Showing posts with label linux server. Show all posts
Showing posts with label linux server. Show all posts

Tuesday, 2 September 2014

25000 Co-opted Linux Servers Drop Malware, Spread Spam and Steal Credentials

Linux Servers
Recently a new report has been released by the security company ESET, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. This research report was a joint effort by ESET, CERT-Bund, SNIC and CERN.

Over past some years, ESET has recorded around 25,000 malware-infectedservers, which have been significant in various functions like:
  • Spam Operations (averaging 35 million spam messages each and every day )
  • Infecting site visitor’s computer via drive-by exploits.
  • Redirecting the visitors to malicious websites.
The report says about two well-known organisations becoming the victims of Windigo. This ongoing operation was started in 2011, and has affected some high profile servers and companies like cPanel and Linux Foundation’s

Easier with Single Factor Logins: 

There was a common thread that the Linux servers consisted of, and all were infected with Linux/Ebury. The Linux/Ebury is a malware that provides a root backdoor shell along with an ability to steal SSH credentials. The report also mentioned that there are no vulnerabilities on the Linux servers, which could be exploited, but only stolen credentials were leveraged. Thus in a sense helps explain the compromise made, as Linux servers are, for the most part, bulletproof.

Getting access to the credentials etc: 

The question arose in the minds of the Linux users was that, how the attackers got access the credentials, login and ultimately installing the malware.

A helping hand is offered by Pierre Marc Bureau,a security intelligence bureau named after the program manager of ESET Pierre Marc. They provided the Linux users with the answers that says that it takes to compromise one server in a network, whichmakes it easier there forth. Once the root is obtained by the attackers, they install Linux/Ebury on the compromised server and start to harvest the SSH-login credentials. Along with the additional login credentials, the attackers explore to see what the other servers can be compromised in that particular network.

Additional Malware: 

As mentioned above in this article, the infected servers are part of spam campaigns, they redirect the visitors to the malicious websites, or in case of vulnerable computers, it downloads malwares to the victim’s computer. In order to successfully accomplish this, the attackers install some additional malwares on the servers consisting of:

  • Linux/Cdorked: it provides a backdoor shell and are able to distribute Windows malware to end users via drive-by downloads.
  • Linux/Onimiki: it resolves the domain names with a particular pattern to any IP address, without any need to change further any server-side configuration.
  • Perl/Calfbot: it is a lightweight spam bot written in Perl.

The Windigo Report further adds that there are two types of victims, the Linux/Unix server operators and End-users who receive spam and or visit a website on a compromised server. In that respect, ESET has confirmed that the compromised servers try to download the following Windows Malware:
  • Win32/Boaxxe.G: A click fraud malware.
  • Win32/Glubtela.M: A general proxy that targets Windows computers.

Tuesday, 24 December 2013

Choosing best server OS: Windows server Vs Linux server

Is Windows or Linux server the best? Decades ago both OS were leveling each other. Later everyone moved on to Windows as their stable OS. Novell’s version of Linux proved to be the best competitor’s for Windows 8.

Choosing a sever always depends upon the type of usage a computer is used be it personal or business. However each server OS has its own pros and cons. Let me list out to you.
Versions of OS

Windows OS: 

The commonly used windows server OS versions are shown in the following.

(i) Windows Server 2012 R2 (2013)

(ii)Windows Multipoint Server (2012)

(iii) Windows Server 2012

(iv)Windows Multipoint Server (2011)

(v) Windows Home Server 2011

(vi) Windows Multipoint Server (2010)
(vii) Windows Server 2008 R2

(viii) Windows Home server (2007)

(ix) Windows Server 2008

(x) Windows Server 2003

(xi) Windows 2000

(xii) Windows NT 4.0

(xiii) Windows NT 3.5.1

(xiv) Windows NT 3.5

(xv) Windows NT 3.1

Most of this windows server OS comes out with different versions such as Service pack 1, Service pack 2 and Service pack 3. Those versions are also called as Enterprise Edition, Standard Edition and Data center Edition.

Linux OS: 

The Top 10 Linux server OS that is easy to use are shown below.

(i) Ubuntu

(ii) Red Hat

(iii) SUSE

(iv) Mandriva
(v) Xandros

(vi) Slackware

(vii) Debian

(viii) Vyatta

(ix) CentOS

(x) Unbreakable Linux

Now moving on to Linux, Linux OS has less disadvantages compared to windows.

Linux OS’s are the best suited for business organizations. Even organizations such as Google, Amazon and Microsoft organizations use the open source Linux for their purpose as they can venture freely with that type of environment.

Hope you got a clear idea about choosing a server OS.