Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mystery Malware Affecting Linux/Apache Web Servers

Posted by Zonk on from the duck-and-cover-like-tommy-the-turtle dept.

lisah writes "Reports are beginning to surface that some Web servers running Linux and Apache are unwittingly infecting thousands of computers, exploiting vulnerabilities in QuickTime, Yahoo! Messenger, and Windows. One way to tell if your machine is infected is if you're unable to create a directory name beginning with a numeral. Since details are still sketchy, the best advice right now is to take proactive steps to secure your servers. 'We asked the Apache Software Foundation if it had any advice on how to detect the rootkit or cleanse a server when it's found. According to Mark Cox of the Apache security team, "Whilst details are thin as to how the attackers gained root access to the compromised servers, we currently have no evidence that this is due to an unfixed vulnerability in the Apache HTTP Server." We sent a similar query to Red Hat, the largest vendor of Linux, but all its security team could tell us was that "At this point in time we have not had access to any affected machines and therefore cannot give guidance on which tools would reliably detect the rootkit."'"

38 of 437 comments (clear)

  1. Re:Ubuntu as well? by oedneil · · Score: 2, Funny

    As Ubuntu is indeed Linux, I'd venture to guess that it is affected.

  2. Should have used IIS by Anonymous Coward · · Score: 5, Funny

    This is why serious businesses choose a serious web server: Microsoft Internet Information Services running on Microsoft Windows Server.

    1. Re:Should have used IIS by Shaman · · Score: 3, Funny

      Hahahahahaha hah aha aha aha hahahahaaha bwahahahaha ...wait, you're joking, right?

      --
      ...Steve
    2. Re:Should have used IIS by uberushaximus · · Score: 4, Funny

      Of course not, this is internet, internet is serious business, we do not 'joke' here.

    3. Re:Should have used IIS by Anonymous Coward · · Score: 1, Funny

      LMFAO !!! You must be joking. What, one problem in ages and people should jump to IIS?? LOL, please. IIS & WinBlows have daily issues like this.

  3. Something's fishy! by linumax · · Score: 4, Funny

    Last night I discovered a directory named 53 4B 59 4E 45 54 in my home folder.

    1. Re:Something's fishy! by Trigun · · Score: 5, Funny

      Are those Bra sizes? You're into some weird shit man.

    2. Re:Something's fishy! by sukotto · · Score: 5, Funny

      Yeah, mine had 4 8 15 16 23 42

      and all sorts of weird stuff's started happening in the server room

      --
      Come play free flash games on Kongregate!
    3. Re:Something's fishy! by StargateSteve · · Score: 2, Funny

      What is this ASCII/HEX converter you are speak of? I had to learn this stuff myself. I would have also expected skynet to make the jump to Unicode by now.

    4. Re:Something's fishy! by geminidomino · · Score: 3, Funny

      I saw that on someone's shirt last week when I went to my spanish class at night school. I spent 25 minutes before class trying to figure out the pattern.

      Now I google it and I see it's from a dumbass TV show. I'm pissed off.

  4. Am I safe? by Solra+Bizna · · Score: 1, Funny

    Does this rootkit work on a hardened Gentoo install with no LKM support on SPARC64? :P

    -:sigma.SB

    --
    WARN
    THERE IS ANOTHER SYSTEM
    1. Re:Am I safe? by Anonymous Coward · · Score: 5, Funny

      Does this rootkit work on a hardened Gentoo install with no LKM support on SPARC64? :P

      Maybe; they're still compiling it.

    2. Re:Am I safe? by GreggBz · · Score: 4, Funny

      Yes, but you have to compile it.

    3. Re:Am I safe? by bigredradio · · Score: 5, Funny

      Your safe. NOTHING will run on that system. ;-)

      --
      Flexible bare-metal recovery for Linux/UNIX
  5. LOLserver? by KublaiKhan · · Score: 5, Funny

    IIS are serious server. This are serious thread.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
    1. Re:LOLserver? by Anonymous Coward · · Score: 5, Funny

      Is can be rootkit tiem now plz?

    2. Re:LOLserver? by davidsyes · · Score: 3, Funny

      That are be unpossible.

      --
      Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
    3. Re:LOLserver? by snarfies · · Score: 2, Funny

      I see what you did there.

    4. Re:LOLserver? by idontgno · · Score: 2, Funny

      Your shipment of rootkit has arrived!

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  6. Re:Nimda Code Red Chunked Encoding...... by angus_rg · · Score: 2, Funny

    Bozo the Clown serious?

  7. Re:LISTEN UP by Anonymous Coward · · Score: 1, Funny

    Underage anime? Does that refer to pictures drawn after 1990?

  8. Can't be malware by Anonymous+MadCoe · · Score: 2, Funny

    It's for Apache/Linux so it must be well crafted code written with the best intention....

    Isn't that always the case with FOSS. If it was for Microsoft then it would be _real_ malware....

  9. Well... by Anonymous Coward · · Score: 2, Funny

    I did a mkdir 09F911029D74E35BD84156C5635688C0 and all I got was a DMCA rm -f 09FA* request.

  10. Re:Funny by Anonymous Coward · · Score: 1, Funny

    IIS6 has never had a remote code execution hole. Ever.

  11. Re:Funny by studpuppy · · Score: 5, Funny
    Would you blame a lock company if the user left his keys in the lock?"

    Depends. How good is my lawyer?

    --
    The last time I wrote code, it was Morse
  12. Re:Software sucks. by Schraegstrichpunkt · · Score: 4, Funny

    Yeah. People should be held liable when they know full well that Microsoft has a track record for bad security, but choose Microsoft products anyway.

    --
    http://outcampaign.org/
  13. Re:mkdir 1 by wanderingknight · · Score: 2, Funny

    lucas@bilkis:~$ man mytummy
    No manual entry for mytummy
  14. Re:Software sucks. by Garridan · · Score: 2, Funny

    Simple! Just don't upgrade. Problem solved! Don't worry, the rootkit seems to be spreading malware to windows users. They're used to it anyway -- it won't actually harm your linux box, so what's to worry?

  15. Re:Ubuntu as well? by Anonymous Coward · · Score: 3, Funny

    "but his point is that unless you are running Windows OR have an Apache webserver this doesn't effect you."

    Well I am sure the 3% of the population that don't fit into either category are relieved as hell.

  16. Re:Ubuntu as well? by BorgCopyeditor · · Score: 3, Funny

    But why male models?

    --
    Shop as usual. And avoid panic buying.
  17. Re:Passwords are still the big exposure. by Anonymous Coward · · Score: 1, Funny

    Try "squam1sh666oss1frage"

    That's amazing! I have exactly the same combination on my highly secure luggage. Well, I did, anyway.

    Thanks a lot, asshole.

  18. Re:Ubuntu as well? by wall0159 · · Score: 4, Funny

    What's this nonsense? Ubuntu is Ubuntu. ...and that's kinda related to Mac, right? Just... more browner.

  19. Re:Passwords are still the big exposure. by MichaelSmith · · Score: 2, Funny

    Check your other users too, particularly people in group wheel

    Which is hardly an advantage on Linux because everybody can su to root. We have RMS to thank for that one. Apparently the GNU way is fairer to the users.

    --
    http://michaelsmith.id.au
  20. Re:Is Idiocracy coming true? by zcat_NZ · · Score: 5, Funny

    happy geek has run out of happy :-(

    --
    455fe10422ca29c4933f95052b792ab2
  21. Re:Ubuntu as well? by Anonymous Coward · · Score: 1, Funny

    Yeah, there's no way a company like Microsoft would have the resources to spread false information on internet sites.

  22. Re:Funny by cp.tar · · Score: 3, Funny

    How many lawyers are good?

    I think their class restricts them to Lawful Evil; should they change alignment, they et disbarred. So, none, at a guess.

    --
    Ignore this signature. By order.
  23. Re:Hummm, no ahah ?! by Detritus · · Score: 3, Funny

    He's on a little-endian system.

    --
    Mea navis aericumbens anguillis abundat
  24. Re:Ubuntu as well? by Kwirl · · Score: 2, Funny

    One great unknown thus far is how the servers come to be infected.

    So as long as it defends your precious *nix community, and lays potential blame at the door of MS, it is perfectly acceptable practice to make accusatory conclusions with no evidence or proof. This kind of MS bashing just makes the *nix community look like desperate hypocrites, and only furthers my resolve to continue supporting the MS platform for another 15 years of satisfied usage.

    Why can't you just accept the fact that everyone knows that every platform is vulnerable to some extent, and probably 90% of users don't give a shit.