ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
Botnet of Linux Servers with Dynamic IP Discovered
Sep 14, 2009
A Russian Web developer has found a network of a couple of hundred Linux servers that could distribute malware to Windows systems.
Linux being the server system of choice hasn't exactly escaped malware hackers. According to a current blog entry> from Russian developer Denis Sinegubko, a network of (meanwhile just under a hundred) infected Apache servers manage Windows systems through the dynamic DNS providers dyndns.org and no-ip.com and can thereby provide the malicious code.
The compromised Linux servers include dedicated or virtualized Apache webservers. The malware apparently landed on the target clients not because of an Apache vulnerability but due to weak or intercepted passwords or a security hole in the management software used. The attackers therefore installed next to Apache the small Nginx webserver that distributed the malware to the Windows clients. Site admins wouldn't normally notice the break-in because the Apache service wouldn't be affected.
The exact purpose of and, above all, the gateway used for the attacks are still not fully known. Shortly after Sinegubko's blog, the dyndns.com site took more than 100 systems off the net, and no-ip.com blocked about 100 domains after he contacted them. Unfortunately a cat-and-mouse game can ensue because dynamic hostnames can easily be registered.
(Marcel Hilzinger)
Comments
Linux botnet
charms
Sep 16, 2009 10:32pm GMT
It's a Linux botnet just like an Adobe exploit on Windows is a Windows botnet.
maybe not apache
dan
Sep 16, 2009 1:30am GMT
I think Apache is also running on windows, so linux to be use?
Linux-Botnet
Marcel
Sep 15, 2009 6:37pm GMT
Yes, it's a Linux-Botnet, as the nginx-Version installed on it is the Linux-Version. So it has nothing to do with apache.
Linux
Ty
Sep 15, 2009 4:54pm GMT
Is this really a Linux botnet or an Apache botnet running on Linux? Meaning Linux is really not the issue but Apache which could be int he same position if installed on Unix or Windows?
Get 3 Issues + 3 DVDs for the price of a single issue!
Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.
Only available for a limited time. Don't miss out!
Comments
Linux botnet
charms Sep 16, 2009 10:32pm GMT
It's a Linux botnet just like an Adobe exploit on Windows is a Windows botnet.maybe not apache
dan Sep 16, 2009 1:30am GMT
I think Apache is also running on windows, so linux to be use?
Linux-Botnet
Marcel Sep 15, 2009 6:37pm GMT
Yes, it's a Linux-Botnet, as the nginx-Version installed on it is the Linux-Version. So it has nothing to do with apache.Linux
Ty Sep 15, 2009 4:54pm GMT
Is this really a Linux botnet or an Apache botnet running on Linux? Meaning Linux is really not the issue but Apache which could be int he same position if installed on Unix or Windows?