LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices


Reply
  Search this Thread
Old 03-19-2014, 10:30 AM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 127,984

Rep: Reputation: 118Reputation: 118
LXer: “Operation Windigo” Attack Infects 10,000 Unix Servers, Millions of PCs at Risk


Published at LXer:

The Linux servers occupy the largest share of this market, which means that they are the most prone to attacks from hackers and other malevolent cyber-criminals. ESET researchers and a few other agencies have shown that Unix servers have been used to spread malware and send spam emails.

Read More...
 
Old 03-19-2014, 03:02 PM   #2
propofol
Member
 
Registered: Nov 2007
Location: Seattle
Distribution: Debian Wheezy & Jessie; Ubuntu
Posts: 334

Rep: Reputation: 60
Just out of curiosity, how did the patched ssh libraries get on the affected systems in the first place?

Regards,
Stefan
 
Old 03-19-2014, 03:24 PM   #3
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,063
Blog Entries: 21

Rep: Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470Reputation: 3470
Quote:
Originally Posted by propofol View Post
Just out of curiosity, how did the patched ssh libraries get on the affected systems in the first place?

Regards,
Stefan
Quote:
"The Windigo campaign doesn't rely on technical vulnerabilities to take hold of servers, Eset said. Instead, it uses stolen credentials."
This dumb bikers interpretation of "stolen credentials".

If I find you in the alley and beat your a@@ to a pulp to get you to give me your root password. Then I can Pown you.

Quote:
“The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,” continued Léveillé. “Instead it is manually installed by a malicious attacker.

Last edited by rokytnji; 03-19-2014 at 04:14 PM.
 
Old 03-21-2014, 03:03 PM   #4
propofol
Member
 
Registered: Nov 2007
Location: Seattle
Distribution: Debian Wheezy & Jessie; Ubuntu
Posts: 334

Rep: Reputation: 60
Quote:
Originally Posted by rokytnji View Post
Instead it is manually installed by a malicious attacker.
Very interesting. I take it this means the malicious code was installed as a Trojan with social engineering or the attacker had physical access to the servers.

Regards,
Stefan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Thousands of Linux servers hijacked by Operation Windigo metaschima Linux - Security 15 03-29-2014 04:25 PM
LXer: Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE LXer Syndicated Linux News 0 03-18-2014 07:11 PM
LXer: Bizarre attack infects Linksys routers with self-replicating malware LXer Syndicated Linux News 0 02-15-2014 11:31 AM
LXer: Rootkit infects Linux web servers LXer Syndicated Linux News 0 11-21-2012 12:51 PM
LXer: Windows worm infects millions LXer Syndicated Linux News 0 01-17-2009 10:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 10:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration