Got Linux & Internet? WORRY.

No more Linux security bragging: botnet discovery worry

Bad guys have created a botnet of Linux Web servers. In a way, that's even more frightening than regular botnets of compromised Windows PCs. In IT Blogwatch, bloggers ask if this is the end for Linux's claim to be more secure than Windows; or is it just a load of old hokum?

By Richi Jennings. September 14, 2009.

Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention another classic Photoshop disaster...

Dan Goodin warns of a "Linux botnet":


A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware. ... The infected machines ... serve legitimate traffic on port 80, the standard TCP port used by websites. Behind the scenes, the rogue server sends malicious traffic over port 8080.
...
Malicious payloads are then delivered with the help of dynamic DNS hosting providers, which offer free domain names that are mapped to the IP address of the zombie webserver. ... With about 100 nodes, the network is relatively small, making it unclear exactly what the attackers' intentions are. All of the boxes examined so far have run the Apache webserver on various distributions of Linux.


StopBadware's Maxim Weinstein has more:


Over at the Unmask Parasites blog, periodic BadwareBusters.org contributor Denis reports on a botweb (a term coined by our own Oliver Day) that he's been investigating. ... The blog post contains a much more thorough analysis of the issue and is worth a read, especially if you work for a hosting provider or manage Linux-based web servers.

Meanwhile, we've reached out to Denis to see if we can assist in notifying providers that are hosting compromised servers.


Denis Sinegubko is the horse with the mouth:


It began when I started to notice a new pattern in domains of hidden iframes. ... I realized that all those domains were registered with free dynamic DNS hosting providers: DynDNS.com and No-IP.com. These sites allow anyone to register any third-level domain for free and point it to any static or dynamic IP-address. ... most of the third-level domains point to different IP addresses. Currently active domains from my list point to 77 unique IPs all over the world. ... It's time to check if have an unauthorized web server working on port 8080.
...
Each server works as a load balancer for other malicious servers used in this attack. When you try to load any iframe URL, you get redirected to a random server. ... What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with common control center involved in malware distribution. ... Who knows what else can those infected web server do? They may be involved in SPAM distribution, in DDOS attacks, etc. They can do just everything normal zombie computers do, but more effectively thanks to better Internet connection.

 

Please do NOT post in HTML!

On Wed, 30 Sep 2009 15:34:37 -0500, "STAN STARINSKI" <NoSpam@NoSpam.org>
wrote in <#78n7IgQKHA.4428@TK2MSFTNGP02.phx.gbl>:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
>No more Linux security bragging: botnet discovery worry
>
>Bad guys have created a botnet of Linux Web servers. In a way, that's even more frightening than regular botnets of compromised Windows PCs. In IT Blogwatch, bloggers ask if this is the end for Linux's claim to be more secure than Windows; or is it just a load of old hokum?
>
>By Richi Jennings. September 14, 2009.
>
>Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention another classic Photoshop disaster...
>
>Dan Goodin warns of a "Linux botnet":
>
>
> A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware. ... The infected machines ... serve legitimate traffic on port 80, the standard TCP port used by websites. Behind the scenes, the rogue server sends malicious traffic over port 8080.
> ...
> Malicious payloads are then delivered with the help of dynamic DNS hosting providers, which offer free domain names that are mapped to the IP address of the zombie webserver. ... With about 100 nodes, the network is relatively small, making it unclear exactly what the attackers' intentions are. All of the boxes examined so far have run the Apache webserver on various distributions of Linux.
>
>
>StopBadware's Maxim Weinstein has more:
>
>
> Over at the Unmask Parasites blog, periodic BadwareBusters.org contributor Denis reports on a botweb (a term coined by our own Oliver Day) that he's been investigating. ... The blog post contains a much more thorough analysis of the issue and is worth a read, especially if you work for a hosting provider or manage Linux-based web servers.
>
> Meanwhile, we've reached out to Denis to see if we can assist in notifying providers that are hosting compromised servers.
>
>
>Denis Sinegubko is the horse with the mouth:
>
>
> It began when I started to notice a new pattern in domains of hidden iframes. ... I realized that all those domains were registered with free dynamic DNS hosting providers: DynDNS.com and No-IP.com. These sites allow anyone to register any third-level domain for free and point it to any static or dynamic IP-address. ... most of the third-level domains point to different IP addresses. Currently active domains from my list point to 77 unique IPs all over the world. ... It's time to check if have an unauthorized web server working on port 8080.
> ...
> Each server works as a load balancer for other malicious servers used in this attack. When you try to load any iframe URL, you get redirected to a random server. ... What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with common control center involved in malware distribution. ... Who knows what else can those infected web server do? They may be involved in SPAM distribution, in DDOS attacks, etc. They can do just everything normal zombie computers do, but more effectively thanks to better Internet connection. <!--colorc--><!--/colorc-->

--
Best regards,
John <http: avasgroup.com>

 

The OP is a troll with sock puppets...

Just sayin'.

On 9/30/09, John Navas posted:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Please do NOT post in HTML!<!--colorc--><!--/colorc-->
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> On Wed, 30 Sep 2009 15:34:37 -0500, "STAN STARINSKI" <NoSpam@NoSpam.org>
> wrote in <#78n7IgQKHA.4428@TK2MSFTNGP02.phx.gbl>:<!--colorc--><!--/colorc-->
<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
>> No more Linux security bragging: botnet discovery worry
>>
>> Bad guys have created a botnet of Linux Web servers. In a way, that's even
>> more frightening than regular botnets of compromised Windows PCs. In IT
>> Blogwatch, bloggers ask if this is the end for Linux's claim to be more
>> secure than Windows; or is it just a load of old hokum?
>>
>> By Richi Jennings. September 14, 2009.
>>
>> Your humble blogwatcher selected these bloggy morsels for your enjoyment.
>> Not to mention another classic Photoshop disaster...
>>
>> Dan Goodin warns of a "Linux botnet":
>>
>>
>> A security researcher has discovered a cluster of infected Linux servers
>> that have been corralled into a special ops botnet of sorts and used to
>> distribute malware. ... The infected machines ... serve legitimate traffic
>> on port 80, the standard TCP port used by websites. Behind the scenes, the
>> rogue server sends malicious traffic over port 8080. ... Malicious
>> payloads are then delivered with the help of dynamic DNS hosting providers,
>> which offer free domain names that are mapped to the IP address of the
>> zombie webserver. ... With about 100 nodes, the network is relatively small,
>> making it unclear exactly what the attackers' intentions are. All of the
>> boxes examined so far have run the Apache webserver on various distributions
>> of Linux.
>>
>>
>> StopBadware's Maxim Weinstein has more:
>>
>>
>> Over at the Unmask Parasites blog, periodic BadwareBusters.org contributor
>> Denis reports on a botweb (a term coined by our own Oliver Day) that he's
>> been investigating. ... The blog post contains a much more thorough analysis
>> of the issue and is worth a read, especially if you work for a hosting
>> provider or manage Linux-based web servers.
>>
>> Meanwhile, we've reached out to Denis to see if we can assist in notifying
>> providers that are hosting compromised servers.
>>
>>
>> Denis Sinegubko is the horse with the mouth:
>>
>>
>> It began when I started to notice a new pattern in domains of hidden
>> iframes. ... I realized that all those domains were registered with free
>> dynamic DNS hosting providers: DynDNS.com and No-IP.com. These sites allow
>> anyone to register any third-level domain for free and point it to any
>> static or dynamic IP-address. ... most of the third-level domains point to
>> different IP addresses. Currently active domains from my list point to 77
>> unique IPs all over the world. ... It's time to check if have an
>> unauthorized web server working on port 8080. ... Each server works as a
>> load balancer for other malicious servers used in this attack. When you try
>> to load any iframe URL, you get redirected to a random server. ... What we
>> see here is a long awaited botnet of zombie web servers! A group of
>> interconnected infected web servers with common control center involved in
>> malware distribution. ... Who knows what else can those infected web server
>> do? They may be involved in SPAM distribution, in DDOS attacks, etc. They
>> can do just everything normal zombie computers do, but more effectively
>> thanks to better Internet connection. <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

--
Gene Bloch 650.366.4267 lettersatblochg.com

 

Re: MY CELL PHONE USES LINUX!

STAN STARINSKI wrote: > I second that.

 

I second that.

 

Re: MY CELL PHONE USES LINUX!

So?