ESET: Hackers Hijack 25,000 UNIX Servers to Build a Malware Army

24

Comments

+ Add a Comment
avatar

tristone

Search for the below sentence in the original report( http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf ).

'No vulnerabilities were exploited on the Linux servers; only stolen credentials were leveraged'

avatar

Pr3d@t0r

There is a big difference between desktop & server in the way they are used.Servers are valuable targets because they have the resources & bandwidth that could be used by bad actors.Hence, they are targeted a lot.If the "individual" is someone "important", then there is chance that He could be "targeted" in an attack by finding "vulnerabilities" in his box...by planting a "zero-day" ****kit on his system which a security solution like an antivirus or security suite has no defense against.So, If you think your box is secure,Do This:- Try pasting information about your bank account,credit/debit card details on a notepad on your desktop...& announce on the internet that You have "posted" your financial details there, then see the "Magic" as it happens....have a nice day.....

avatar

Bullwinkle J Moose

Bank Details have been posted to my desktop in a Textfile

I don't have time to wait for the magic to happen so please post the contents of the textfile right here at Max PC if you can read it!

Have a nice day

I will leave the computer on for 24 hours so you can work yer majic

LOL

I'm not joking!
GO FOR IT!

You might have a hard time planting a zero-day exploit on this box though
But you are free to try for the next 24 hours

There is only 1 textfile on my desktop and it's called BANK DETAILS
Have you found it yet?

What icons are on my desktop?
What color is my desktop background or is it a picture, I forget?
Just grab a screenshot

NSA punkasslittlebitches are welcome to play this game too!

Chinese, Russian and Israeli Military can play if you promise not to melt my CPU core from orbit
JUST POST THE BANK DETAILS textfile here at Maximum Propaganda

Cmon now, it can't be too hard can it?

Shall we rerun this game again on April 8th so you have time to notify everyone on the Planet?

avatar

Bullwinkle J Moose

It has been 24 hours since my original post above

and here are the results>

NSA Failed
Russian Hackers Failed
Chinese Hackers Failed
Israeli Hackers Failed
Everyone Else Failed

Better Luck Next Time Pr3d@t0r!
You have until April 8th to notify the Worlds Top Hackers for a rematch, otherwise your post is a complete FAIL!!!

avatar

MaximumMike

I do love your posts Bullwinkle.

avatar

nightkiller

You've got it all wrong. These are actually Windows Servers masquerading as Unix servers.

And there was peace at Slashdot.

There, fixed that.

avatar

COMMANDER_COOK

This malware gets in using stolen credentials. It is not using any software exploits, so there's really no room to criticize Linux.

avatar

PCWolf

I love how Linux fan boys act like Apple iTards and boast of how we should all dump Windows & get Linux while singing the "Linux is so secure" songs. Linux is just as susceptible as any other OS.

Anyways, What are the Owners of these servers & their IT departments doing?? Sleeping?? Why aren't these Servers checked for Compromises on a daily basis? Server Owners should be held liable for their Lax security & the damage caused by their compromised hardware not being properly maintained just so they can save a few bucks at other peoples expense.

avatar

bpstone

Linux is a kernel. A system is only as secure as you make it to be. Failure to regularly update, lock-down and detect potential threats falls on the users. Software cannot fix human stupidity. When properly maintained, major Linux distros offer a level of security that rivals Windows. 100% secure is a myth. The persons claiming such malarkey have probably contributed to the black market without even knowing it. ;)

avatar

jgottberg

Speaking with some experience, breaches in security almost always come from within. Be it email attachments, social engineering or just casual web browsing on endpoints. Infected servers are usually the casualties of those scenarios.

Sometimes an IT department has their hands tied and are the victims of circumstance. For instance, right now is tax time. Most accounting firms are 24X7 operations that can't afford even the slightest downtime for patching and reboots which makes them susceptible. it's the risk/reward equation. Does it cost more to patch and have servers down just in case or take a chance on getting hit and spending time remedying.

avatar

MaximumMike

I agree. When did it become ok to serve up crap to the rest of the world? I wonder how long a restaurant would stay in business if it was revealed that the owner was renting a refrigerator to some nefarious character who was using it to cultivate diseases and then covertly introducing them into the restaurant's outgoing meals.

avatar

MaximumMike

But wait. I thought Unix was impervious to malware.

avatar

Bullwinkle J Moose

You must be thinking of Windows XP

Redirecting you to a malware site that steals logon credentials affects every machine including READ ONLY Linux Live CD's

However, protecting an XP machine with Driveshield, an aftermarket firewall and a free antivirus lets me go to all the malware sites without worrying about infecting "My" box

I am still looking for any malware that can take down my Windows XP-SP2 machine

I have full Admin access and absolutely NO Critical Updates from Microsoft yet I have never had a malware problem inside my box

No SP3
No Updates
Full Admin Access
and ZERO Malware!

Redirecting you to a site that steals logon credentials cannot be stopped at "Your" computer and must be stopped at it's source (infected servers)

If anyone knows of any malware that can permanently destroy my XP box, please post a link and I will have it tested

I am not worried about malware or an end to XP updates

I have not used XP Critical Updates in the past 5 years so I am not worried about support ending on April 8th

Find me the malware that can ruin my XP machine !!
I dare ya.....
I double dare ya

avatar

nightkiller

You should look at XP steadystate.
http://download.cnet.com/Windows-SteadyState/3000-18512_4-10977409.html
It does exactly what Driveshield does. We use it in our office for our kiosk computers.

avatar

Pr3d@t0r

read my comment its for you

avatar

Bullwinkle J Moose

"ditto"

avatar

John Pombrio

Why would you purposely go to known malware sites? Are you an Sys Admin idiot savant or something?

avatar

Bullwinkle J Moose

"Why would you purposely go to known malware sites?"
-----------------------------------------------------------------------------

Because I CAN!
It's nice to learn about malware without worrying about malware

I would never try that with an O.S. designed from the ground up as a Government Sponsored Spyware Platform however

That would be foolish

avatar

PCWolf

If you run a server, but don't keep it maintained or have it scanned for infections or Malware, or you don;t apply Security Updates, then you will get infected. I seen places as recent as 2yrs ago that were still running XP SP1.
Also, these are Web Servers who are not being properly checked on by the lazy & worthless IT staff, not your PC at home. Servers have their Digital Legs spread wide open by default. So stop trying to compare your XP PC a home to a Web Server.

avatar

Bullwinkle J Moose

If you run a server, and DO keep it maintained & scanned for infections and Malware, and you DO apply Security Updates, then you will still get infected whereas I will not!

So I will stop comparing my secure box with insecure servers
Touche'

avatar

itzabo

I still run Dos 3.1 so I have no malware problems at all.
The whole GUI thing is overrated.

Excuse me while I get back to playing Zork :)

avatar

MaximumMike

@itzabo

Awesome!

avatar

Bullwinkle J Moose

and what Government Agency do you work for?

avatar

maseone

lol