A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.
From Dr.Web Antivirus:
Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.
(Score: 3, Insightful) by Hairyfeet on Sunday November 08 2015, @01:04PM
Considering how often we see servers that haven't been patched in ages I really wouldn't be surprised if they are using the Ghost vulnerability [us-cert.gov] to gain control of the systems.
This is why I've said for years it really doesn't matter if you are running Linux, OSX, or Windows, as its always the same weaknesses that gets a computer compromised. You see social engineering [geekzone.co.nz], systems that go unpatched, its the same tricks used over and over again.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 4, Touché) by fnj on Sunday November 08 2015, @02:53PM
You lose. I use FreeBSD. With no glibc, no GUI, and sure as hell no systemd.
(Score: 2) by Hairyfeet on Sunday November 08 2015, @10:26PM
And if you run FreeDOS without network support I'm sure you will be completely immune to everything, your point? If you want to have your "computer" be nothing more than a blinking cursor like its 1979 Disco Dan that is your choice, most of us don't want our computer evolution to end when Ronnie Raygun became POTUS.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Freeman on Monday November 09 2015, @05:28PM
How do you equate using FreeBSD as an alternative Web Host with using a non-network connected installation of FreeDOS?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Sunday November 08 2015, @10:31PM
People said the EXACT SAME THING about Linux. Then Linux got popular and then got pwned HARD.
I'll agree that BSD is better than Linux and I wish Shuttleworth had sunk his money into BSD and not Linux, but the moment it is profitable to pwn BSD you will see BSD malware. If that ever happens though, BSD will handle it MUCH better than Linux, due to it being able to apply patches without pooping itself.
(Score: 0) by Anonymous Coward on Monday November 09 2015, @02:02AM
Your definition of "pwned HARD" seems to be substantially at variance from mine. My recollection--which could be flawed--is that, while there are theoretical instances in which a linux box could have been hacked, few of these vulnerabilities have actually been exploited in the real world; I seem to recall that many (most? all?) of these instances require either physical access to the machine or the root password. Contrast this with the many instances in which real-world havoc has been wreaked on windows machines causing significant network outages. As I said, my recollection could be flawed. I am curious to see what you will respond with to disabuse me of my ignorance.
(Score: 1, Insightful) by Anonymous Coward on Sunday November 08 2015, @04:17PM
And yet plenty of people still believe Linux is so much harder to pwn than Windows. See: https://soylentnews.org/comments.pl?sid=10359&cid=257122#commentwrap [soylentnews.org]
Linux and Windows are just as easy to pwn by outsiders. The only real difference between Linux and Windows in terms of security is Windows comes prepwned by Microsoft and their partners (Windows 10, Lenovo Superfish etc).
This could of course be a huge issue for many, but others seem to think the impact is acceptable.