Stories
Slash Boxes
Comments

SoylentNews is people

Linux Malware? That'll Never Happen. Okay, Just This Once Then

posted by cmn32480 on Friday August 12 2016, @04:12AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

Russian security outfit Dr. Web says it's found new malware for Linux.

The firms[sic] says the “Linux.Lady.1” trojan does the following three things:

  • Collect information about an infected computer and transfer it to the command and control server.
  • Download and launch a cryptocurrency mining utility.
  • Attack other computers of the network in order to install its own copy on them.

The good news is that while the Trojan targets Linux systems, it doesn't rely on a Linux flaw to run. The problem is instead between the ears of those who run Redis without requiring a password for connections. If that's you, know that the trojan will use Redis to make a connection and start downloading the parts of itself that do real damage.

Once it worms its way in the trojan phones home to its command and control server and sends information including the flavour of Linux installed, number of CPUs on the infected machine and the number of running processes. The Register imagines that information means whoever runs the malware can make a decent guess at whether it is worth getting down to some mining, as there's little point working with an ancient CPU that's already maxed out.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Malware? That'll Never Happen. Okay, Just This Once Then | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by janrinok on Saturday August 13 2016, @05:45PM

    by janrinok (52) Subscriber Badge on Saturday August 13 2016, @05:45PM (#387560) Journal

    As the writer of 'Arthur', allow me to make some comments:

    When the site first began we would receive over 30 submissions every day from which we tried to produce a day's output. If the queue went below 20 we would change into a slower release schedule to try to get by until the subs picked up again. Of course, not all stories are suitable for publication and there are a fair number of dupes which we, as editors, have to filter out. Over time the submission rate fell and if we asked the community to rise to the challenge. The main obstruction that members claimed was the problem was finding suitable stories for submission. Somebody on the team started monitoring the RSS feeds from various well known sources including the tech sites, news channels and security groups. These are available to anyone (https://logs.sylnt.us/%23rss-bot/index.html) to provide them with a link to brand new stories as soon as they are released. They are/were used for a while but the community seems not to look at them very often.

    As an editor, it is quite disheartening to discover that the submission queue is filled with more stories of racial inequality, police brutality, shootings or political electioneering which, while important, we have discussed so many times in the past. This is especially so when there are literally hundreds of new stories each weekday to be found on the RSS feeds. So I wrote a bot that downloads each of the stories from the feeds and dumps them, with a little bit of processing and formatting, onto my hard drive. I am trying to produce a fully automated system, but it is not quite there yet. So I go through the processed stories manually, decide which are most suitable for our site, tidy them up (and modify the bot to cope with whatever I find automatically next time!), and then submit them - just as anyone else can do. They hit the sub queue with no preference or favour other than they have already be partly processed and are more likely to be topics of interest to our community. But not all of Arthur's submissions are used - they get rejected just as often as those stories submitted by anyone else (88% accepted at the time of writing).

    If you look at the RSS feeds for any given day, you will clearly see that TheRegister is only one of dozens of feeds that we monitor. The fact is, even if you dislike their writing style, they do get interesting stories out in fairly quick time.

    If the community don't want to see submissions from Arthur T Knackerbracket the solution is in their own hands. Find current stories that can inform the community and generate new and original discussion and submit them!. Avoid those topics that we have discussed 'ad nauseum' unless they bring something new to the discussion. The emphasis should be on science and technology but we can discuss anything that is of interest to the majority of the community.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Thursday August 18 2016, @12:48PM

    by Anonymous Coward on Thursday August 18 2016, @12:48PM (#389563)

    Thanks for helping keep the site alive.

    I typically only submit when the queue is drying up, but I've also noticed that it has been happening more often in recent times.