LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   mayhem for *nix (https://www.linuxquestions.org/questions/linux-security-4/mayhem-for-%2Anix-4175511444/)

syg00 07-17-2014 07:25 PM

mayhem for *nix
 
Cute, very cute - read it and weep.

https://www.virusbtn.com/virusbullet...b201407-Mayhem

unSpawn 07-18-2014 12:52 AM

Quote:

Originally Posted by syg00 (Post 5205586)
read it and weep.

Not really, no.

Same story as always: know what you run, harden, audit regularly.

qlue 07-18-2014 04:17 PM

Well at least they call it "malware" and not a "virus."
I didn't understand more than ten percent of what's on that page but it doesn't seem to indicate a mode of propagation.

And to suggest that the lack of updating is specific to the *nix world is pure nonsense. I've never seen anything to suggest that Linux sys-admins are less likely to use auto-update features than Windows sys-admins.

PHP scripting seems like a pretty poor way to write malware. If you're going to write malware for Linux, wouldn't it make more sense to use Python which is installed by default in almost every distro? (I'm not really much of a programmer so maybe there's something I just don't understand here?)

aus9 07-19-2014 04:04 AM

unSpawn

Thanks for your advice

coralfang 07-19-2014 07:57 AM

Quote:

Originally Posted by qlue (Post 5206126)
PHP scripting seems like a pretty poor way to write malware. If you're going to write malware for Linux, wouldn't it make more sense to use Python which is installed by default in almost every distro? (I'm not really much of a programmer so maybe there's something I just don't understand here?)

I imagine it's down to the vast majority of website software using php, and it's convenient that most php software is public facing (wordpress, phpbb, etc). I may be wrong, but from what i gather it's looking for flaws in web software (php applications), again, convenient if the script is written in php also. Once the php script is uploaded/injected into another application, it will then try to elevate privileges by scanning for flaws in other software on the local machine (mostly local root exploits). That is the case with most malware scripts anyway.

There's more web software using php as the backend than there is python (generally). Of course, once you get a mallicious php script onto a linux box, as you say python is installed on almost all distros, it could easily contain payloads that are written in python.


All times are GMT -5. The time now is 10:05 AM.