Slashdot Mirror
Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines
An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk.
Here's the white paper in which the researchers explain the exploit.
You can be insecure on any machine, same as you can be a dick in any language.
If you have a non-package binary installed on your system, it's user-error. You have decided to run that, and done that with privileges enough to run it.
This isn't packaged with any software, except for a spam-generating (mass mailing) software anyway. Just that those spammers didn't know they were being used to spam for others too.
Same as if you just run a program on a Windows machine. It's got FUCK ALL to do with open-source, but don't let that stop you.
And packaged open-source software is hash-checked and signed by the distributors. This has not been found in ANY repository of distribution packages. It's a random program that someone has decided to install, and is bundled with spam-generating software, so that's how it "kept quiet"... the people installing didn't give a shit about what they were installing, or the mass-mailing they were already doing. It's like getting a virus from a game crack.
But, please, continue to think you're superior because "lol OS is insecure". I don't actually see any difference between your unrelated argument and, say, "lol Xbox sucks because".
It's not even very good.
If you have noexec /tmp, it can't even start. That's been the default in almost every distro for years.
And it's a random third-party binary. It's not like it got into package repositories or a major piece of software. Some cock downloaded a piece of malware, of his own accord, outside of package management on a Linux machine. And so few people did that, it wasn't even showing up on the radar.
God, if I had a penny for every spam email sent from a compromised Windows computer that I've had brought to me and been asked to clean, I'd have earned more than a year's wages already.
These PEBKAC exploits happen more often than you might think on Linux
WTF?
Decent people don't want to be associated with people like MikeeUSA, the fact that the anti-systemd people seem happy to associate with him isn't going to help their cause.
What about this one: "decent people don't want to be associated with people like Hitler, the fact that the vegetarian people seem happy to associate with him isn't going to help their cause."
See what I did there? (no, that doesn't qualify as Godwin, not yet)
I'm one of these anti-systemd people, and I don't want to be associated in anyway with a troll like MikeeUSA. He's behavior has nothing to do with accepting or not systemd and trying to make some kind of true-scotman-non-sequitur-bullshit out of it is utter non-sense.
No, it turned out they where lying.
Yes, you're right, anti-systemd people are not all insane, but some of the most vocal of them are.
(And it's not just good old "I want to marry 12 year old girls" MikeeUSA, there are also the "systemd will eat your ouput" loons, the "systemd is an NSA plot" obsessives, the "systemd is an end run around the GPL" tin-foil hatters...)
Watch this Heartland Institute video
"Second, if you don't know how to detect this, you shouldn't be running servers."
How's about a real answer or at least a link to a resource to help someone learn what they need to know rather than acting high and mighty?
That's always been one of the bigger problems facing linux adoption. :P
Read the article? What madness is this?
I haven't read it either and I'll still agree with MobileTatsu-NJG here: the huge benefit with OSS that people keep talking about is that thousand of people looking at the source code are able to find bugs, trojans and backdoors. And this particular problem is over five years old, too.
Get free satoshi (Bitcoin) and Dogecoins
Closed source community: No problem. I will send you a quick checklist to get started. You can always drop me a PM if you need more help. :)
Open source community: Aarrggh! How many times do I have to say it? Read the fucking manual! If you still get into trouble, you deserve it.
yet how often do you actually reboot? Once a year? twice?
i thought once I was found, but it was only a dream.
Yes, you're right, anti-systemd people are not all insane, but some of the most vocal of them are.
Congratulations on your insightful mod, there, for your fallacious characterization. As if we needed more proof that this place has gone to shit.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
However, that doesn't change the reality that the "many eyes" claim is a myth,
What? No, no it is not. The fact is that many bugs and vulnerabilities are found because of "many eyes", while we have to wait for either a vendor or a malicious attacker to find and announce vulnerabilities in closed-source software. Nobody credible ever claimed that "many eyes" makes FOSS invulnerable to bugs, back doors, etc. The claim is that it makes it less vulnerable, through better practice. Now, if you can provide a citation that shows this is false, I'll show you a paper full of lies — because a comparison is impossible, because the code we most care about isn't available for analysis and comparison. Without the code for the massive and common operating systems and packages which users commonly run, you can't actually make a meaningful comparison.
So, since we can't prove the claim either way, but we certainly have plenty of evidence that it does work that way since many eyes do in fact often find flaws through code analysis of FOSS but those many eyes do not find flaws in code analysis of closed-source software due to lack of availability. Therefore, the onus of proof is on you — if you want to show that something behaves counterintuitively, you're going to have to prove it.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Installing joomla/wordpress implies installing PHP, and that means your security is dead right there.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Sure it's a myth. There are bugs in open source products that have been sitting there out in the open for YEARS without anyone recognizing them until they're exploited. Shellshock and Hearbleed (OpenSSL library - you can't get much more critical than that) prove once again that the "many eyes" that are not bothering to look because they all have something else to do (like scratching their own itch) proves that you also have to wait for a malicious attacker to find the vulnerabilities before they're fixed.
It's simply not a "better practice" - just different - and the myth leaves people open to exercising less caution out of an erroneous feeling that someone out there is going over the code to fix it just because it's open source. We all know that debugging and fixing code is a lot less attractive to people than writing new code, and that's simply not going to change, because it's human nature. Most programmers simply do not like to do code maintenance, which is why proprietary software with revenue streams have both an incentive and the means to PAY people to do the maintenance.
Which I guess is why the Windows kernel is now more secure than either the Linux or BSD kernels. So, citation provided :-)
Am I happy about it? No, but that's the reality of it, and denying it is being willfully negligent.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.