LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2007, 04:28 AM   #1
andy.l
Member
 
Registered: Feb 2007
Location: Scandinavia
Distribution: Centos/Redhat
Posts: 97

Rep: Reputation: 15
Question Mpack threat, is Linux vulnerable?


Hi

I've read a lot in the media today about the new MPack malware, that also goes by the name "the iltalian job"

http://www.securityfocus.com/brief/529
http://www.symantec.com/enterprise/s...f_badness.html

But I find very little information about the targeted platforms. Now, my question is very simple, could this be exploited on Linux in genral, and OpenSuse 10.2 in special?

/A.
 
Old 06-20-2007, 04:56 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
no, it's a microsoft exploit. http://www.symantec.com/enterprise/s...052712-1531-99
 
Old 06-20-2007, 12:02 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Even though the actual ANI exploit is targetted at Win this doesn't mean a) the sources (the webservers being exploited for redirection) could well be GNU/Linux boxen that where exploited by holes in PHP apps (since that's still common enough, sadly). And b) it's only Win is security-wise (and commercially speaking from certain types of crackers POV) a way easier target compared to Lin.

Note I'm not trying to spread FUD here, just trying to balance things a bit. Because they get exploited today we shouldn't get smug and leave implementing precautionary measures to tomorrow.
 
Old 06-20-2007, 12:08 PM   #4
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: The Tropics
Distribution: Slackware & Derivatives
Posts: 2,472
Blog Entries: 1

Rep: Reputation: 128Reputation: 128
I have always wanted to be able to download a Windows virus and install it on my windows computer to see what happens, but I can never find a place to download them. It seems like you could use some of them for administrative purposes such as reformatting or shredding a drive.

<edit>I forgot you could download IE and Norton...;-)</edit>

Last edited by phantom_cyph; 06-20-2007 at 12:12 PM.
 
Old 06-21-2007, 02:00 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Just pointing out the SANS Mpack analysis at http://isc.sans.org/diary.html?storyid=3015: "The Italian hosts responsible for most of the domains seen in a recent MPack attack are using cPanel, a Web administration tool for clients. A zero-day cPanel attack took place in the fall of 2006 leading up to the large scale vector mark-up language (VML) attacks at that time.".
 
Old 06-21-2007, 02:45 PM   #6
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
Quote:
Originally Posted by acid_kewpie
I am not so sure. Here, bellow of page there are 4 links. Read MPack.pdf.
 
Old 06-24-2007, 03:11 AM   #7
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 878

Rep: Reputation: 309Reputation: 309Reputation: 309Reputation: 309
It's a M$ thing. Any server can host the IFRAME or other exploit (that's just markup in HTML, Javascript, etc.), but it's glass-jawed Windoze-only that gets whacked (again).

The lack of info as to what is effected by all MPack reports I've read is starting to make me think they left it out on purpose (eg, Hmmm... wonder if Linux is vulnerable too? Better check their article... [* increase appropriate website hit counter *] ).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 05:24 AM
Linux Vulnerable yenonn General 47 01-24-2006 07:19 PM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 07:55 PM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 06:44 AM
in what way is Linux less vulnerable than Windows? ryancw Linux - Newbie 18 10-10-2003 03:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration