The first Linux botnet?

Recent reports have it that Linux has been infected by its first botnet. In one word: "Nah."

Has Linux security been breached? Are Linux systems in danger of being transformed into botnet zombies the way millions of Windows PCs have been? In a word: "Nah."

According to a report in The Register, A Russian security researcher, Denis Sinegubko, has discovered a cluster of infected Linux servers that have been corralled into a botnet, which is then used to distribute malware to Windows users.

Ah, Windows fans everywhere, I hate to break this to you but compromised Linux servers have been used for ages to run Windows botnets. After all, if you had a couple of hundred of thousand Windows PCs at your beck and call would you use Windows to control them? Of course not!

Yes, Linux servers have been broken into manually. There is not, I repeat, is not, any malware that automatically convert Linux desktops or servers into virus-spreading boxes. All that has happened is that someone, as many others have in the past, has busted into improperly secured Linux servers.

I've said it before. I'll say it again. Security is a process, not a product.

I don't care if you're running Windows 7, Linux, or OS/2, if you don't keep your programs updated and use reasonable security such as non-trivial passwords and basic firewalls, you're in danger of having your PC broken into.

The difference between the 100-node Linux machine cluster that Sinegubko found and real Windows botnets, which in 2006 averaged 20,000 PCs, is that Windows, which is insecure by design, can be made over into a bot by simply going to the wrong Web site or opening a corrupted e-mail.

The Linux servers, on the other hand, simply have lousy security. Sinegubko himself comments, "It just occurred to me that hackers may simple have root passwords from those hacked servers. After all this iframe attack uses stolen FTP passwords to inject hidden iframes into legitimate web sites. So the chances are local computers of the server administrators were infected with spyware that steals FTP credentials, and the admins were dumb enough to use the root account for (S)FTP operations and even dumber to store their root passwords in FTP program settings."

This isn't bad security practice. This is "Fire the system administrator now," security.

So, in short, Linux remains as safe as ever from malware and Windows remains as vulnerable to malware as ever. But, with good security Linux and Windows both can be made much more secure and with bad security practices, either can be broken into easily. Linux malware botnets though? No, not yet, and I don't see it happening any time soon.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies