Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mystery Malware Affecting Linux/Apache Web Servers

Posted by Zonk on from the duck-and-cover-like-tommy-the-turtle dept.

lisah writes "Reports are beginning to surface that some Web servers running Linux and Apache are unwittingly infecting thousands of computers, exploiting vulnerabilities in QuickTime, Yahoo! Messenger, and Windows. One way to tell if your machine is infected is if you're unable to create a directory name beginning with a numeral. Since details are still sketchy, the best advice right now is to take proactive steps to secure your servers. 'We asked the Apache Software Foundation if it had any advice on how to detect the rootkit or cleanse a server when it's found. According to Mark Cox of the Apache security team, "Whilst details are thin as to how the attackers gained root access to the compromised servers, we currently have no evidence that this is due to an unfixed vulnerability in the Apache HTTP Server." We sent a similar query to Red Hat, the largest vendor of Linux, but all its security team could tell us was that "At this point in time we have not had access to any affected machines and therefore cannot give guidance on which tools would reliably detect the rootkit."'"

14 of 437 comments (clear)

  1. Should have used IIS by Anonymous Coward · · Score: 5, Funny

    This is why serious businesses choose a serious web server: Microsoft Internet Information Services running on Microsoft Windows Server.

    1. Re:Should have used IIS by uberushaximus · · Score: 4, Funny

      Of course not, this is internet, internet is serious business, we do not 'joke' here.

  2. Something's fishy! by linumax · · Score: 4, Funny

    Last night I discovered a directory named 53 4B 59 4E 45 54 in my home folder.

    1. Re:Something's fishy! by Trigun · · Score: 5, Funny

      Are those Bra sizes? You're into some weird shit man.

    2. Re:Something's fishy! by sukotto · · Score: 5, Funny

      Yeah, mine had 4 8 15 16 23 42

      and all sorts of weird stuff's started happening in the server room

      --
      Come play free flash games on Kongregate!
  3. LOLserver? by KublaiKhan · · Score: 5, Funny

    IIS are serious server. This are serious thread.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
    1. Re:LOLserver? by Anonymous Coward · · Score: 5, Funny

      Is can be rootkit tiem now plz?

  4. Re:Am I safe? by Anonymous Coward · · Score: 5, Funny

    Does this rootkit work on a hardened Gentoo install with no LKM support on SPARC64? :P

    Maybe; they're still compiling it.

  5. Re:Am I safe? by GreggBz · · Score: 4, Funny

    Yes, but you have to compile it.

  6. Re:Funny by studpuppy · · Score: 5, Funny
    Would you blame a lock company if the user left his keys in the lock?"

    Depends. How good is my lawyer?

    --
    The last time I wrote code, it was Morse
  7. Re:Am I safe? by bigredradio · · Score: 5, Funny

    Your safe. NOTHING will run on that system. ;-)

    --
    Flexible bare-metal recovery for Linux/UNIX
  8. Re:Software sucks. by Schraegstrichpunkt · · Score: 4, Funny

    Yeah. People should be held liable when they know full well that Microsoft has a track record for bad security, but choose Microsoft products anyway.

    --
    http://outcampaign.org/
  9. Re:Ubuntu as well? by wall0159 · · Score: 4, Funny

    What's this nonsense? Ubuntu is Ubuntu. ...and that's kinda related to Mac, right? Just... more browner.

  10. Re:Is Idiocracy coming true? by zcat_NZ · · Score: 5, Funny

    happy geek has run out of happy :-(

    --
    455fe10422ca29c4933f95052b792ab2