Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Worm Creating "Attack Network"

Posted by CmdrTaco on from the no-excuse-for-a-bad-admin dept.

RomSteady writes "In what could be a case of the free pot calling the expensive kettle black, C|Net is reporting that a new Linux worm is "creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data" and has already infected at least 3,500 servers. Seems it is true...the security of your web server depends on how effective you are at keeping up to date on patches, no matter if you are running Windows or Linux."

6 of 465 comments (clear)

  1. Attack filter list by inkfox · · Score: 4, Interesting

    You can get a current list of the top C networks which are participating in attacks of various sorts from dshield.org. Depending on your application, it may be advantageous to just add a cron job which grabs this and feeds it to your firewall rules, hosts.deny or access control lists.

    --
    Says the RIAA: When you EQ, you're stealing bass!
  2. Re:Why is this topic here again? by SuiteSisterMary · · Score: 4, Interesting

    Much like those of us who understand that there are no insecure systems, only insecure sysadmins had our Win2K boxes patched against Code Red a full MONTH before it hit the wild?

    If anything, Linux makes a lot of people too damn complacent. "Oh, I'm running Linux, don't need to worry about all those Windoze viruses and script kiddies!"

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  3. Self Destruct by devnullkac · · Score: 5, Interesting

    Another evil plan with a big red Self Destruct button: one of the supported remote instructions for the network is "run a command" (0x24). All you have to do is find an entry point and command it to killall -9 .bugtraq and the command will propagate through the network, killing itself. Doesn't keep it from regenerating on the original https vulnerability vector, but we could perhaps slow down the DDoS attacks.

    --
    What do you mean they cut the power? How can they cut the power, man? They're animals!
  4. How Come? by hooded1 · · Score: 3, Interesting

    How come when there is a worm or virus on Windows it is because Microsoft is grossley negligent and has no understanding of security, yet when there is a linux worm it is because of no fault of the developers but instead the fault of the 'lazy' sys admins whos machines became infected. This is flamebait, but it would be nice to have some standards on slashdot.

    --
    A rabbit in the hand is worth 4 in the cage
  5. One other small difference by twitter · · Score: 4, Interesting
    The other small difference between Windows and Linux as operating systems: The one hundred billions other exploits that all M$ boxes have in software that should not be running on a server, can't be removed from the server, and show up as headlines every freaking month. Why, pray tell, should a server run a GUI or a browser ALL THE TIME? I know, it's a small difference that the average user might not notice in terms of privacy, stability and security. That would be because the average user does not run a stable secure and privacy protecting operating system and has no idea of what it would be like to not be asked by tech support, "have you tried rebooting your computer?"

    By the way, who says this attack won't affect Apache on Windows, Sun, True Unix, etc?

    "You looked at your network settings, you should reboot your computer now."

    --

    Friends don't help friends install M$ junk.

  6. Re:Here's how to stop _this_ one. by sunset · · Score: 3, Interesting
    If there is anything in your /tmp directory named .bugtraq.c and you didn't put it there, it's too late, you're rooted. Time to unplug the network cable...

    I didn't see this described as a root exploit. Did I miss something?