The first Linux botnet?
Recent reports have it that Linux has been infected by its first botnet. In one word: "Nah."
Has Linux security been breached? Are Linux systems in danger of being transformed into botnet zombies the way millions of Windows PCs have been? In a word: "Nah."
According to a report in The Register, A Russian security researcher, Denis Sinegubko, has discovered a cluster of infected Linux servers that have been corralled into a botnet, which is then used to distribute malware to Windows users.
Ah, Windows fans everywhere, I hate to break this to you but compromised Linux servers have been used for ages to run Windows botnets. After all, if you had a couple of hundred of thousand Windows PCs at your beck and call would you use Windows to control them? Of course not!
Yes, Linux servers have been broken into manually. There is not, I repeat, is not, any malware that automatically convert Linux desktops or servers into virus-spreading boxes. All that has happened is that someone, as many others have in the past, has busted into improperly secured Linux servers.
I've said it before. I'll say it again. Security is a process, not a product.
I don't care if you're running Windows 7, Linux, or OS/2, if you don't keep your programs updated and use reasonable security such as non-trivial passwords and basic firewalls, you're in danger of having your PC broken into.
The difference between the 100-node Linux machine cluster that Sinegubko found and real Windows botnets, which in 2006 averaged 20,000 PCs, is that Windows, which is insecure by design, can be made over into a bot by simply going to the wrong Web site or opening a corrupted e-mail.
The Linux servers, on the other hand, simply have lousy security. Sinegubko himself comments, "It just occurred to me that hackers may simple have root passwords from those hacked servers. After all this iframe attack uses stolen FTP passwords to inject hidden iframes into legitimate web sites. So the chances are local computers of the server administrators were infected with spyware that steals FTP credentials, and the admins were dumb enough to use the root account for (S)FTP operations and even dumber to store their root passwords in FTP program settings."
This isn't bad security practice. This is "Fire the system administrator now," security.
So, in short, Linux remains as safe as ever from malware and Windows remains as vulnerable to malware as ever. But, with good security Linux and Windows both can be made much more secure and with bad security practices, either can be broken into easily. Linux malware botnets though? No, not yet, and I don't see it happening any time soon.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
GNU/Linux Makes Good Servers
If they are left unsecured, malware artists will choose them for command/control/distribution. They can be used for good or evil.By way of comparison, M$ publishes stats on finding malware using MSRT. They report finding several percent of PCs running Vista have malware from their short list.
see http://www.microsoft.com/security/portal/Threat/SIR.aspx
see http://blogs.technet.com/mmpc/archive/2009/08/27/msrt-august-top-detection-reports.aspx
They end up with unknown millions of PCs in botnets. A few thousand servers out of tens of millions of servers running GNU/Linux is a much smaller percentage, like 0.1% instead of 3%. Server have ports open. To be this secure they need reasonable configuration and reasonable administration.
Editing Error In "The first Linux botnet?" Article
The last sentence of second paragraph seems to be truncated.The "Is t" just doesn't make sense by itself.
Stephen was in such a hurry
Stephen was in such a hurry to get this published that he didn't have time to proofread. Funny how this "cyber cynic" suddenly turns "journalist" when he needs to defend Linux.