Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact |
Departments

user friendly

Admin Magazine

Subscribe now and save!

ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linuxpromagazine.com » Online » News » Botnet of Linux Servers with Dynamic IP Discovered  

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg

Botnet of Linux Servers with Dynamic IP Discovered

A Russian Web developer has found a network of a couple of hundred Linux servers that could distribute malware to Windows systems.

Linux being the server system of choice hasn't exactly escaped malware hackers. According to a current blog entry> from Russian developer Denis Sinegubko, a network of (meanwhile just under a hundred) infected Apache servers manage Windows systems through the dynamic DNS providers dyndns.org and no-ip.com and can thereby provide the malicious code.

The compromised Linux servers include dedicated or virtualized Apache webservers. The malware apparently landed on the target clients not because of an Apache vulnerability but due to weak or intercepted passwords or a security hole in the management software used. The attackers therefore installed next to Apache the small Nginx webserver that distributed the malware to the Windows clients. Site admins wouldn't normally notice the break-in because the Apache service wouldn't be affected.

The exact purpose of and, above all, the gateway used for the attacks are still not fully known. Shortly after Sinegubko's blog, the dyndns.com site took more than 100 systems off the net, and no-ip.com blocked about 100 domains after he contacted them. Unfortunately a cat-and-mouse game can ensue because dynamic hostnames can easily be registered.

(Marcel Hilzinger)

Comments

Linux botnet

charms Sep 16, 2009 10:32pm GMT

It's a Linux botnet just like an Adobe exploit on Windows is a Windows botnet.

maybe not apache

dan Sep 16, 2009 1:30am GMT


I think Apache is also running on windows, so linux to be use?

Linux-Botnet

Marcel Sep 15, 2009 6:37pm GMT

Yes, it's a Linux-Botnet, as the nginx-Version installed on it is the Linux-Version. So it has nothing to do with apache.

Linux

Ty Sep 15, 2009 4:54pm GMT

Is this really a Linux botnet or an Apache botnet running on Linux? Meaning Linux is really not the issue but Apache which could be int he same position if installed on Unix or Windows?

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg
Special Linux Magazine 3 for 1 Offer

Get 3 Issues + 3 DVDs for the price of a single issue!

Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.

Only available for a limited time. Don't miss out!

more...

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2010 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux Technical Review] [ADMIN-Magazin]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland]
International: [Admin Magazine] [Ubuntu User] [Linux Magazine Brazil] [EasyLinux Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]