Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New Mayhem malware targets Linux, UNIX servers
itnews australian ^ | Jul 18, 2014 8:07 AM AUS | Juha Saarinen

Posted on 07/18/2014 9:25:58 AM PDT by Utilizer

Infections found in Australia and New Zealand.

A new malware that runs on UNIX-like servers even with restricted privileges has already infected machines in Australia and is actively hunting for more targets, a new research paper has shown.

Three researchers from Russian web provider Yandex - Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov - said in the technical analysis of the malware, published on security and anti-virus specialist publication Virus Bulletin, that Mayhem functions like a traditional Windows bot.

-snip-

According to the researchers, Mayhem appears to be the continuation of the Fort Disco brute-force password cracking attack campaign that began in May 2013.

At the time, Fort Disco had created a botnet with six contral and command sites and over 25,000 infected Windows computers, according to Arbor Networks security analysts.

...

(Excerpt) Read more at itnews.com.au ...


TOPICS: Business/Economy; Computers/Internet; Reference
KEYWORDS: linux; servers; unix; windows
Many servers run linux or unix OS-s, and the Apache software is very highly regarded by those in the know.

This could turn out to be a major problem for many, as the article goes on to note that many servers in the USA and Russia are infected.

1 posted on 07/18/2014 9:25:58 AM PDT by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer; ShadowAce; John Robinson

ping...


2 posted on 07/18/2014 9:28:50 AM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Grief counselors will be on duty to help those Linux users who have lost the moral high ground.

Only joking...it will be dealt with quickly but it is a reminder to be vigilant.


3 posted on 07/18/2014 9:29:33 AM PDT by relictele (Principiis obsta & Finem respice - Resist The Beginnings & Consider The Ends)
[ Post Reply | Private Reply | To 1 | View Replies]

To: relictele

Almost as much fun as making fun of the Pope.

4 posted on 07/18/2014 9:33:58 AM PDT by MaxMax (Pay Attention and you'll be pissed off too! FIRE BOEHNER, NOW!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Utilizer

Meh... skimmed the article, PHP exploit, user-land. Tripwire fodder.


5 posted on 07/18/2014 9:35:29 AM PDT by John Robinson
[ Post Reply | Private Reply | To 2 | View Replies]

To: relictele
Yeah, I know, it's going to make the 'doze adherents and macophiles snicker, but not for long when they discover that the hosting provider runs unix or even linux on their favourite website's ip address.

Be a real shame to see some critical site get compromised. Seriously, I mean like FR. It's bad enough that the fedgov and others consider this a "hate site". We don't need something like this to add to our worries if our servers get compromised.

6 posted on 07/18/2014 9:36:25 AM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 3 | View Replies]

To: John Robinson

Okay, thanks. Just thought I would pass the warning.


7 posted on 07/18/2014 9:37:13 AM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Utilizer

A true macophile knows that OS X is built on top of a BSD-Unix variant, and that any vulnerabilities to Unix would potentially apply to OS X as well. :)


8 posted on 07/18/2014 9:38:11 AM PDT by kevkrom (I'm not an unreasonable man... well, actually, I am. But hear me out anyway.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: kevkrom

True. You would think they would know that. I should point out though that this primarily targets servers running unix or its variants but it can indeed jump to other computers under the right conditions. The map on the article page shows how much it has spread already.


9 posted on 07/18/2014 9:42:49 AM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 8 | View Replies]

To: John Robinson

Be mindful that many of us use PHPmyadmin to administer mySQL or postgre on our RHEL/Ubuntu servers. I’ve already updated all of my web server security protocols.


10 posted on 07/18/2014 9:43:30 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Utilizer
You would think they would know that.

I do. ;)

The main reason I clicked the link in the first place was to see if I should be worried about a vulnerability on one of my Macs.

11 posted on 07/18/2014 10:02:25 AM PDT by kevkrom (I'm not an unreasonable man... well, actually, I am. But hear me out anyway.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

12 posted on 07/18/2014 10:04:21 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kevkrom

Good for you. Hope all your machines are safe, as I am currently running checks on all the machines I am responsible for and expect to be busy for quite some time now.


13 posted on 07/18/2014 10:05:04 AM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 11 | View Replies]

To: rarestia

True, but that should be locked down? For remote access to sensitive services I use a ssh tunnel to the internal private network, things like MySQL are open only to that network, which allows me to e.g. securely replicate an offsite backup, or if I chose, to run phpMyadmin on my local machine (but there are better tools when you have wire access.) Well, this assumes you control the hardware, or at least ssh access. Not often the case.


14 posted on 07/18/2014 10:34:19 AM PDT by John Robinson
[ Post Reply | Private Reply | To 10 | View Replies]

To: John Robinson

I use VLAN tagging and split networking to sequester my administrative sites from those facing the outside world. My NAS heads, PHPmyadmin pages, and any SUDO accesses can only be achieved through a secure SSH connection using certificates, and they’re only accessible within the network.

That being said, PHP is PHP. If it’s infected, it’s infected the entire app, not just a portion of the site.


15 posted on 07/18/2014 11:28:28 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Ernest_at_the_Beach
Windows is safe... quick upgrade to windows 😃
16 posted on 07/18/2014 11:57:35 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer
But, but only Microsoft is unsafe and targeted by hackers, smart people are always telling us to dump windows and and migrate to the totally safe platform Linux. Just proves that nothing is safe as long as there is any type of connection to the outside world.
17 posted on 07/18/2014 12:02:11 PM PDT by Mastador1 (I'll take a bad dog over a good politician any day!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer
Slashdot discussion HERE.
18 posted on 07/18/2014 1:05:14 PM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Ping.


19 posted on 07/18/2014 1:51:13 PM PDT by conservatism_IS_compassion ("Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Interesting. As I don’t use PHP, doesn’t affect me, but its an interesting exploit nonetheless. This doesn’t seem to be something that can get to data or processes that are not owned by the spawning process. However, the ability to execute a shell process it troublesome, as it could allow someone to effectively use it to perform a local exploit which might allow for higher privilege execution. It’s something to watch out for.


20 posted on 07/18/2014 1:54:21 PM PDT by zeugma (It is time for us to start playing cowboys and muslims for real now.)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson