Linux servers can now be infected - Or can they ?

Linux gurus have always vouched on the safety and security of Linux - especially Linux running as servers. However, now after a developer named Denis Sinegubko has published his findings, they may just have to ponder over their words.

According to Denis, the Linux servers can be infected to be used in a botnet used to distribute malware.  The modus operandi of attack is as follows :

  1. The bots target a domain name and inject a hidden <iframe> code in one of the web pages on the website pointing to the domain. 
  2. The hidden iframe will contain link(s) pointing to web sites that host malicious content. 
  3. These bots also infiltrated Linux web servers (mostly running nginx) and set up sites by using 100s of domain names registered on free dynamic DNS hosting providers such as dynDNS.com and no-IP.com.
  4. When they set up sites, they invariably used the less checked 8080 port instead of the default port 80. 
Read the details of Denis Sinegubko's finding here.

Labels: , , , ,

 
 
 
 
Copyright © Sun solaris admin