On 09/16/2015 01:10 PM, Chuck Guzis wrote:
Has cryptolocker ever invaded the world of Unix/Linux/BSD?
It would be much harder. In general, browsers do not
activate just any file you would download. There are
weaknesses in various graphical/video add-ons to browsers
that may cause vulnerabilities. But, in GENERAL, malware in
videos, etc. would either do nothing at all when sent to the
add-on program, or get a message saying something like "this
script contains macros, executing it could be a security
risk: Yes / No"
I've been browsing quite fearlessly with Linux systems for
about 17 years, and NEVER had any problem.
Now, I've also had a Linux web server up for about 15 years,
and have had 2 successful penetrations.
One was totally innocuous, they just added a phishing web
site for a bank, and it was easy to remove.
Another attack put in a root kit, and it caused a major
mess, including me sending out some infected code to other
people. (OOPS, red face!!) These were both done by
cracking insecure passwords on my system. The best defense
for that is running denyhosts, which counts login failures
from specific IP addresses, and cuts off all access from
that IP after a threshold. I set it very tight, two failed
attempts within a month and you are out for a year. It was
VERY interesting, exactly, to the HOUR, two weeks after I
set this up, the 1000 per day attempts to break in dropped
to 3 a day. This means the botnets actively track how long
the horizon on the login failures is set, and they've been
programmed to give up on any node that has a horizon over 2
weeks.
Jon
