Posted on 11/10/2015 10:45:12 PM PST by Utilizer
Ransomware authors continue their hunt for new sources of income. After targeting consumer and then business computers, they’ve now expanded their attacks to Web servers.
Malware researchers from Russian antivirus vendor Doctor Web have recently discovered a new malware program for Linux-based systems that they’ve dubbed Linux.Encoder.1.
(Excerpt) Read more at pcworld.com ...
I must have copied too many words for the ‘excerpt’ function.
Here is a much-shortened re-post to guide others to this potential problem (the ransomware, in case you were wondering).
Admins beware...
Newest thread...
*sigh*
Okay, well, I'm going to bed, it's after 2AM. I'll stop back tomorrow... :-)
Then, my computer was taken over by ransom-ware.
What should I do?
Please send your advice to me at:
www.boguswebsite.rus
No worries. Talk to you when we all make it back then. :)
1. DW sells a product (anti-malware) and through an amazing coincidence, also "discovers" malwares in places no one else finds them, that can be fixed by their products. Amazing.
2. DW has "discovered" malwares that are claimed to be widespread, but even after months or years, has failed to provide hard evidence of their existence. But in the meantime, the announcements make for great notoriety and bazillions of page hits for the tech web journalists whores. They love Doctor Web.
3. Skepticism is advised. Just sayin'.
4. That said, of course it's worth taking the usual precautions to harden your servers and do off-host backups.
5. Anyone who runs their webservice (e.g. Apache) as root deserves everything they get.
Okay, now I’m really going offline. Nighty-night all, and God Bless.
Did they successfully intrude in OS X yet?
If I am not mistaken most, if not all, pre-compiled binaries do not support Apache running as root.
I have built and manage a few Linux servers and I know of no reason one would want to run Apache as root?
Apache always starts as root to bind to privileged ports but immediately changes to user context.
Correct.
But I have seen instances where the person who set it up, having an incomplete understanding of how to properly allow a web visitor write into a filesystem, simply configured Apache to run as root so it didn't encounter any problems writing.
As you might expect, hilarity ensued.
YEP. Proof of concept, but verified.
http://motherboard.vice.com/read/we-now-have-proof-that-macs-can-get-ransomware
https://www.linkedin.com/pulse/mabouia-born-first-mac-osx-ransomware-poc-rafael-salema-marques
Yup. Generally runs as 'nobody', and that user shouldn't have write access to anything important.
Simple patch will eradicate the threat.
I'd not gonna buy some mcaffee nor symantec whatever in my Linux and apple devices, gimme a break.
In fact I don't even use any in my Windoze devices except for Malwarebytes that does most I need.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.