LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-05-2007, 11:05 PM   #1
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 62
Phishers ... Using Linux


http://computerworld.co.nz/news.nsf/...25736A000E4723
Quote:
"The vast majority of the threats we saw were rootkitted Linux boxes, ... none of the Linux operators whose machines had been compromised were even aware they'd been infected.

Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, ... Capabilities like this make Linux machines highly coveted by online attackers, and they fetch a premium in the underground marketplace for compromised machines.
This could easily have been placed in the News forum, but I've had bad experiences there with posts waiting many hours (even days) to be validated by a mod. ... And, it is a security issue.

As more dumb newbies are attracted by the increased simplification of getting Linux installed, I think we can expect to see lots more of this sort of thing. Besides their propensity to want to run their systems as root, they're much more likely to be taken in by clever phishing schemes.

Here's an interesting related discussion from another forum.

Last edited by rickh; 10-05-2007 at 11:31 PM.
 
Old 10-06-2007, 12:00 AM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Well this is one of those things ain't it - if you leave the keys in the ignition, you're lucky if your car just goes for a joyride.

But I see this bit:
Quote:
said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium
... in there, along with,
Quote:
the company is not releasing the results of this analysis
... or, indeed, the data or anything much. Sound familiar?

Anyway, the "increased sophistication" and "professionalism" in the attackers is demonstrated by the fact they've "cut down on mangled grammar". Huh? Writing only partially illiterate e-mails counts as "professionalism" these days does it?

The claim is that rootkitted linux boxes are favorite for bot-nets due to linux being better at networks I guess. Sometimes your superiority just works against you.

Detecting rootkits on gnu/linux:
http://linuxhelp.blogspot.com/2006/1...otkits-in.html

Here's another article, same subject, see the comments.
Quote:
More interesting is that most of the compromised machines were not Windows machines. "The vast majority of [the phishing sites] we saw were on rootkit-ed Linux boxes
... wait: the phishing sites were running on linux boxes - that's not the same thing as a "compromised machine" now is it?

I think I want to see this "study"... if it hasn't been released to peer-review, then it's all FUD.

A more qualified quote from ElReg:
Quote:
"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
Soooo... the botnets are compromised windows boxes, the phishing sites are on linux web-servers?

... from the comments:
Quote:
If you look at the actual statistics it's clear that most phishing websites do run from very cheap Linux virtual machines which have been compromised.. the statistics are very interesting. most "low importance" web servers will be running Linux due to the ease of acquisition of a Linux virtual machine. Most "high importance" web servers will be running windows (just the way it is, they may still be running Apache though) but if you look at the number of THESE servers that get cracked then the ones that do are ALL running windows!

Last edited by Simon Bridge; 10-06-2007 at 12:15 AM.
 
Old 10-06-2007, 04:23 PM   #3
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware64 15; SlackwareARM-current (aarch64); Debian 12
Posts: 8,307
Blog Entries: 61

Rep: Reputation: Disabled
Quote:
Originally Posted by rickh View Post
As more dumb newbies are attracted by the increased simplification of getting Linux installed
It was the thin end of the wedge when they started teaching peasants how to read and write.
 
Old 10-06-2007, 04:49 PM   #4
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
It was the thin end of the wedge when they started teaching peasants how to read and write.
Peasants can read and write??? Darn - I'll have to use more encryption...
 
Old 10-07-2007, 07:58 AM   #5
bryantrv
Member
 
Registered: Jan 2005
Location: DeLand, Florida US
Distribution: Debian Etch
Posts: 91

Rep: Reputation: 15
Though I have not read all of the links, I would be very surprised if very many phishing sites are due to rootkits. I would bet they are due to php vulnerabilities, which arguably is a different issue altogether.
I do see a ton of *.edu phishing/compromised web sites.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Review: Open-Source Encryption Utility Frustrates Phishers LXer Syndicated Linux News 0 01-05-2007 09:03 PM
LXer: Why Phishers Don't Fear SSL Toolbars LXer Syndicated Linux News 0 05-09-2006 08:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration