back to article Monero-mining botnet targets Windows, Linux web servers

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft. The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote …

  1. ComputerSays_noAbsolutelyNo Silver badge
    Paris Hilton

    Linux as a target? But is this really the case?

    "She listed more than two dozen Sysrv exploits that are useful against a range of software suites, including Jboss, Adobe ColdFusion, Atlassian Confluence and Jira, various Apache tools, and Oracle WebLogic."

    This paragraph sounds more like: various software frameworks are the target, which happend to be cross-platform.

    So, if I manage to infect some framework, which happens to run on top of Linux, did I really infect Linux?

    I would say not.

    1. b0llchit Silver badge
      Trollface

      Re: Linux as a target? But is this really the case?

      But telling nothing but the whole truth would not make such a good headline and article click-count. Gotta use the Tagwords for Headline OptimizationTM toolkit.

      1. badflorist

        Re: Linux as a target? But is this really the case?

        When you see that Adobe software is being exploited, you of course think "Linux" is being exploited... can't have one without the other.

    2. Pascal Monett Silver badge

      Re: Linux as a target? But is this really the case?

      You might be right, but you should avoid thinking that Linux is impervious to infection. Privilege escalation exists, even in Linux world, and malware is capable of taking over a Linux box.

      As usual, proceeding with caution is always a good thing.

    3. VoiceOfTruth

      Re: Linux as a target? But is this really the case?

      Please, stop with this distinction when it suits you. When penguins talk about the Linux desktop, it is not Linux that users interact with - it is applications which run on Linux + a whole bunch of other things. But these penguins claim it is the Linux desktop.

      It is a fact that most vulnerability scans we receive are from compromised Linux hosts. Why? Perhaps it is because people are misled into thinking that because it is on Linux it is safe.

      1. Version 1.0 Silver badge

        Re: Linux as a target? But is this really the case?

        If you are running a server on the Internet then you are not "safe" without checking that you haven't become vulnerable everyday. If you check things and think that you are safe then maybe you are, you'd better check again in a while.

    4. bombastic bob Silver badge
      Meh

      Re: Linux as a target? But is this really the case?

      A Linux server with (apparently unpatched) wordpress interface. OK it's WORDPRESS and not Linux, if you think about it...

      (this is why I like using rsync with SSH key login on a mirror directory for web stuff, which you could test locally and maintain using source control and only update with official 'merge' builds if you have at least some discipline in your team)

      I think the rent-a-server I have for the company domain has wordpress capability, but you have to enable it. Guess what I will not be enabling...

    5. doublelayer Silver badge

      Re: Linux as a target? But is this really the case?

      That's a pedantic difference without a distinction. When malware infects a computer running Windows, but it used something other than a kernel vulnerability to install itself, do we say that it's non-Windows malware? No, we don't, because it's running as a program on a Windows host. In this case, the malware can run as a program on a Linux host, thus it can infect Linux systems. You still have to leave something for it to find, but that's true with Windows in almost all cases.

      I'm a Linux proponent, but I have to say that some of us sound like those annoying "You don't get viruses on Macs" people. When anything infects a Windows machine, someone is there to say how bad Windows is and how much better Linux would have been. When malware infects a Linux machine, they find some excuse for why it doesn't technically count. Malware runs on everything and there are variants intended for running under Linux. We all know that's true, so let's stop pretending it's not.

      1. ComputerSays_noAbsolutelyNo Silver badge

        Re: Linux as a target? But is this really the case?

        While I agree with you, I think the distinction should be made.

        "You do not get any viruses on X" can only be true if you only use the on-board tools of X, but first of all even X can have vulnerabilities; and second, who doesn't use third-party software?

        If a virus exploits some weakness of the underlying OS, then we can and should specify the OS as a target.

        But, if the vulnerability is purely on the side of the app or framework, then the underlying OS isn't relevant.

        In this case it doesn't matter whether the app/framework is only available on one OS or is cross-platform.

        If I have understood the Log4Shell vuln correctly, no vulnerability of the underlying OS is necessary to exploit Log4Shell, hence this is framework-weakness.

  2. random119327

    "She listed more than two dozen Sysrv exploits that are useful against a range of software suites, including Jboss, Adobe ColdFusion, Atlassian Confluence and Jira, various Apache tools, and Oracle WebLogic."

    Running those software, even with no known vulnerability defeat all security implemented on the system : most of them run with closed source code and require root access, giving any blind trust is a huge mistake... now add some vulnerability on the top of that...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022