Slashdot Mirror


First Botnet of Linux Web Servers Discovered

The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware. "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"

16 of 254 comments (clear)

  1. Linux by Anonymous Coward · · Score: 5, Funny

    It's ready for the botnet!

    1. Re:Linux by noidentity · · Score: 5, Funny

      Maybe the year of the Linux desktop is near, with the OS finally getting a botnet that doesn't require Wine to run. Take that, Apple!

  2. And here it comes by Anonymous Coward · · Score: 4, Funny

    Does this mean Linux finally has reached a point of user friendliness equal to Windows?

    1. Re:And here it comes by swilly · · Score: 4, Funny

      Unfortunately not. It appears that the servers were manually hacked, which is far less user friendly than the automated hacks that Windows makes so very easy.

      Linux still has a ways to go, I'm afraid.

  3. Re:Ok, so I got the popcorn ready.... by symbolset · · Score: 5, Funny

    Just waiting for the flamefest here of Linux vs Windows botnets.

    OK, I'll start. Linux webservers are so lame they don't even include the facility for users to disable them remotely in case of malware distribution.

    --
    Help stamp out iliturcy.
  4. Re:Ok, so I got the popcorn ready.... by easyTree · · Score: 5, Funny

    Just waiting for the flamefest here of Linux vs Windows botnets.

    It's nice to see Lo0niX has advanced to the point where it can now successfully run botnet software. I'll bet there's no gui though. I'm not up on linux commands so don't laugh but I'll wager it's something like:
      * apt get b0tnet -s -x9 -secret -warez -pr0n -infectWindows=1 -p

    Rather than the point-and-click convenience you'd expect on windows.

    Maybe games are next? Quake-n for linux would be nice.

    How's that? :D

  5. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: 5, Funny

    Rather than the point-and-click convenience you'd expect on windows.

    It's not that easy on MS windows. After you click the link to the tennis player nudie pix, your machine locks up. Then you have to *hard reboot* (without the help of the blue screen to let you know your computer crashed). Only after you hard reboot, usually by pulling the power cord all the way out, can you run the botnet software.

    Windows really isn't as user friendly for botnets as everyone thinks it is. I hope 7 does better.

    --
    Just callin' it like I see it.
  6. nginx? by Anonymous Coward · · Score: 5, Funny

    nginx, so that's what the worm is called? I'd better check my company's webservers so they aren't running this evil hacker malware.

    Oh my... all of them had been infected. No worries though, I managed to clean them all up. A good day's work well done.

  7. Re:Ok, so I got the popcorn ready.... by maharb · · Score: 3, Funny

    Why should it have to self propagate and at what degree do current bot nets self propagate without users compromising their systems.

    Servers don't roam the net downloading porn and music.

  8. Re:Ok, so I got the popcorn ready.... by Kjella · · Score: 4, Funny

    Rather than the point-and-click convenience you'd expect on windows.

    Actually, they found Amazon had patented that so they had to go with the no-click experience. Got to respect corporate IP, you know.

    --
    Live today, because you never know what tomorrow brings
  9. Re:Missing in the summary by rohan972 · · Score: 4, Funny

    "With about 100 nodes". The average windows botnet (at least the one that make into the news) have from hundreds of thousands to millons of nodes.

    That's irrelevant. A linux botnet would be so much more productive than a windows botnet that you don't need nearly as many nodes.<\straightface>

  10. Re:Ok, so I got the popcorn ready.... by Anpheus · · Score: 4, Funny

    As a user of Windows 7, I found it exceedingly helpful. I was pleased when Clippy popped up and said, "It looks like you're trying to infect your computer, do you want some help?" At which point Clippy showed me how to use Aero Shake(tm) to get rid of all the distracting popups that would divert me from trying to find the source of all malware. After I encountered a fork in the road, so to speak, Clippy demonstrated Aero Snap(tm) so I could compare the sites I was surfing side by side. At long last, I found truly good malware on a *stan website. Top level domain was for some country like Miyagistan. Thankfully, I bought Windows(tm) 7 Ultimate Edition(tm) and downloaded the appropriate language pack so the viruses I downloaded would be more at home.

    Running it was as easy as clicking on it and clicking "Continue." Ever since then I've been living in a peaceful coexist

  11. Re:Ok, so I got the popcorn ready.... by the_womble · · Score: 3, Funny

    It also looks likely that the passwords were stolen from the admin's compromised windows desktops!

  12. Re:Ok, so I got the popcorn ready.... by Giometrix · · Score: 4, Funny

    servers don't roam the net -- the net roams them (google, etc.)

    Wait you forgot the "Soviet" part.

    --
    Download free e-books, lectures, and tutorials at bookgoldmine.com
  13. Re:Ok, so I got the popcorn ready.... by Anonymous Coward · · Score: 3, Funny

    how droll.

    A real linux guy will do a subversion checkout of the bot and issue a

    make clean; make deps; make;

    Only n00bs use that Apt-get stuff...

  14. Re:Ok, so I got the popcorn ready.... by Anonymous Coward · · Score: 3, Funny

    how can I tell when an idea is being promoted by the "MS astroturf team" and not by regular not-so-clueful reporters that might mistakenly use the wrong term?

    When you don't hear the black helicopters of the astoturf team, that means it's them, since they're designed so you won't hear them.