An In-depth Analysis of Linux/Ebury

Discussion in 'malware problems & news' started by SweX, Feb 21, 2014.

  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.welivesecurity.com/2014/03/18/attack-unix-operation-windigo/
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Thanks, SweX, I'll make sure some people I know see this.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You're welcome GJ :thumb:
     
  6. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    Malware Attack Infected 25,000 Linux/UNIX Servers

    http://blog.eset.ie/2014/03/18/oper...000-unix-servers-hijacked-by-backdoor-trojan/

     
  7. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://blog.sucuri.net/2014/03/windigo-linux-analysis-ebury-and-cdorked.html
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Lovely. I would hope that all the presumably stolen credentials have been revoked by now...
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  11. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    I'd say, it's the mother of all malware if it can infect people.
    (Couldn't resist, :p)

    edit: On topic, gruesome infection but the initial vector was rather simple, password theft.
     
    Last edited: Mar 19, 2014
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  13. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Ick. Where to start...

    - Linux has never been truly secure on desktops *or* servers; just more secure than some of the competition, some of the time.

    - Linux is still pretty safe from desktop malware. That is completely different from being theoretically secure in any way.

    - There have been compromised Linux servers galore for ages.

    - If a server is compromised by brute-forcing the SSH password from a remote IP, that is purely the sysadmin's fault. (In fact that juxtaposition of the words "SSH", "password", and "remote" should set off alarm bells right away.)
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Re: Malware Attack Infected 25,000 Linux/UNIX Servers

    Linux and botnets: It's not Linux's fault!
    http://www.zdnet.com/linux-and-botnets-its-not-linuxs-fault-7000027538/
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Re: Malware Attack Infected 25,000 Linux/UNIX Servers

    Attackers Picking Off Websites Running 7-Year-Old Unsupported Versions of Linux
    http://threatpost.com/attackers-pic...year-old-unsupported-versions-of-linux/104957
     
  17. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Ars Technica and Cisco Provide Another Example of Bad Security Reporting link

    Big quote, it's all there.
    No, linux isn't perfect, impenetrable, 100% safe etc but the Cisco blog and ensuing article(s) are at least dubious.

    edit;
    Information on Cisco Blog has been corrected.
    Lots of text about linux/linux kernel 2.6 striked link
     
    Last edited: Mar 22, 2014
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.welivesecurity.com/2014/04/10/windigo-not-windigone-linux-ebury-updated/

     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.eset.com/int/about/press...r-windigo-paper-at-virus-bulletin-conference/
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    Operation Windigo: “Good job, ESET!” says malware author
    http://www.welivesecurity.com/2014/10/15/operation-windigo-good-job-eset-says-malware-author/
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Loading...