Linux Servers Can Get Malware Too

hackernews-mumbleheadlinuxmalware

 

 

Yes it is a big deal, since many IT folks do not know that malware is on all computers,

Malware is short for malicious software and is typically “installed” in Windows machines  with a phishing email, but what makes this unique is not just the Linux system attacks, but how they got attacked.

The attacker is exploiting WordPress, Joomla, and other CRM vulnerabilities that were not patched and reside on Linux servers.  If your software on a Linux system is not patched, then the server has a chance of getting hacked, and as time passes, the chance gets closer to 100% of getting hacked. This has been going on for 5 years, since administration is not an easy thing so attackers find a fair number of weak administrators.

Arstechnica has an explanation  from the Eset report which found a spam botnet when they found one of the systems they were investigating had a spamserver on it.

 

So here is a classic example of the hacker using your resources  as we have said before in SVAPE&C:

http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/

They scan for vulnerabilities, check and analyze how to penetrate and then use your resources (Control) in a manner of their choosing. Of which spamming is a money making activity.  Spamming is an activity that is chosen by illegal hackers.

 

The malware burrows itself in the system runs “remote executable code” and then gets controlled by C&C servers (as in picture).  One can check the /tmp directory and in the cron files – but the telltale signs are when it downloads and has open ports that you do not expect on the system.

 

So you may think your administrator  is doing their job, but they may not be up to checking all of the different attacks out there.

 

This is why we recommend to test your systems with our Alpha and Sigma Scans.

 

Also you can use other sites like virustotal to see if your site (or a website you are wondering about) has malware, https://www.virustotal.com/en/

Check wordpress for infestations:

http://hackertarget.com/wordpress-security-scan/   (some of it is free)

review your WordPress with the following from WordPress.org: http://codex.wordpress.org/Hardening_WordPress

 

 

 

Advertisements