by sjvn
Security

The first Linux botnet?

Recent reports have it that Linux has been infected by its first botnet. In one word: "Nah."

27 comments | 61I like it!
September 12, 2009, 08:41 PM — 

Has Linux security been breached? Are Linux systems in danger of being transformed into botnet zombies the way millions of Windows PCs have been? In a word: "Nah."

According to a report in The Register, A Russian security researcher, Denis Sinegubko, has discovered a cluster of infected Linux servers that have been corralled into a botnet, which is then used to distribute malware to Windows users.

Ah, Windows fans everywhere, I hate to break this to you but compromised Linux servers have been used for ages to run Windows botnets. After all, if you had a couple of hundred of thousand Windows PCs at your beck and call would you use Windows to control them? Of course not!

Yes, Linux servers have been broken into manually. There is not, I repeat, is not, any malware that automatically convert Linux desktops or servers into virus-spreading boxes. All that has happened is that someone, as many others have in the past, has busted into improperly secured Linux servers.

I've said it before. I'll say it again. Security is a process, not a product.

I don't care if you're running Windows 7, Linux, or OS/2, if you don't keep your programs updated and use reasonable security such as non-trivial passwords and basic firewalls, you're in danger of having your PC broken into.

The difference between the 100-node Linux machine cluster that Sinegubko found and real Windows botnets, which in 2006 averaged 20,000 PCs, is that Windows, which is insecure by design, can be made over into a bot by simply going to the wrong Web site or opening a corrupted e-mail.

The Linux servers, on the other hand, simply have lousy security. Sinegubko himself comments, "It just occurred to me that hackers may simple have root passwords from those hacked servers. After all this iframe attack uses stolen FTP passwords to inject hidden iframes into legitimate web sites. So the chances are local computers of the server administrators were infected with spyware that steals FTP credentials, and the admins were dumb enough to use the root account for (S)FTP operations and even dumber to store their root passwords in FTP program settings."

This isn't bad security practice. This is "Fire the system administrator now," security.

So, in short, Linux remains as safe as ever from malware and Windows remains as vulnerable to malware as ever. But, with good security Linux and Windows both can be made much more secure and with bad security practices, either can be broken into easily. Linux malware botnets though? No, not yet, and I don't see it happening any time soon.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Comments

GNU/Linux Makes Good Servers

If they are left unsecured, malware artists will choose them for command/control/distribution. They can be used for good or evil.

By way of comparison, M$ publishes stats on finding malware using MSRT. They report finding several percent of PCs running Vista have malware from their short list.

see http://www.microsoft.com/security/portal/Threat/SIR.aspx
see http://blogs.technet.com/mmpc/archive/2009/08/27/msrt-august-top-detection-reports.aspx

They end up with unknown millions of PCs in botnets. A few thousand servers out of tens of millions of servers running GNU/Linux is a much smaller percentage, like 0.1% instead of 3%. Server have ports open. To be this secure they need reasonable configuration and reasonable administration.
| reply

Editing Error In "The first Linux botnet?" Article

The last sentence of second paragraph seems to be truncated.
The "Is t" just doesn't make sense by itself.
| reply

Stephen was in such a hurry

Stephen was in such a hurry to get this published that he didn't have time to proofread. Funny how this "cyber cynic" suddenly turns "journalist" when he needs to defend Linux.
| reply
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace