Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

Posted by timothy on from the strutting-around-like-they-own-the-place dept.

An anonymous reader writes Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals. The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet. The full advisory is available for download only with registration, but the (Akamai-owned) Prolexic page to do so is quite detailed.

8 of 230 comments (clear)

  1. Re:Hmmm by Anonymous Coward · · Score: 3, Insightful

    It's news because it illustrates that, as much as Linux users like to throw stones at Windows, they too are vulnerable. Anyone can pick through the source and find security holes what can be exploited - perhaps even much more subtle ones than anyone would ever find on Windows.

  2. Re:Hahahahahahaha by SQLGuru · · Score: 5, Insightful

    Not a Linux apologist (Windows pays my bills), but in defense of Linux, these were programs running on Linux that had exploits. Of course, many of the exploits in Windows are through programs running on Windows and not the OS itself.......but Linux fanboys wouldn't be as quick to point that out.

  3. Re:Hmmm by bobbied · · Score: 4, Insightful

    The people that have their servers compromised in this way are amateurs and shouldn't have put their servers on the web, EVER. This is roughly equivalent to fielding IIS from 2001 on windows XP and not keeping your patch set up to date. You are going to be hacked.

    Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.

    So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  4. Re:must me false by Opportunist · · Score: 4, Insightful

    This used to be true, it's by far no longer the case.

    It's the ancient battle of usability vs. security. The most secure system is by design also the least usable one. And that's where the two systems came from. Windows was once "usability trumps security, no matter what". Linux was the exact opposite. Hence the reputation of Linux that you need to have a masters in CS to boot the damn thing, and for a network connection nothing less than a doctorate will do.

    Various distributions now made it all a bit easier while at the same time Windows tightened security quite a bit (I mean, look back at Win95 and tell me they didn't...). The are approaching each other... if they haven't met already in the middle between the two extremes.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re:Hmmm by mystikkman · · Score: 1, Insightful

    So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.

    The point of comparison should be between the server OSes. So, do you really think Linux on the server is more secure than Windows Server 2012R2 ?

  6. Re:what? by NotSanguine · · Score: 3, Insightful

    > may use infected Linux systems to launch DDoS attacks against the entertainment industry...

    WHERE IS THE DOWNLOAD LINK?

    It's behind a registration form so that the fine folks at Prolexic can get your PII for marketing purposes. One of the *many* benefits is that once you register, nice folks from Prolexic will send you emails and maybe even call you on the phone to let you know about all the wonderful products and services you can buy from them.

    So many vendors just report this kind of stuff to CERT so it gets assigned a stupid CVE number and all the details are then available without the consumer of information giving up any PII that can be used to sell them stuff. Stupid vendors!

    Prolexic is using a real vulnerability to enhance their contacts DB and increase the surface area of their sales efforts. Disgusting.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
  7. Re:must me false by benjymouse · · Score: 5, Insightful

    Yes, but there is a logical reason for this.

    Linux and Windows approach security in totally different ways. When you load a Linux kernel, it's secure, it starts that way. When you load windows, it's NOT secure, you have to load other stuff to make it secure.

    Sorry, but that is BS. When you load Linux it comes up with a security model through which there has already (by design) been punched a big hole: SUID. When you load Windows it comes up with a security model which has no need for such a massive hole. Countless otherwise benign bug has been turned into total system compromise bugs because of SUID.

    Under Windows, all kernel objects types are securable with security descriptors. Linux was designed with only file system permissions. Processes did not have security descriptors, and such objects need to be mapped to files and filepermissions used to (inadequately) describe access permissions.

    Windows services run in a separate session - interprocess communication is severely restricted. A process in another session cannot break through to e.g. the desktop, i.e. a daemon/background service cannot interact with the desktop. There is no such isolation in Linux unless you run SELinux. In Windows it is the default.

    Most Windows services run under service hardening. Even custom sites you set up will by default run under service hardening. Under service hardening an ad-hoc identity is implicitly created for the service/website and this identity has no permissions whatsoever by default. It has to be granted any access permission it needs. You'd have to run SELinux or apparmor with a significant amount of configuration to achieve the same level of isolation under Linux. Under Windows it is default and straightforward.

    Windows has mandatory DEP, much stronger ASLR, stack and heap encryption/checksumming and several other mitigation technologies not found in Linux. On by default.

    Windows boxes? They come out of the install process wide open with a whole raft of dangerous services turned on. Not to mention they are starting from the security posture of Windows 3.1

    What century do you live in? Since Windows Server 2008 (!) only the minimal set of services are turned on, and *no* network facing services until you configure them.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  8. Re:JAVA by c0d3g33k · · Score: 3, Insightful

    The applications you mention are all Open Source, which people on here keep insisting are secure.

    Nope. This is a varied community, so people here believe lots of things, but probably not as many believe this simplistic view as you think.

    FLOSS applications have the *potential* to be more secure than proprietary/closed source. They also have the potential to become more secure over time if the community/contributors have more resources available to fix security problems than a proprietary vendor. Most importantly, FLOSS applications can be scanned by anyone for bugs and security problems, and fixed by anyone. Those activities are limited for proprietary code to those who have access to it and allowed (by privilege or managerial decree) to fix it or even publicise that there's a problem in the first place.

    Depending on the situation (skillset of the development team, size of the team, interest in maintaining and fixing the code), this can either lead to a particular piece of FLOSS or proprietary code being more secure. *In general*, it seems that FLOSS code tends to be more secure because greater resources can be brought to bear, particularly over time as proprietary vendors stop supporting code for older products and move their teams on to something new (gotta keep paying the bills). In some cases that doesn't hold true and proprietary code is more secure.