Stories
Slash Boxes
Comments

SoylentNews is people

KillDisk Malware Now Targets Linux

posted by on Wednesday January 11 2017, @11:12AM   Printer-friendly
from the tux-was-asking-for-it dept.

The Mighty Buzzard writes:

In case you penguin botherers were feeling left out, the folks over at iTWire bring us this little fun bit o' news:

Eset says it has found a Linux variant of the KillDisk malware used in the late 2015 attack on the Ukraine electricity system.

Like its Windows counterpart, the Linux version of KillDisk encrypts files, rendering the affected system unbootable. It asks for the same 222 Bitcoin (around US$278,000) ransom, but the encryption key used is neither stored locally or sent to a remote server, so even if the perpetrators are paid they have no way of reversing the process.

Eset says its researchers have found a weakness in the encryption method that makes decryption "possible, albeit difficult." Exactly how decryption can be performed was not disclosed.

It's nice to feel noticed but I could personally do without this particular kind of attention.

Original Submission

 
This discussion has been archived. No new comments can be posted.
KillDisk Malware Now Targets Linux | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Thexalon on Wednesday January 11 2017, @07:57PM

    by Thexalon (636) on Wednesday January 11 2017, @07:57PM (#452662)

    Another attack vector that could and sometimes has worked:
    1. Use an exploit in a server application (e.g. BIND or Apache) to gain unprivileged access.
    2. From that unprivileged account, use a privilege escalation exploit to become root.
    3. Once you are root, replace the kernel and/or whatever else you need to with a version that both gives you a backdoor onto the system and hides its own existence (a rootkit, in other words).

    The more of a monoculture you have, the easier it is to pull this off. For example, if you're running a popular distribution and are a bit lax on updating your servers to the latest version, that's a greater risk than if you're running the latest version that you compiled yourself.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Grishnakh on Wednesday January 11 2017, @10:04PM

    by Grishnakh (2831) on Wednesday January 11 2017, @10:04PM (#452724)

    Yeah, but the problem here is we're talking about malware that seems to target desktop users, not servers. Desktop users don't run server applications, certainly not exposed to the internet. Servers are, of course, going to have more attack vectors like that because they run services which are exposed to the internet. Desktops don't; they generally sit behind firewalls and their only exposure to the internet is through web browsers and email, and maybe a few other things like ssh, FTP, etc. which are direct to specific hosts.