LinuxQuestions.org - LXer: “Operation Windigo” Attack Infects 10,000 Unix Servers, Millions of PCs at Risk

- Syndicated Linux News (https://www.linuxquestions.org/questions/syndicated-linux-news-67/)

- - LXer: “Operation Windigo” Attack Infects 10,000 Unix Servers, Millions of PCs at Risk (https://www.linuxquestions.org/questions/syndicated-linux-news-67/lxer-%93operation-windigo%94-attack-infects-10-000-unix-servers-millions-of-pcs-at-risk-4175498742/)

LXer: “Operation Windigo” Attack Infects 10,000 Unix Servers, Millions of PCs at Risk

Published at LXer:

The Linux servers occupy the largest share of this market, which means that they are the most prone to attacks from hackers and other malevolent cyber-criminals. ESET researchers and a few other agencies have shown that Unix servers have been used to spread malware and send spam emails.

Read More...

Just out of curiosity, how did the patched ssh libraries get on the affected systems in the first place?

Regards,
Stefan

Quote:

Originally Posted by propofol (Post 5137617)

Just out of curiosity, how did the patched ssh libraries get on the affected systems in the first place?

Regards,
Stefan

Quote:

"The Windigo campaign doesn't rely on technical vulnerabilities to take hold of servers, Eset said. Instead, it uses stolen credentials."

This dumb bikers interpretation of "stolen credentials".

If I find you in the alley and beat your a@@ to a pulp to get you to give me your root password. Then I can Pown you.

Quote:

“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,” continued Léveillé. “Instead it is manually installed by a malicious attacker.

Quote:

Originally Posted by rokytnji (Post 5137632)

Instead it is manually installed by a malicious attacker.

Very interesting. I take it this means the malicious code was installed as a Trojan with social engineering or the attacker had physical access to the servers.

Regards,
Stefan