Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Botnet of Linux Web Servers Discovered

Posted by kdawson on from the shields-up dept.

The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware. "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"

5 of 254 comments (clear)

  1. Stupid people use linux too by tetsukaze · · Score: 5, Insightful

    We can blame our hate pet OS for all of the internet evil out there, but we need to remember one important thing: people are almost always the week link in security. If someone knows what they are doing, it is very hard to penetrate a linux server... or a windows server. There will always be those that can break through the best security, but there is a lot of low hanging fruit and not just on the windows tree.

    1. Re:Stupid people use linux too by FlyingBishop · · Score: 5, Insightful

      Actually, I would say the people to blame are those hosting providers who keep using ftp with weak usernames and weak passwords as the preferred way to access your website.

      There was a time when the client software was insufficient to the task, that time is long gone. WinSCP is mature and easy to use. No, browsers don't offer sftp:// support natively, but the browser is not very secure anyway. Hosting providers need to get their heads out of the sand and upgrade to secure authentication.

  2. Re:Ok, so I got the popcorn ready.... by Timothy+Brownawell · · Score: 5, Insightful

    I suspect you are astroturfing for MS here

    And I suspect that you are a troll.

    and so will want "botnet" to mean "any set of two or more compromised computers". But that definition means that the number of windows botnets would be astronomical, so be careful about your definitions.

    Did you even read what I linked to? A botnet is a collection of compromised computers that share a Command and Control channel.

    Instead I propose the following definition:

    Because the generally accepted definitions don't suit your purpose?

  3. Re:Ok, so I got the popcorn ready.... by NewbieProgrammerMan · · Score: 5, Insightful

    ...so the MS astroturf team has decided to call it a "botnet".

    I'm curious--how can I tell when an idea is being promoted by the "MS astroturf team" and not by regular not-so-clueful reporters that might mistakenly use the wrong term?

    --
    [b.belong('us') for b in bases if b.owner() == 'you']
  4. Re:Ok, so I got the popcorn ready.... by Zero__Kelvin · · Score: 5, Insightful

    You clearly need to look up the word robot ;-) In the mean time, since I know that a robot is an autonomic system I am aware that an network robot must necessarily be autonomous as well.

    And BTW, this article does not claim that Linux was hacked. It claims that peoples websites were hacked, and those websites happen to be hosted on Linux. Nothing to see here, no botnet, and no hacked Linux kernel. Just poor system administration allowing FTP password sniffing, etc. The whole thing is sensationalist bullshit.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun