Duqu Attackers Managed to Wipe C&C Servers 227
Trailrunner7 writes with an update in the saga of Duqu and Stuxnet. From the article: "Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009. An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines. All of the known Duqu C&C servers discovered up to this point have been running CentOS ... There also is some evidence that the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially."
This says it all for Linux "security" (Score:1, Interesting)
"An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines" - Posted by Unknown Lamer on Wednesday November 30, @11:46AM
from the nsa-reads-slashdot dept. FROM THE MAIN ARTICLE ITSELF
Current proof that Linux's NOT "invulnerable secure" yet again, & yes, that Linux does get targetted by malwares...
(Despite all the "FUD" you see & have seen for YEARS now on this website from the "Pro-*NIX/Penguinista" around here!)
Linux gets "hit" by the worst kind too, in these "blended-threat tech" types, that use rootkits that employ drivers + bogus bootsectors shown in this article today...
Plus - the entire LAMP stack doesn't do well http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]
(especially Apache lately -> http://apache.slashdot.org/story/11/11/28/0335213/apache-flaw-allows-internal-network-access [slashdot.org] & earlier still here http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/ [theregister.co.uk] ).
* Yes - Any OS' is securable, & far better than they come by default (yes, even SeLinux, but you have to go beyond its mere defaults to make it better, + MacOS X too (Apple produces guides for that in fact)), however/again:
The years of hearing how "secure" OpenSores/LAMP is around here was totally unrealistic & a blatant lie based on the information above, & yes, below next too!
APK
P.S.=> Top that off with this current information from this year 2011 also:
---
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]
---
---
Linux's showing in CA's breached recently too? Ok:
http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]
http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]
http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]
http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]
The majority (4/5) of what was breached RAN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]
---
Toss ANDROID (yes, a Linux since it uses a Linux kernel) also, since it's being "shredded" on the mobile phone security-front rampantly for years now? You get the picture...
... apkb
Re:This says it all for Linux "security" (Score:3, Interesting)
If someone did a rant like this for Windows it would be moderated +5 Insightful.
The Agenda here is to point out that Linux isn't the God of OS. It has its problems just like Windows and the others. As we giggle and glee when there is a Major Windows Issue, we like to discredit any Linux problem.
It isn't that Windows is More Secure then Linux but there are too many people running Linux feeling invincible from all the world has to attack them.
The biggest problem in IT Security isn't the OS it is the Dumb Ass who runs the systems.
You can have a Windows Network running for years without a security issue. You can Have a Linux network that is attacked daily. It determine the skill of the System Administrator.
Re:This says it all for Linux "security" (Score:3, Interesting)
Yeah, go for it! You keep at it, pal! You're beating your opponent so hard that the straw is leaking out!
Seriously, nobody with any credibility has ever claimed that Linux is "invulnerable secure". The strongest argument usually made is that Linux is more secure than Windows, which was absolutely true when it was commonly being made 10 years ago. The debate has moved on. The claims you should be arguing against today are that Linux is better value-for-money on servers, and more secure than Windows specifically on the desktop.
As for malware - well, a targeted attack probably by a nation-state is hardly the scenario people are thinking of when they say "Linux doesn't get viruses". The claim you should be fighting here is that Linux is less likely to be hit by drive-by malware or compromised at random by malicious websites. These claims are absolutely true; even if Linux is no more secure than Windows, it is still a much smaller and less attractive target, and therefore safer.
But, hey, I'm getting in the way of you beating on your strawman, so I'll shut up now and let you keep on with your regularly scheduled trolling!
Re:They didn't infect Kippo (Score:3, Interesting)
Same AC here.
I actually rewrote many of the commands to appear more realistic. You can also change the output of various commands with a simple configuration change.
I also implemented better wget/curl support along with the virtual FS so it appears to be more accurate.
I agree about it being obvious to educated attackers. That's why I modified it. I enjoy watching the sessions on many of the servers I run for a large hosting company.