Well this is one of those things ain't it - if you leave the keys in the ignition, you're lucky if your car just goes for a joyride.
But I see this bit:
Quote:
said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium
|
... in there, along with,
Quote:
the company is not releasing the results of this analysis
|
... or, indeed, the data or
anything much. Sound familiar?
Anyway, the "increased sophistication" and "professionalism" in the attackers is demonstrated by the fact they've "cut down on mangled grammar". Huh? Writing only partially illiterate e-mails counts as "professionalism" these days does it?
The claim is that rootkitted linux boxes are favorite for bot-nets due to linux being better at networks I guess. Sometimes your superiority just works against you.
Detecting rootkits on gnu/linux:
http://linuxhelp.blogspot.com/2006/1...otkits-in.html
Here's
another article, same subject, see the
comments.
Quote:
More interesting is that most of the compromised machines were not Windows machines. "The vast majority of [the phishing sites] we saw were on rootkit-ed Linux boxes
|
... wait: the phishing
sites were running on linux boxes - that's not the same thing as a "compromised machine" now is it?
I think I want to
see this "study"... if it hasn't been released to peer-review, then it's all FUD.
A more qualified quote from ElReg:
Quote:
"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
|
Soooo... the botnets are compromised windows boxes, the phishing sites are on linux web-servers?
... from the comments:
Quote:
If you look at the actual statistics it's clear that most phishing websites do run from very cheap Linux virtual machines which have been compromised.. the statistics are very interesting. most "low importance" web servers will be running Linux due to the ease of acquisition of a Linux virtual machine. Most "high importance" web servers will be running windows (just the way it is, they may still be running Apache though) but if you look at the number of THESE servers that get cracked then the ones that do are ALL running windows!
|