New Linux Trojan Is A DDoS Tool, a Bitcoin Miner, and Web Ransomware (softpedia.com)

← Back to Stories (view on slashdot.org)

New Linux Trojan Is A DDoS Tool, a Bitcoin Miner, and Web Ransomware (softpedia.com)

Posted by EditorDavid on Saturday August 20, 2016 @07:30PM from the revenge-of-the-fake-ransomware dept.

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

7 of 63 comments (clear)

Min score:

Reason:

Sort:

Open source is more secure by Anonymous Coward · 2016-08-20 19:54 · Score: 4, Insightful

After all, you have millions of people looking over source code, so any bugs and vulnerabilities are guaranteed to be found and repaired quickly. This will be fixed quickly and only a few systems will be exploited. On Windows, however, this would be crippling, spreading to many millions of systems while Microsoft waited a month or two to issue a fix. This isn't a story because open source software is guaranteed to be fixed quickly.
1. Re:Open source is more secure by Aristos+Mazer · 2016-08-20 19:57 · Score: 4, Insightful
  
  Patches may be available quickly. Whether those get applied or not is a different story.
2. Re:Open source is more secure by gweihir · 2016-08-20 22:30 · Score: 4, Interesting
  
  The finding is not the main thing. The main difference is that once you know you have a problem, with OSS you can do something about it, while with closed source you can only hope the vendor will.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
PSA: This does not affect Windows by Anonymous Coward · 2016-08-20 20:19 · Score: 4, Funny

If you're a Windows user, you have nothing to worry about. Only Linux is affected by this trojan.
You gotta love yellow journalism by Rosco+P.+Coltrane · 2016-08-20 20:33 · Score: 4, Informative

Linux has nothing to do with this. It's a Drupal security issue.
I expected better reporting of an issue like this from Slashdot. Then again, maybe not...

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re: You gotta love yellow journalism by Rosco+P.+Coltrane · 2016-08-20 22:28 · Score: 4, Insightful
  
  I agree. Open source and Linux should never be criticized. Any criticism is false and, therefore, is yellow journalism. I find any criticism of Linux to be highly offensive and indicative of spamming from paid Microsoft trolls.
  Way to mix issues here.
  1/ Should open source or Linux be criticized? Hell yes, if there are reasons to.
  2/ You conflate Linux and open-source. They aren't the same issues - they aren't even the same thing. Open-source is a development and business model and Linux is a fucking kernel.
  3/ Drupal is to be critized here. Not Linux. Linux as a kernel is doing what the flawed middleware on top of it tells it to. No more, no less. Show me a Linux kernel exploit and I'll be the first to criticize Linux. But in this case, it ain't the culprit.
  I can sort of understand people mixing up GNU things and the Linux kernel, because it's been done for years, and people grew tired of hearing Stallman repeat "it's not Linux, it's GNU/Linux" a long time ago. But Drupal has never been remotely connected to Linux. What next? Run Drupal on FreeBSD and claim FreeBSD has been owned by a trojan?
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
2. Re:You gotta love yellow journalism by MisterSquid · 2016-08-21 03:56 · Score: 4, Insightful
  
  To be fair, the cited (and likely incomplete) list from the summary is "compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS." The takeaway here is pretty much this: widespread deployment of shitty PHP and Java apps strikes again ... -PCP
  This isn't a problem of the "widespread deployment of shitty PHP and Java apps". The vulnerability which this Trojan exploits is CVE-2014-3704 and was patched by Drupal Security Team on the 15th of October in 2014
  The circumstances and agents which have led to this Trojan exploiting Linux systems and Drupal frameworks in the wild is, as with many such things, are multiple and varied. They include installations that are underresourced, shops with critical dependencies that cannot easily upgrade, web apps that at first and second glance do not have interfaces outside an intranet, etc. etc. and so on and so forth
  The key is to stop pointing fingers and laying blame, unless the fingers point to the creators and distributors of the malware. The exploitation and abuse of computer infrastructure is part of territory. Blaming failures on the vulnerable is a sysadmin's version of victim-blaming and does little to mitigate the problem and much to generate community dysfunction.
  Instead of finger pointing, spread the word, inform your unknowing and unwitting colleagues, train junior developers about how to remain secure for multiple computing environments with complex layers of computing infrastructure.
  Our great-great-great-great grandchildren will thank you.
  
  --
  blog