Slashdot Mirror
First Botnet of Linux Web Servers Discovered
The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware. "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"
Awkward...
Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
It's ready for the botnet!
Does this mean Linux finally has reached a point of user friendliness equal to Windows?
Just waiting for the flamefest here of Linux vs Windows botnets.
OK, I'll start. Linux webservers are so lame they don't even include the facility for users to disable them remotely in case of malware distribution.
Help stamp out iliturcy.
It's nice to see Lo0niX has advanced to the point where it can now successfully run botnet software. I'll bet there's no gui though. I'm not up on linux commands so don't laugh but I'll wager it's something like:
* apt get b0tnet -s -x9 -secret -warez -pr0n -infectWindows=1 -p
Rather than the point-and-click convenience you'd expect on windows.
Maybe games are next? Quake-n for linux would be nice.
How's that? :D
Requiem for the American Dream
Rather than the point-and-click convenience you'd expect on windows.
It's not that easy on MS windows. After you click the link to the tennis player nudie pix, your machine locks up. Then you have to *hard reboot* (without the help of the blue screen to let you know your computer crashed). Only after you hard reboot, usually by pulling the power cord all the way out, can you run the botnet software.
Windows really isn't as user friendly for botnets as everyone thinks it is. I hope 7 does better.
Just callin' it like I see it.
Boggles the mind; I, for one, welcome our new Linux botnet Beowulf cluster overlords.
nginx, so that's what the worm is called? I'd better check my company's webservers so they aren't running this evil hacker malware.
Oh my... all of them had been infected. No worries though, I managed to clean them all up. A good day's work well done.
Why should it have to self propagate and at what degree do current bot nets self propagate without users compromising their systems.
Servers don't roam the net downloading porn and music.
Rather than the point-and-click convenience you'd expect on windows.
Actually, they found Amazon had patented that so they had to go with the no-click experience. Got to respect corporate IP, you know.
Live today, because you never know what tomorrow brings
"With about 100 nodes". The average windows botnet (at least the one that make into the news) have from hundreds of thousands to millons of nodes.
That's irrelevant. A linux botnet would be so much more productive than a windows botnet that you don't need nearly as many nodes.<\straightface>
http://marriedmansexlife.com/
As a user of Windows 7, I found it exceedingly helpful. I was pleased when Clippy popped up and said, "It looks like you're trying to infect your computer, do you want some help?" At which point Clippy showed me how to use Aero Shake(tm) to get rid of all the distracting popups that would divert me from trying to find the source of all malware. After I encountered a fork in the road, so to speak, Clippy demonstrated Aero Snap(tm) so I could compare the sites I was surfing side by side. At long last, I found truly good malware on a *stan website. Top level domain was for some country like Miyagistan. Thankfully, I bought Windows(tm) 7 Ultimate Edition(tm) and downloaded the appropriate language pack so the viruses I downloaded would be more at home.
Running it was as easy as clicking on it and clicking "Continue." Ever since then I've been living in a peaceful coexist
It also looks likely that the passwords were stolen from the admin's compromised windows desktops!
Did you read the first sentence? Evidently the word manually doesn't mean what you think it does. (Manually is the opposite of automatically BTW) Here is the best definition from that page IMNSHO: The word BOTNET is short for the combination of the word robot and network . The term often applies to groups of computer systems that have had malicious software installed by worms, Trojan horses or other malicious software that allows the "botnet herder " or botnet's originator to control the .... In any case, yes, it absolutely has to be a network robot to be a bot, and those are by definition automatically spread, not manually propogated. That's the "bot" part of the term network robot.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Instead I propose the following definition:
botnet: an automated and self propagating network of compromised machines.
It's pretty clear the definition you're really trying to propose is:
"botnet: a network of infected or compromised non-Linux machines."
Just callin' it like I want to see it.
Fixed your sig for you.
Servers don't roam the net downloading porn and music.
You are here by excommunicated from the secret global geek alliance for revealing the truth behind one of our most useful excuses.
And to any lay people listening in:
Computers can in fact act on their own and illegally download music or collect an unseemly amount of lesbian teen videos. No one knows why and you son/husband is just as surprised as you are.
servers don't roam the net -- the net roams them (google, etc.)
Wait you forgot the "Soviet" part.
Download free e-books, lectures, and tutorials at bookgoldmine.com
how droll.
A real linux guy will do a subversion checkout of the bot and issue a
make clean; make deps; make;
Only n00bs use that Apt-get stuff...
Actually they don't automatically work together. That is why there is a command and control center. They propogate autonomously, then they do the bidding of the bot master. (I usually don't reply to ACs, but I don't want others getting more confused because what he says almost makes sense until you think about it.)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
how can I tell when an idea is being promoted by the "MS astroturf team" and not by regular not-so-clueful reporters that might mistakenly use the wrong term?
When you don't hear the black helicopters of the astoturf team, that means it's them, since they're designed so you won't hear them.
A beowolf cluster run by a beowolf klutz