A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.
From Dr.Web Antivirus:
Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.
(Score: 5, Interesting) by frojack on Sunday November 08 2015, @06:46AM
Seems like half the story...
How did it get there?
Did they obtain root on the box first?
How did they induce root to launch it? If some human didn't launch it, no one would see the ransom message.
Did they link it to something root is going to run?
Even reading all the linked pages, and the pages linked to those pages, none of that is explained.
No, you are mistaken. I've always had this sig.
(Score: 2) by ticho on Sunday November 08 2015, @09:04AM
From a two days old article at http://www.securityweek.com/file-encrypting-ransomware-targets-linux-users: [securityweek.com]
"It’s unclear at this point how the malware is distributed and installed on victims’ computers, ..."
(Score: 2) by kurenai.tsubasa on Sunday November 08 2015, @09:05PM
Also found a Hungarian forum here [hup.hu].
Anybody speak Hungarian in the house? I ran some of the comments through Google Translate, which proves hilariously inadequate. As as I could tell, most of the discussion is about backup strategies and insecure PHP setups that give world write permission (i.e. 777) to /var/www.
This was my favorite translation fail:
Például, ha "Vér Pistike" root engedélyezett SSH-t használ. De meg is érdemli.
"Értem én, hogy villanyos autó, de mi hajtja?"
becomes
For example, if "Blood Pistike" root using SSH enabled. But it deserves.
"I understand villa certain car, but what is driving?"
So clearly, this exploit only works if bear is driving! [youtube.com] (How can that be?!)
(Score: 2, Informative) by Anonymous Coward on Sunday November 08 2015, @10:47PM
>>> for example, if "Bloody Steve" is using root-enabled ssh, he deserves it.
>>> "I understand, that it's an electric car, but what is propelling it?"
User "trey" says, apparently FreeBSD is also affected.
All other commenters are mostly discussing how this malware might infect your system and how you can prevent it from touching your files.
(Score: 3, Insightful) by Hairyfeet on Sunday November 08 2015, @01:04PM
Considering how often we see servers that haven't been patched in ages I really wouldn't be surprised if they are using the Ghost vulnerability [us-cert.gov] to gain control of the systems.
This is why I've said for years it really doesn't matter if you are running Linux, OSX, or Windows, as its always the same weaknesses that gets a computer compromised. You see social engineering [geekzone.co.nz], systems that go unpatched, its the same tricks used over and over again.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 4, Touché) by fnj on Sunday November 08 2015, @02:53PM
You lose. I use FreeBSD. With no glibc, no GUI, and sure as hell no systemd.
(Score: 2) by Hairyfeet on Sunday November 08 2015, @10:26PM
And if you run FreeDOS without network support I'm sure you will be completely immune to everything, your point? If you want to have your "computer" be nothing more than a blinking cursor like its 1979 Disco Dan that is your choice, most of us don't want our computer evolution to end when Ronnie Raygun became POTUS.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Freeman on Monday November 09 2015, @05:28PM
How do you equate using FreeBSD as an alternative Web Host with using a non-network connected installation of FreeDOS?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Sunday November 08 2015, @10:31PM
People said the EXACT SAME THING about Linux. Then Linux got popular and then got pwned HARD.
I'll agree that BSD is better than Linux and I wish Shuttleworth had sunk his money into BSD and not Linux, but the moment it is profitable to pwn BSD you will see BSD malware. If that ever happens though, BSD will handle it MUCH better than Linux, due to it being able to apply patches without pooping itself.
(Score: 0) by Anonymous Coward on Monday November 09 2015, @02:02AM
Your definition of "pwned HARD" seems to be substantially at variance from mine. My recollection--which could be flawed--is that, while there are theoretical instances in which a linux box could have been hacked, few of these vulnerabilities have actually been exploited in the real world; I seem to recall that many (most? all?) of these instances require either physical access to the machine or the root password. Contrast this with the many instances in which real-world havoc has been wreaked on windows machines causing significant network outages. As I said, my recollection could be flawed. I am curious to see what you will respond with to disabuse me of my ignorance.
(Score: 1, Insightful) by Anonymous Coward on Sunday November 08 2015, @04:17PM
And yet plenty of people still believe Linux is so much harder to pwn than Windows. See: https://soylentnews.org/comments.pl?sid=10359&cid=257122#commentwrap [soylentnews.org]
Linux and Windows are just as easy to pwn by outsiders. The only real difference between Linux and Windows in terms of security is Windows comes prepwned by Microsoft and their partners (Windows 10, Lenovo Superfish etc).
This could of course be a huge issue for many, but others seem to think the impact is acceptable.