G
Gordon's Psychotherapist
You need more drugs. Your rambling is getting old.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
STAN STARINSKI
No more Linux security bragging: botnet discovery worry
Bad guys have created a botnet of Linux Web servers. In a way, that's even
more frightening than regular botnets of compromised Windows PCs. In IT
Blogwatch, bloggers ask if this is the end for Linux's claim to be more
secure than Windows; or is it just a load of old hokum?
By Richi Jennings. September 14, 2009.
Your humble blogwatcher selected these bloggy morsels for your enjoyment.
Not to mention another classic Photoshop disaster...
Dan Goodin warns of a "Linux botnet":
A security researcher has discovered a cluster of infected Linux servers
that have been corralled into a special ops botnet of sorts and used to
distribute malware. ... The infected machines ... serve legitimate traffic
on port 80, the standard TCP port used by websites. Behind the scenes, the
rogue server sends malicious traffic over port 8080.
....
Malicious payloads are then delivered with the help of dynamic DNS hosting
providers, which offer free domain names that are mapped to the IP address
of the zombie webserver. ... With about 100 nodes, the network is relatively
small, making it unclear exactly what the attackers' intentions are. All of
the boxes examined so far have run the Apache webserver on various
distributions of Linux.
StopBadware's Maxim Weinstein has more:
Over at the Unmask Parasites blog, periodic BadwareBusters.org contributor
Denis reports on a botweb (a term coined by our own Oliver Day) that he's
been investigating. ... The blog post contains a much more thorough analysis
of the issue and is worth a read, especially if you work for a hosting
provider or manage Linux-based web servers.
Meanwhile, we've reached out to Denis to see if we can assist in notifying
providers that are hosting compromised servers.
Denis Sinegubko is the horse with the mouth:
It began when I started to notice a new pattern in domains of hidden
iframes. ... I realized that all those domains were registered with free
dynamic DNS hosting providers: DynDNS.com and No-IP.com. These sites allow
anyone to register any third-level domain for free and point it to any
static or dynamic IP-address. ... most of the third-level domains point to
different IP addresses. Currently active domains from my list point to 77
unique IPs all over the world. ... It's time to check if have an
unauthorized web server working on port 8080.
....
Each server works as a load balancer for other malicious servers used in
this attack. When you try to load any iframe URL, you get redirected to a
random server. ... What we see here is a long awaited botnet of zombie web
servers! A group of interconnected infected web servers with common control
center involved in malware distribution. ... Who knows what else can those
infected web server do? They may be involved in SPAM distribution, in DDOS
attacks, etc. They can do just everything normal zombie computers do, but
more effectively thanks to better Internet connection.
Bad guys have created a botnet of Linux Web servers. In a way, that's even
more frightening than regular botnets of compromised Windows PCs. In IT
Blogwatch, bloggers ask if this is the end for Linux's claim to be more
secure than Windows; or is it just a load of old hokum?
By Richi Jennings. September 14, 2009.
Your humble blogwatcher selected these bloggy morsels for your enjoyment.
Not to mention another classic Photoshop disaster...
Dan Goodin warns of a "Linux botnet":
A security researcher has discovered a cluster of infected Linux servers
that have been corralled into a special ops botnet of sorts and used to
distribute malware. ... The infected machines ... serve legitimate traffic
on port 80, the standard TCP port used by websites. Behind the scenes, the
rogue server sends malicious traffic over port 8080.
....
Malicious payloads are then delivered with the help of dynamic DNS hosting
providers, which offer free domain names that are mapped to the IP address
of the zombie webserver. ... With about 100 nodes, the network is relatively
small, making it unclear exactly what the attackers' intentions are. All of
the boxes examined so far have run the Apache webserver on various
distributions of Linux.
StopBadware's Maxim Weinstein has more:
Over at the Unmask Parasites blog, periodic BadwareBusters.org contributor
Denis reports on a botweb (a term coined by our own Oliver Day) that he's
been investigating. ... The blog post contains a much more thorough analysis
of the issue and is worth a read, especially if you work for a hosting
provider or manage Linux-based web servers.
Meanwhile, we've reached out to Denis to see if we can assist in notifying
providers that are hosting compromised servers.
Denis Sinegubko is the horse with the mouth:
It began when I started to notice a new pattern in domains of hidden
iframes. ... I realized that all those domains were registered with free
dynamic DNS hosting providers: DynDNS.com and No-IP.com. These sites allow
anyone to register any third-level domain for free and point it to any
static or dynamic IP-address. ... most of the third-level domains point to
different IP addresses. Currently active domains from my list point to 77
unique IPs all over the world. ... It's time to check if have an
unauthorized web server working on port 8080.
....
Each server works as a load balancer for other malicious servers used in
this attack. When you try to load any iframe URL, you get redirected to a
random server. ... What we see here is a long awaited botnet of zombie web
servers! A group of interconnected infected web servers with common control
center involved in malware distribution. ... Who knows what else can those
infected web server do? They may be involved in SPAM distribution, in DDOS
attacks, etc. They can do just everything normal zombie computers do, but
more effectively thanks to better Internet connection.
K
Kevin John Panzke
Gordon's Psychotherapist wrote: > You need more drugs. Your rambling
message > > > > > No
more Linux security bragging: botnet discovery worry > > > > Bad guys
have created a botnet of Linux Web servers. In a way, that's even > >
more frightening than regular botnets of compromised Windows PCs. In
IT > > Blogwatch, bloggers ask if this is the end for Linux's claim to
be more > > secure than Windows; or is it just a load of old hokum? >blogwatcher selected these bloggy morsels for your enjoyment. > > Not
to mention another classic Photoshop disaster... > > > > Dan Goodin
warns of a "Linux botnet": > > > > > > A security researcher has
discovered a cluster of infected Linux servers > > that have been
corralled into a special ops botnet of sorts and used to > >
distribute malware. ... The infected machines ... serve legiti
message > > > > > No
more Linux security bragging: botnet discovery worry > > > > Bad guys
have created a botnet of Linux Web servers. In a way, that's even > >
more frightening than regular botnets of compromised Windows PCs. In
IT > > Blogwatch, bloggers ask if this is the end for Linux's claim to
be more > > secure than Windows; or is it just a load of old hokum? >blogwatcher selected these bloggy morsels for your enjoyment. > > Not
to mention another classic Photoshop disaster... > > > > Dan Goodin
warns of a "Linux botnet": > > > > > > A security researcher has
discovered a cluster of infected Linux servers > > that have been
corralled into a special ops botnet of sorts and used to > >
distribute malware. ... The infected machines ... serve legiti