The first Linux botnet?
Recent reports have it that Linux has been infected by its first botnet. In one word: "Nah."
Has Linux security been breached? Are Linux systems in danger of being transformed into botnet zombies the way millions of Windows PCs have been? In a word: "Nah."
According to a report in The Register, A Russian security researcher, Denis Sinegubko, has discovered a cluster of infected Linux servers that have been corralled into a botnet, which is then used to distribute malware to Windows users.
Ah, Windows fans everywhere, I hate to break this to you but compromised Linux servers have been used for ages to run Windows botnets. After all, if you had a couple of hundred of thousand Windows PCs at your beck and call would you use Windows to control them? Of course not!
Yes, Linux servers have been broken into manually. There is not, I repeat, is not, any malware that automatically convert Linux desktops or servers into virus-spreading boxes. All that has happened is that someone, as many others have in the past, has busted into improperly secured Linux servers.
I've said it before. I'll say it again. Security is a process, not a product.
I don't care if you're running Windows 7, Linux, or OS/2, if you don't keep your programs updated and use reasonable security such as non-trivial passwords and basic firewalls, you're in danger of having your PC broken into.
The difference between the 100-node Linux machine cluster that Sinegubko found and real Windows botnets, which in 2006 averaged 20,000 PCs, is that Windows, which is insecure by design, can be made over into a bot by simply going to the wrong Web site or opening a corrupted e-mail.
The Linux servers, on the other hand, simply have lousy security. Sinegubko himself comments, "It just occurred to me that hackers may simple have root passwords from those hacked servers. After all this iframe attack uses stolen FTP passwords to inject hidden iframes into legitimate web sites. So the chances are local computers of the server administrators were infected with spyware that steals FTP credentials, and the admins were dumb enough to use the root account for (S)FTP operations and even dumber to store their root passwords in FTP program settings."
This isn't bad security practice. This is "Fire the system administrator now," security.
So, in short, Linux remains as safe as ever from malware and Windows remains as vulnerable to malware as ever. But, with good security Linux and Windows both can be made much more secure and with bad security practices, either can be broken into easily. Linux malware botnets though? No, not yet, and I don't see it happening any time soon.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
James Gaskin
Learn How To Print Pages In Order with Ink Jet Printers
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
GNU/Linux Makes Good Servers
If they are left unsecured, malware artists will choose them for command/control/distribution. They can be used for good or evil.By way of comparison, M$ publishes stats on finding malware using MSRT. They report finding several percent of PCs running Vista have malware from their short list.
see http://www.microsoft.com/security/portal/Threat/SIR.aspx
see http://blogs.technet.com/mmpc/archive/2009/08/27/msrt-august-top-detection-reports.aspx
They end up with unknown millions of PCs in botnets. A few thousand servers out of tens of millions of servers running GNU/Linux is a much smaller percentage, like 0.1% instead of 3%. Server have ports open. To be this secure they need reasonable configuration and reasonable administration.
Editing Error In "The first Linux botnet?" Article
The last sentence of second paragraph seems to be truncated.The "Is t" just doesn't make sense by itself.
Stephen was in such a hurry
Stephen was in such a hurry to get this published that he didn't have time to proofread. Funny how this "cyber cynic" suddenly turns "journalist" when he needs to defend Linux.