Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
Article Code

user friendly

CeBIT 2010 CFP

15 projects have been chosen - they will present their work at CeBIT Open Source 2010 in Hanover, Germany.

Find them in hall 2, March 2-6 or here.

  linuxpromagazine.com » Online » News » Botnet of Linux Servers with Dynamic IP Discovered  

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg

Botnet of Linux Servers with Dynamic IP Discovered

Sep 14, 2009

A Russian Web developer has found a network of a couple of hundred Linux servers that could distribute malware to Windows systems.

Linux being the server system of choice hasn't exactly escaped malware hackers. According to a current blog entry> from Russian developer Denis Sinegubko, a network of (meanwhile just under a hundred) infected Apache servers manage Windows systems through the dynamic DNS providers dyndns.org and no-ip.com and can thereby provide the malicious code.

The compromised Linux servers include dedicated or virtualized Apache webservers. The malware apparently landed on the target clients not because of an Apache vulnerability but due to weak or intercepted passwords or a security hole in the management software used. The attackers therefore installed next to Apache the small Nginx webserver that distributed the malware to the Windows clients. Site admins wouldn't normally notice the break-in because the Apache service wouldn't be affected.

The exact purpose of and, above all, the gateway used for the attacks are still not fully known. Shortly after Sinegubko's blog, the dyndns.com site took more than 100 systems off the net, and no-ip.com blocked about 100 domains after he contacted them. Unfortunately a cat-and-mouse game can ensue because dynamic hostnames can easily be registered.

(Marcel Hilzinger)

Comments

Linux botnet

charms Sep 16, 2009 10:32pm GMT

It's a Linux botnet just like an Adobe exploit on Windows is a Windows botnet.

maybe not apache

dan Sep 16, 2009 1:30am GMT


I think Apache is also running on windows, so linux to be use?

Linux-Botnet

Marcel Sep 15, 2009 6:37pm GMT

Yes, it's a Linux-Botnet, as the nginx-Version installed on it is the Linux-Version. So it has nothing to do with apache.

Linux

Ty Sep 15, 2009 4:54pm GMT

Is this really a Linux botnet or an Apache botnet running on Linux? Meaning Linux is really not the issue but Apache which could be int he same position if installed on Unix or Windows?

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg
No More Downloads!

Save the download and take Linux Magazine DVDs instead.

Each DVD contains a full distro like Ubuntu, SUSE, Mandriva, Fedora, or Debian and comes with the corresponding issue of Linux Magazine.

Don't waste timedownloading Linux!

more...

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2010 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux Technical Review]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland]
International: [Linux Magazine Brazil] [EasyLinux Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]