Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Linux botnet of zombie web servers

p2pnet news | Open Source:- Hijacked Linux servers are apparently distributing malicious software to Windows PCs, says Heise Online.

Quoting analysis by web developer Denis Sinegubko, “the comprised systems all have one thing in common,” says the post. The lightweight web server nginx is, “running and serving content through port 8080″.

And, he warns on Unmask Parasites. Blog, “if this is not just a proof-of-concept attack that will cease to exist in a week, there is a real problem that server admins must address ASAP!”

The systems are, “inconspicuous and appear to operate quite normally,” says Heise, noting the “new tactic” was discovered afterlinks to malware posted in China were replaced by dynamic DNS names from DynDNS.com and No-IP.com.

“What we see here is a long awaited botnet of zombie web servers!” – says Sinegubko, continuing

A group of interconnected infected web servers with common control center involved in malware distribution. To make things more complex, this botnet of web servers is connected with the botnet of infected home computer (the malware they serve infects computers and turns them into zombies).

Who knows what else can those infected web server do? They may be involved in SPAM distribution, in DDOS attacks, etc. They can do just everything normal zombie computers do, but more effectively thanks to better Internet connection.

However, having a web server as a zombie has obvious downsides for hackers. Once the IP of the server is known, it`s only a matter of time to shut it down they are all on networks of reputable hosting providers that can switch off the server if its admin fail to remove the malicious service. On the other hand, server admins are usually much more experienced in terms of security than an average computer user, so the chances that a dedicated server gets hacked are significantly less than the chances that a home computer gets infected with some virus. At the same time, the number of dedicated servers, I believe, is also significantly less than the number of home computers connected to the Internet.

“So,” Sinegubko adds,  “if hackers want this attack to be active for more than just a week, they need to either have a ‘portfolio’ of thousands of already hacked servers waiting for their turn, or they know about some exploitable vulnerability in Linux (all servers I checked were Linux-based) so that they can easily turn any number of servers into zombies. ”

The pic on the right is a clip from David Vorel’s amazing map of interconnected, bot-infected IP addresses with Scott Berinato’s interactive controls which allow users to zoom in and explore botnets’ inner workings.

Follow p2pnet on Twitter.


More

1p Subscribe

Heise Online – Botnet discovered on Linux servers, September 14, 2009
Unmask Parasites. Blog – Dynamic DNS and Botnet of Zombie Web Servers, September 11, 2009

Use free p2pnet newsfeeds for your site. It`s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Monday, September 14th, 2009 at 2:35 pm and is filed under Open Source. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 14270 times

« previous
next »

3 Responses to “Linux botnet of zombie web servers”

  1. lando calrissian Says:
    September 15th, 2009 at 1:39 am

    It comes down to people having bad passwords in order for this to work.

    This writer agrees: http://blogs.zdnet.com/hardware/?p=5457
    “Normal “Linux is more secure than Windows” bragging can resume “

  2. Anonymous Says:
    September 15th, 2009 at 1:40 am

    This article must be a parody. Any Linux user will tell you that only Windows systems have vulnerabilities and that Linux and Mac are 100% secure and trouble free!

  3. Robert Says:
    September 15th, 2009 at 9:42 am

    @RW: ha, love the sarcasm.

    We all know that GNU/Linux Distros and Mac are not perfect and they too have virii that exist, especially since their popularity has increased. The potential for quick fixes with GNU/Linux Distors is greater than Mac because the code is open source, so vulnerabilities can be found by anyone and fixed by anyone.

    And we all that the only way to truly have a secure machine is to turn off any and all networking cards (including wireless). There, as a standalone, your system is totally secure, provided you don’t use sneakernet to install any virii, and Malware won’t matter either.

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy