LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Linux botnets possible? (https://www.linuxquestions.org/questions/linux-general-1/linux-botnets-possible-789935/)

drmjh 02-18-2010 08:47 AM
Linux botnets possible?
 
Hi,
I'm interested in knowing if there are any certified 'infections' of linux distros into a 'botnet'.
Anybody want to venture on just how vulnerable or resistant linux is?
Thanks in advance for your input.
Matthew

MS3FGX 02-18-2010 08:55 AM
It is of course possible, but very unlikely.

My understanding is that all discovered Linux botnets were broken into manually; meaning somebody actually sat there, guessed/cracked the password, and installed their software. There is no automated worm what scans for Linux servers and is able to automatically break in and join them to the botnet, like there are for Windows; and more importantly, don't use a flaw or exploit to gain access, but rely on the server being misconfigured.

This means that the skill required to create and manage a Linux botnet is much higher than a Windows one, and as such they are very uncommon.

David1357 02-18-2010 10:34 AM
Quote:
Originally Posted by MS3FGX (Post 3868149)
There is no automated worm what scans for Linux servers and is able to automatically break in and join them to the botnet, like there are for Windows; and more importantly, don't use a flaw or exploit to gain access, but rely on the server being misconfigured.
I read an article about the Lion Worm yesterday that seems to contradict you on all points.

Admittedly, patches for this worm were released soon after its discovery. However, the lesson to be learned is that even a Linux machine can have a zero-day vulnerability waiting to be exploited.

camphor 02-18-2010 11:36 AM
In theory, yes.
In practice, no.

The same can be said about any type of malware and a GNU/Linux system. This article's a pretty good resource on the subject.

drmjh 02-18-2010 02:39 PM
Thanks everybody!

Excellent article provided by Camphor answers my question in more detail than I imagined.

Matthew

MS3FGX 02-18-2010 06:38 PM
Quote:
Originally Posted by David1357 (Post 3868273)
I read an article about the Lion Worm yesterday that seems to contradict you on all points.
You do realize that was nearly a decade ago...right?

Plus this only effected servers running the exploitable version of BIND, and not the core OS itself (as many Windows exploits do).

managedfx 02-18-2010 09:09 PM
linux infections not a problem
 
I think there is really nothing you have to worry about! Though they can be infected, it is rather rare.

David1357 02-19-2010 09:04 AM
Quote:
Originally Posted by MS3FGX (Post 3868782)
You do realize that was nearly a decade ago...right?
I am well aware of the time frame.

Quote:
Originally Posted by MS3FGX (Post 3868782)
Plus this only effected servers running the exploitable version of BIND, and not the core OS itself (as many Windows exploits do).
I understand how the exploit worked. I also understand that programmers continue to make similar mistakes. As long as people continue to write new code, there will be zero day vulnerabilities, even on Linux. To believe otherwise is magical thinking.

MS3FGX 02-19-2010 02:32 PM
Nobody in this topic has claimed otherwise, so I am not sure what your point is.


All times are GMT -5. The time now is 03:54 PM.