if someone tells you to do this, please ignore them unless YOU WANT YOUR SYSTEM WIPED

  4. #4
    Join Date
    Oct 2007
    Location
    Cincinnati, Ohio
    Beans
    Hidden!
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: Linux webserver botnet discovered

    Quote Originally Posted by SunnyRabbiera View Post
    Give them a few seconds
    lol no doubt

    OS: Kubuntu 12.04 LTS|| CPU: AMD Athlon 64x2 || RAM: 3GB DDR2(PC-6400) || Display: NVIDIA GeForce 9400 GT 1024mb

  5. #5
    Join Date
    Sep 2007
    Beans
    Hidden!

    Re: Linux webserver botnet discovered

    This is fascinating. I hope they discover how these boogers were installed.

    I speculate it's social engineering.
    Jill has left these forums due to ongoing double-standards in rule enforcement.

  6. #6
    Join Date
    Oct 2008
    Beans
    108
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Linux webserver botnet discovered

    Another article I read on the topic suggests password sniffing, which to me hints at insecure admin practices such as using root passwords on plain-text protocols.

  7. #7
    Join Date
    Nov 2008
    Location
    Southern California, USA
    Beans
    131

    Re: Linux webserver botnet discovered

    wow, really surprising. so would a patch be released from apache?

  8. #8
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,480
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux webserver botnet discovered

    Ironically, it looks like the servers' SSH/web-based-administration passwords were sniffed by malware running on Windows machines, that the server admins were using to log in remotely. Then those machines were manually rooted.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  9. #9
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,480
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux webserver botnet discovered

    Quote Originally Posted by stwschool View Post
    Another article I read on the topic suggests password sniffing, which to me hints at insecure admin practices such as using root passwords on plain-text protocols.
    Or other such "insecure admin practices" as using a Windows machine to log into a Linux machine

    wow, really surprising. so would a patch be released from apache?
    So far there's nothing to suggest that Apache was the method of entry. If burglars gain entry to your home by throwing a brick through your window, then putting bigger locks on the doors will not prevent it happening again.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  10. #10
    Join Date
    Sep 2007
    Beans
    Hidden!

    Re: Linux webserver botnet discovered

    Quote Originally Posted by stwschool View Post
    Another article I read on the topic suggests password sniffing, which to me hints at insecure admin practices such as using root passwords on plain-text protocols.
    D'oh!
    Jill has left these forums due to ongoing double-standards in rule enforcement.

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •