Monero-mining botnet targets Windows, Linux web servers The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft. The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote …
"She listed more than two dozen Sysrv exploits that are useful against a range of software suites, including Jboss, Adobe ColdFusion, Atlassian Confluence and Jira, various Apache tools, and Oracle WebLogic."
This paragraph sounds more like: various software frameworks are the target, which happend to be cross-platform.
So, if I manage to infect some framework, which happens to run on top of Linux, did I really infect Linux?
I would say not.
You might be right, but you should avoid thinking that Linux is impervious to infection. Privilege escalation exists, even in Linux world, and malware is capable of taking over a Linux box.
As usual, proceeding with caution is always a good thing.
Please, stop with this distinction when it suits you. When penguins talk about the Linux desktop, it is not Linux that users interact with - it is applications which run on Linux + a whole bunch of other things. But these penguins claim it is the Linux desktop.
It is a fact that most vulnerability scans we receive are from compromised Linux hosts. Why? Perhaps it is because people are misled into thinking that because it is on Linux it is safe.
A Linux server with (apparently unpatched) wordpress interface. OK it's WORDPRESS and not Linux, if you think about it...
(this is why I like using rsync with SSH key login on a mirror directory for web stuff, which you could test locally and maintain using source control and only update with official 'merge' builds if you have at least some discipline in your team)
I think the rent-a-server I have for the company domain has wordpress capability, but you have to enable it. Guess what I will not be enabling...
That's a pedantic difference without a distinction. When malware infects a computer running Windows, but it used something other than a kernel vulnerability to install itself, do we say that it's non-Windows malware? No, we don't, because it's running as a program on a Windows host. In this case, the malware can run as a program on a Linux host, thus it can infect Linux systems. You still have to leave something for it to find, but that's true with Windows in almost all cases.
I'm a Linux proponent, but I have to say that some of us sound like those annoying "You don't get viruses on Macs" people. When anything infects a Windows machine, someone is there to say how bad Windows is and how much better Linux would have been. When malware infects a Linux machine, they find some excuse for why it doesn't technically count. Malware runs on everything and there are variants intended for running under Linux. We all know that's true, so let's stop pretending it's not.
While I agree with you, I think the distinction should be made.
"You do not get any viruses on X" can only be true if you only use the on-board tools of X, but first of all even X can have vulnerabilities; and second, who doesn't use third-party software?
If a virus exploits some weakness of the underlying OS, then we can and should specify the OS as a target.
But, if the vulnerability is purely on the side of the app or framework, then the underlying OS isn't relevant.
In this case it doesn't matter whether the app/framework is only available on one OS or is cross-platform.
If I have understood the Log4Shell vuln correctly, no vulnerability of the underlying OS is necessary to exploit Log4Shell, hence this is framework-weakness.
"She listed more than two dozen Sysrv exploits that are useful against a range of software suites, including Jboss, Adobe ColdFusion, Atlassian Confluence and Jira, various Apache tools, and Oracle WebLogic."
Running those software, even with no known vulnerability defeat all security implemented on the system : most of them run with closed source code and require root access, giving any blind trust is a huge mistake... now add some vulnerability on the top of that...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
