Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-20-2007, 04:28 AM
|
#1
|
Member
Registered: Feb 2007
Location: Scandinavia
Distribution: Centos/Redhat
Posts: 97
Rep:
|
Mpack threat, is Linux vulnerable?
Hi
I've read a lot in the media today about the new MPack malware, that also goes by the name "the iltalian job"
http://www.securityfocus.com/brief/529
http://www.symantec.com/enterprise/s...f_badness.html
But I find very little information about the targeted platforms. Now, my question is very simple, could this be exploited on Linux in genral, and OpenSuse 10.2 in special?
/A.
|
|
|
06-20-2007, 04:56 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
|
|
|
06-20-2007, 12:02 PM
|
#3
|
Moderator
Registered: May 2001
Posts: 29,415
|
Even though the actual ANI exploit is targetted at Win this doesn't mean a) the sources (the webservers being exploited for redirection) could well be GNU/Linux boxen that where exploited by holes in PHP apps (since that's still common enough, sadly). And b) it's only Win is security-wise (and commercially speaking from certain types of crackers POV) a way easier target compared to Lin.
Note I'm not trying to spread FUD here, just trying to balance things a bit. Because they get exploited today we shouldn't get smug and leave implementing precautionary measures to tomorrow.
|
|
|
06-20-2007, 12:08 PM
|
#4
|
Senior Member
Registered: Feb 2007
Location: The Tropics
Distribution: Slackware & Derivatives
Posts: 2,472
Rep:
|
I have always wanted to be able to download a Windows virus and install it on my windows computer to see what happens, but I can never find a place to download them. It seems like you could use some of them for administrative purposes such as reformatting or shredding a drive.
<edit>I forgot you could download IE and Norton...;-)</edit>
Last edited by phantom_cyph; 06-20-2007 at 12:12 PM.
|
|
|
06-21-2007, 02:00 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
Just pointing out the SANS Mpack analysis at http://isc.sans.org/diary.html?storyid=3015: "The Italian hosts responsible for most of the domains seen in a recent MPack attack are using cPanel, a Web administration tool for clients. A zero-day cPanel attack took place in the fall of 2006 leading up to the large scale vector mark-up language (VML) attacks at that time.".
|
|
|
06-21-2007, 02:45 PM
|
#6
|
Member
Registered: Jan 2007
Distribution: Slackware
Posts: 341
Rep:
|
Quote:
Originally Posted by acid_kewpie
|
I am not so sure. Here, bellow of page there are 4 links. Read MPack.pdf.
|
|
|
06-24-2007, 03:11 AM
|
#7
|
Member
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 878
|
It's a M$ thing. Any server can host the IFRAME or other exploit (that's just markup in HTML, Javascript, etc.), but it's glass-jawed Windoze-only that gets whacked (again).
The lack of info as to what is effected by all MPack reports I've read is starting to make me think they left it out on purpose (eg, Hmmm... wonder if Linux is vulnerable too? Better check their article... [* increase appropriate website hit counter *] ).
|
|
|
All times are GMT -5. The time now is 02:48 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|