Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.

But I've thought that linux was secure

clearly the story is a fake there is no virus for linux because linux is OPEN SORES which means its BUGS are shallow and it is FREE FROM MALWARE. Wasn't freedom from malware one of the four freedoms?

Um... What Access Control?

[ewhac]

The developers are fairly up-front about this:

Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket. [ emphasis mine ]

There is an "authentication" feature, but it's amazingly primitive, and the credentials are sent in the clear -- in other words, next to useless. The rest of the page makes it fairly clear: If you are running a Redis server accepting connections from the open Internet, you are an idiot.

Clickbait

[ilsaloving]

So in other words, the whole article/summary is flamebait/clickbait. Only an idiot would install a server and not configure an admin password.

Saying that "Linux has malware!" because morons misconfigure an application running on Linux, is like saying "Windows has malware!" because SQL Server was installed with a blank sa password. I mean, sure, Windows does have malware, but this is just clickbait nonsense.

Hey we've arrived!

[rune2]

This is the year of the Linux desktop! ;-)

Re:Okay, let me be the first to ask

[Narcocide]

Its just memcache for hipsters.

Unfit stance on security for the 21st century

[burni2]

I think that this "trusted" within "trusted environments" scheme is unfit for todays and future IT integration.

Because it will not encourage the developer(s) to write code with security in mind(*). Because it will remove this vector from their mindset.

Secondly as an integrator you would need to built that trusted environment, infrastructure and with a "security neglecting" application another headache.

Many security breaches manifest themself with a breakin into those "trusted enviroments", and my personal point is there is no such thing like a "trusted environment" instead it should be called "not-directly-exposed environment"

And yes even your localhost applications should have authentification, because that todays infrastructure is so complex even without neglectence it is so incredible easy to do things wrong.[1]

(*)Security in mind:
- Learn from mistakes of other - read exploited code understand why it was exploited and learn from the safe replacement

- Thinking: your program is prey in a big bucket filled with parasites as well as predators that will use every chance you give them

- basically secure by default, not secured by a long terms of service.

[1] https://apache.slashdot.org/st...