Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

Posted by timothy on from the strutting-around-like-they-own-the-place dept.

An anonymous reader writes Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals. The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet. The full advisory is available for download only with registration, but the (Akamai-owned) Prolexic page to do so is quite detailed.

5 of 230 comments (clear)

  1. So? by Anonymous Coward · · Score: 0, Informative

    Who says that I mind if my computer gets used to attack the RIAA?

  2. JAVA by HornyBastard · · Score: 3, Informative

    From TFA.
    "Attackers have exploited Linux servers that run unpatched versions of Apache Struts and Tomcat with vulnerabilities"

    Apache Struts, Tomcat, and elasticsearch (mentioned in the summary) are all written in java.
    To me, that indicates a JAVA vulnerability, not a Linux vulnerability.

    --
    Death has been proven to be 99% fatal in lab rats.
  3. Re:Hmmm by Lumpy · · Score: 1, Informative

    Linux was not vulnerable it was Apache and other software. running Apache on BSD, Windows or OSX would give them the same attack vector. This is the same as Outlook launching and running an executable in an email. It's not the OS it's an application that has the problems.

    Lastly it's all software that has not been updated in a very long time and is not being maintained.. That alone causes giant holes in any OS or software ever made.

    FYI: there are a LOT of windows machines out there running ancient IIS... I see code red worm attempts in my logs daily. It's not the OS, it's the idiots that own and run the machines.

    --
    Do not look at laser with remaining good eye.
  4. Re:must me false by benjymouse · · Score: 4, Informative

    Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default.

    Windows 8, Windows 7 and even Windows Vista comes up and asks you if you *want* to turn on services. If you answer no, it will not have any network ports listening. Get it yet? That's the *desktop user* targeted operating systems.

    Windows Server comes by default with NO network services turned on by default, and NO listening ports. Get it yet?

    Linux *desktop user* targeted distros do turn on network services. Get it yet?

    Yes the distribution may turn on some services

    Yes, indeed. Get it yet?

    Linux distributions targeted at "servers" generally come w/o any services even installed by default.

    Yes. Just like the Windows Server versions. Get it?

    If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure

    Nope. Linux lacks many, many of the security features in Windows 8. In distros using apparmor it only protects some of the daemons. Windows 8 comes with Mandatory Integrity Control built-in sandboxing.

    Windows 8 supports multiple (and simultaneous) network firewall profiles which are automatically selected based on where you are: On a corporate network SMB services may be available, on a public network without a trusted domain controller it selects the public (locked down) profile. Linux does not.

    I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator

    Good you do not believe it, because it is false. This is one of the hardest things for Linux fanatics to understand: Windows has tokens and with UAC even if you do log in with an account with administrative rights, the token will not have administrative rights. This means that the processes started by the shell will not have administrative rights. Get it yet?

    Linux is not like this, and most desktop distributions today don't allow you to login as root.

    No, but they do allow you to elevate to root as effective user - using sudo or other SUID utilities, which is a blatant violating of one of the most fundamental security principles: Least privilege.

    In Linux you elevate to the highest, unrestricted and all-powerfull user just to change your own password??? Have you any idea how f* up that is?

    Get it yet?

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  5. Re:must me false by Blakey+Rat · · Score: 3, Informative

    Windows 8 isn't a server. You're comparing apples to oranges, and being intellectually dishonest, and you know it.

    The truth is: you haven't used Windows Server 2008, you haven't used Windows Server 2012, and you (obviously from your grandparent post) have absolutely NO idea what you are talking about when it comes to Windows Server security.

    And instead of just admitting as much and bowing-out gracefully, you pull the "hahaha you are wrong but it's a waste of time to argue with you!" card. Disgusting.

    --
    Comment of the year