Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

Submission Preview

Link to Story

Linux Malware? That'll Never Happen. Ok, Just This Once Then

Accepted submission by Arthur T Knackerbracket at 2016-08-11 17:59:07
Security

Arthur T Knackerbracket [soylentnews.org] writes:

Story automatically generated by StoryBot Version 0.1.0a (Development).

Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.

FeedSource: [TheRegister] collected from rss-bot logs

Time: 2016-08-11 07:07:06-11:00 UTC

Original URL: http://www.theregister.co.uk/2016/08/11/linux_malware_never_ok_just_this_once_then_if_we_must/ [theregister.co.uk]

Title: Linux malware? That'll never happen. Ok, just this once then

Suggested Topics by Probability (Experimental) : 17.5 science 17.5 hardware 14.0 business 8.8 OS 7.0 techonomics 7.0 mobile 7.0 digiliberty 7.0 code 3.5 security 3.5 careersedu 3.5 breaking 1.8 technomics 1.8 careers

--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---

Linux malware? That'll never happen. Ok, just this once then

Arthur T Knackerbracket has found the following story [theregister.co.uk]:

Russian security outfit Dr. Web says it's found new malware for Linux.

The firms says [drweb.com] the “Linux.Lady.1” trojan does the following three things:

  • Collect information about an infected computer and transfer it to the command and control server.
  • Download and launch a cryptocurrency mining utility.
  • Attack other computers of the network in order to install its own copy on them.

The good news is that while the Trojan targets Linux systems, it doesn't rely on a Linux flaw to run. The problem is instead between the ears of those who run Redis without requiring a password for connections. If that's you, know that the trojan will use Redis to make a connection and start downloading the parts of itself that do real damage.

Once it worms its way in the trojan phones home to its command and control server and sends information including the flavour of Linux installed, number of CPUs on the infected machine and the number of running processes. The Register imagines that information means whoever runs the malware can make a decent guess at whether it is worth getting down to some mining, as there's little point working with an ancient CPU that's already maxed out.

That the trojan is designed to hop around inside a network finding nice warm neighbour servers in which to go about its business means this is serious: plenty of outfits run substantial server clusters on Linux for a host of entirely reasonable reasons.

Dr. Web reckons its own anti-virus for Linux will squash Linux.Lady.1 flat in no time. ®

Original Submission