Duqu Attackers Managed to Wipe C&C Servers 227
Trailrunner7 writes with an update in the saga of Duqu and Stuxnet. From the article: "Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009. An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines. All of the known Duqu C&C servers discovered up to this point have been running CentOS ... There also is some evidence that the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially."
Dear Kids... (Score:2, Insightful)
You never need your server directly on the internet.
put it behind a firewall with holes poked through. they can't attach a zero day SSH exploit if the only hole is port 80 to Apache.
And if you are one of the incredibly rare cases where you really do need to have the machine on the net directly.. I suggest daily security audits.
CentOS (Score:4, Insightful)
>All of the known Duqu C&C servers discovered up to this point have been running CentOS
Probably since this is a popular OS for web hosts that resell/sell servers. Who are the people who buy these server? Well anyone and everyone who wants to be another web host yet have no idea on how to secure a server so they hire some $40 per month security company to secure their servers. There must be 1000's of those servers out there ripe for raping.
Points 4. and 5... (Score:5, Insightful)
4.The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)
5.The attackers have a burning desire to update OpenSSH 4.3 to version 5 as soon as they get control of a hacked server.
Ah yes, lets pretend there is no problem because the idea that there is, is too scary. Someone kill me, please. The only other reason I can think of, which also ties in with the fact they were appently checking the man page for sshd_config is that something changes in the default settings between 4.8 and 5 and this they wanted desperately, but even then this would point to some sort of exploit. *(Maybe an exploit in the way the default settings are in centos, rather than in openssh).
Re:This says it all for Linux "security" (Score:5, Insightful)
A poorly setup Linux box will be worse than a locked down Windows install. Everyone knows this.
To say Linux itself is inherently vulnerable is an ignorant statement.
-americamatrix
Re:Dear Kids... (Score:5, Insightful)
My point was that several servers do use SSH. If I rent a dedicated server, SSH is how I get things done. If an exploit is discovered in httpd, the correct solution is not to block port 80.
Re:Umm, how about a little context? (Score:2, Insightful)
Actually, I find that Linux is far easier to use than Windows. When a distro upgrade comes along, there are new perks that you learn. In Windows, an upgrade means you have to relearn the whole damned OS.
Someone who ran Mandrake eight years ago would have no trouble at all migrating to kubuntu 11. Someone running Windows 98 or XP at that time has to relearn everything when upgrading to Win 7.
The "Windows is easier and more user friendly" is a myth. It only seems that way because you kids grew up with Windows computers. My experience is far different. I bought a notebook with a "feature" I absolutely hated -- "tap to click". It took a MONTH to find out where to shutr it off. It was nowhere in the control panel, but in a little widget at the bar at the bottom of the screen, and about twenty mouse clicks from there. When I installed Linux on it, it took less than five minutes to find and change it.
How user friendly is having to reboot? Yes, Windows has gotten better about this, but it still sucks.
How user friendly is the need for AV software?
How user friendly is changing the entire menu system of an application around with every upgrade? How user friendly is that forty character antipiracy key? How user friendly is two dozen reboots for an OS upgrade (which includes all the apps you have to reinstall manually)? in Linux, an OS upgrade requires a single reboot.
How user friendly is having to type your password to log on to a machine behind locked doors that only you use?
How user friendly is a machine that when the power goes out, you restart it and all the apps and documents that were open are now closed? Restart a Linux box and it comes up exactly like you shut it down, unless you change that behavior. Windows doesn't even give you a choice.
How user friendly is doing things the Microsoft way instead of your own way? Actually, I want my computer to be obedient, not friendly. I don't care if it curses me as long as it does what I want it to do, how I want it to do it.
How user friendly is an OS that makes you reinstall every single app when you upgrade?
Can you name ONE thing about Windows that's more "user friendly?"* I use both OSes, do you? I'd be surprised if you've touched a Linux box in at least ten years.
*"Pretty" != "User friendly"
Re:AC troll that "kicked my ass" (lol, NOT) (Score:5, Insightful)
Wow, windy fellow, aren't you?
Your rant has one HUGE hole. Your citations are about one-off manual attacks against Linux. Not a single case involves a large group of Linux boxes being compromised by with a single email sent out from a spam box.
Most attacks against Windows boxes are carried out by a simple email payload. That's how the 4,500,000+ Windows zombie bot farm was created last year within a couple of weeks. A Linux zombie bot farm was found last year as well. It contained only 700 boxes and it took the group of hacker who created it nearly six months to do so because they had to manually attack each machine. They ran dearjohn against who knows how many machines trying to find those with insecure root passwords. 700 in six months. They immediately secured those machines against all known exploits and used them for C&C machines to control much, much larger Windows bot farms because Linux IS secure. How many C&C Windows boxes have you heard about?