Slashdot Mirror


First Botnet of Linux Web Servers Discovered

The Register writes up a Russian security researcher who has uncovered a Linux webserver botnet that is coordinating with a more conventional home-based botnet of Windows machines to distribute malware. "Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware [on port 8080]. 'What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution,' Sinegubko wrote. 'To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s).'"

9 of 254 comments (clear)

  1. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    This isn't technically a botnet:

    It's unclear exactly how the servers have become infected. Sinegubko speculates they belong to careless administrators who allowed their root passwords to be sniffed. Indeed, the part of the multi-staged attack that plants malicious iframes into legitimate webpages uses FTP passwords that have been stolen using password sniffers. It's likely the zombie servers were compromised in the same fashion, he explained.

    These are simply rootkitted servers and they appear to have been done manually. The unique aspect of this is that it seems to be coordinated, so the MS astroturf team has decided to call it a "botnet".

    --
    Just callin' it like I see it.
  2. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    "define: botnet"

    I suspect you are astroturfing for MS here and so will want "botnet" to mean "any set of two or more compromised computers". But that definition means that the number of windows botnets would be astronomical, so be careful about your definitions.

    Instead I propose the following definition:

    botnet: an automated and self propagating network of compromised machines.

    If "self propagating" is essential to the definition of "botnet" then the group of manually compromised linux machines is not a botnet.

    --
    Just callin' it like I see it.
  3. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    Because the generally accepted definitions don't suit your purpose?

    Define "generally accepted".

    --
    Just callin' it like I see it.
  4. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    Did you even read what I linked to? A botnet is a collection of compromised computers that share a Command and Control channel.

    Ok. I went back and read the definitions.

    I like this one:

    The term often applies to groups of computer systems that have had malicious software installed by worms, Trojan horses or other malicious software.

    And you like the one that fits your fiscal agenda. So I'm not the only one who selects their definitions, am I? You. Are. An. Astroturfer.

    --
    Just callin' it like I see it.
  5. Re:Ok, so I got the popcorn ready.... by Anonymous Coward · · Score: 0, Troll

    If I had mod points, I'd mod you Troll.

  6. Re:Ok, so I got the popcorn ready.... by blind+biker · · Score: 0, Troll

    Define "generally accepted".

    Define "define".

    Game over, I win.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  7. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    Sorry, but by that logic, wouldn't you--explicitly--be one as well?

    Astroturfers get paid. You decide.

    --
    Just callin' it like I see it.
  8. Re:Ok, so I got the popcorn ready.... by Zero__Kelvin · · Score: 0, Troll

    On their face, none of these definitions require a robot to be capable of generating other robots automatically -- merely that the robot must be capable of performing some function automatically."

    By your definition cron is a bot. Sorry, but it is not . I was around since before there were botnets, active on the hacking/phreaking scene, so I was there when the terms were coined. I know exactly what bot means; you have literally no idea.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  9. Re:Ok, so I got the popcorn ready.... by LaskoVortex · · Score: -1, Troll

    I'm going to use all these negative mods as evidence of the M$ shills that fucking infest this board. It's been taken over. Holy fuck. Guys, you are earning your money. And blowing your mod points. Slashdot: you have lost a contributor with me. I'm out. Just get paid directly from M$ and be done with the facade.

    --
    Just callin' it like I see it.