LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-18-2010, 08:47 AM   #1
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu
Posts: 308

Rep: Reputation: 31
Question Linux botnets possible?


Hi,
I'm interested in knowing if there are any certified 'infections' of linux distros into a 'botnet'.
Anybody want to venture on just how vulnerable or resistant linux is?
Thanks in advance for your input.
Matthew
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 02-18-2010, 08:55 AM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
It is of course possible, but very unlikely.

My understanding is that all discovered Linux botnets were broken into manually; meaning somebody actually sat there, guessed/cracked the password, and installed their software. There is no automated worm what scans for Linux servers and is able to automatically break in and join them to the botnet, like there are for Windows; and more importantly, don't use a flaw or exploit to gain access, but rely on the server being misconfigured.

This means that the skill required to create and manage a Linux botnet is much higher than a Windows one, and as such they are very uncommon.
 
Old 02-18-2010, 10:34 AM   #3
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,302
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by MS3FGX View Post
There is no automated worm what scans for Linux servers and is able to automatically break in and join them to the botnet, like there are for Windows; and more importantly, don't use a flaw or exploit to gain access, but rely on the server being misconfigured.
I read an article about the Lion Worm yesterday that seems to contradict you on all points.

Admittedly, patches for this worm were released soon after its discovery. However, the lesson to be learned is that even a Linux machine can have a zero-day vulnerability waiting to be exploited.
 
Old 02-18-2010, 11:36 AM   #4
camphor
Member
 
Registered: Jan 2009
Location: USA
Distribution: Fedora 14 / Slackware 13.1
Posts: 85

Rep: Reputation: 20
In theory, yes.
In practice, no.

The same can be said about any type of malware and a GNU/Linux system. This article's a pretty good resource on the subject.
 
2 members found this post helpful.
Old 02-18-2010, 02:39 PM   #5
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu
Posts: 308

Original Poster
Rep: Reputation: 31
Thumbs up

Thanks everybody!

Excellent article provided by Camphor answers my question in more detail than I imagined.

Matthew
 
Old 02-18-2010, 06:38 PM   #6
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Quote:
Originally Posted by David1357 View Post
I read an article about the Lion Worm yesterday that seems to contradict you on all points.
You do realize that was nearly a decade ago...right?

Plus this only effected servers running the exploitable version of BIND, and not the core OS itself (as many Windows exploits do).
 
Old 02-18-2010, 09:09 PM   #7
managedfx
LQ Newbie
 
Registered: Feb 2010
Location: newport beach
Posts: 4

Rep: Reputation: 0
Smile linux infections not a problem

I think there is really nothing you have to worry about! Though they can be infected, it is rather rare.
 
Old 02-19-2010, 09:04 AM   #8
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,302
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by MS3FGX View Post
You do realize that was nearly a decade ago...right?
I am well aware of the time frame.

Quote:
Originally Posted by MS3FGX View Post
Plus this only effected servers running the exploitable version of BIND, and not the core OS itself (as many Windows exploits do).
I understand how the exploit worked. I also understand that programmers continue to make similar mistakes. As long as people continue to write new code, there will be zero day vulnerabilities, even on Linux. To believe otherwise is magical thinking.

Last edited by David1357; 02-19-2010 at 09:05 AM. Reason: Added note about magical thinking
 
Old 02-19-2010, 02:32 PM   #9
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Nobody in this topic has claimed otherwise, so I am not sure what your point is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux Training Tips - Boot Linux from a Linux Installation CD or a Linux Live CD to L beibei Linux - General 1 10-29-2009 04:25 AM
LXer: Most spam comes from just six botnets LXer Syndicated Linux News 0 03-02-2008 07:40 AM
LXer: Battle of the botnets LXer Syndicated Linux News 0 05-13-2007 10:16 AM
xmlrpc.php - webmaster strategies for battling botnets v00d00101 Linux - Security 15 02-07-2007 01:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration