BleepingComputer.com: Think Linux is safe from malware? Think again.

Sloppy admin work will render any OS vulnerable, Windows or not.

A network of hijacked Linux servers is apparently being used to distribute malicious software to Windows PCs. According to an analysis by web developer Denis Sinegubko, the comprised systems all have one thing in common: the light weight web server nginx is running and serving content through port 8080. Otherwise, these systems are inconspicuous and appear to operate quite normally.

Rest of the article: http://www.h-online.com/security/Botnet-di...s--/news/114225

Thanks to Mikko Hypponen @ F-Secure for the link.

That's just a super dumb admin on linux, not a linux vulnerability or a malware for linux.

These linux servers were normal web servers running Apache at port 80. The admin of such web servers should be extra cautious. Bu here the hackers stole the root password(because it was saved it on hard disk), downloaded nginx source code, compiled and installed it. Then download no-ip client source, compiled and installed it. And the admin never noticed! What more, Apache was listening on port 80 so hackers made nginx listen on port 8080. This may require port forwarding in router!

Analaysis : http://blog.unmaskparasites.com/2009/09/11...ie-web-servers/
Its not a botnet : http://www.itworld.com/security/77499/first-linux-botnet

PEBKAC Alert! PEBKAC Alert! PEBKAC Alert! PEBKAC Alert!

Bug #0000001:

• Description: Meatware components tend to weaken all other system and security components.
  
• Status: There exists no software or hardware solution to the ongoing meatware problem. This bug cannot be patched.

Admin error or not is not the point. Most Windows malware is also caused by admin error or oversight (i.e. not patching, or running unsecure versions of plugins and software; not having a decent firewall, etc). People tend to forget that security is never 100% unless you know what you're doing. There is no cure all, simply running Linux will not protect you from vulnerabilities if you do not secure your OS.

The point of my posting this here was to make sure that fact was known. No matter if you choose to use OS X, Windows or any of the different flavours of Linux, you still have to be proactive about security. In this case, the admins were careless, the result is evident.

Not a botnet? I beg to differ. It's a collection of Linux servers that fell in to the control of someone else (which is part of the definition of a bot); there were many discovered, thus a network of bots. Whether they use it to DDoS or to host malicious files and infect other computers, has no bearing on that fact. Whether it's used to spread malware aimed at Windows machines as opposed to *nix ones, the result stands.

Indeed it is/was a botnet, by definition.

Gal is right: there is no such thing as a totally secure program or operating system. It does not exist. A Linux box with a careless or stupid administrator is more vulnerable than a well-run, patched, and locked down system running Windows XP. My Windows XP system, for example, hasn't had an infection (that I'm aware of) since 2004. But that's only because I'm proactive in my defensive measures (fully updated and running antivirus, software firewall, anti-spyware, hosts file blacklists, etc.), careful of my downloads, have disabled unneeded programs and services, and I lock my browser down like Fort Knox on red alert.

Well, a botnet must have a bot-agent running. Where was the bot-agent on Linux computers?
And thats what contradicts in your Post's title : Think Linux is safe from malware? But where is malware? nginx is a safe server, its no malware.

As I understand, a botnet is a collection of computers on which a a particular type of bot agent (malware) is running. These bot agents may be of different types but all of them are controlled by same cyber crimininal individual or organisation using a common command - and - control (CnC) infrastructure. The bot agents provide many capablities to the cyber criminals controlling them. So far we have seen nothing like this on the said Linux machines.

Hacking and manually taking over a computer or network : hacked network
An collection of online computers scattered all over world infected by bot-agents (malware) : botnet

The distinction is merely semantic. The result is the same. The point is that merely running a more secure OS like Linux doesn't absolve one of running it properly.

I am sorry Amazing Andrew and Galadriel, you are both right. I drank too much beer last night

Beer = 1 / Intelligence

Romeo29, on Sep 17 2009, 03:25 AM, said:

Beer. The rootkit of the brain

This post has been edited by Amazing Andrew: 17 September 2009 - 12:55 PM

@Andrew.

Romeo, you had valid questions though and I have to admit that my title was a little 'sensationalist' which probably drew that line of thought. So I'll take the criticism of it as a sign that someone paid attention. I do realize and understand that *nix users, in general, have safer computing habits, but the OS isn't the one making the system stronger necessarily, only the person at the commands. Sure it has better default security settings, sure it has a lot more control over who can do what, but all in all, a careless admin will still be at risk.
The title was merely a way to get attention to the underlying message I was bringing forth. No matter the OS you choose, it won't save you from careless security practices. Too many people think that Macs and *nix systems are immune to threats, when that is far from being the case.

Thanks for you first post Galadriel. It brought out the big boys. After rearing your posts and Amazing Andrew and Romeo29 posts I have learned a lot but most of all it's how one keeps on top of there systems security. A sloppy administer = a less secure system. Thanks to all, a good read.