The "infected" machines/vm's were probably behind on software updates. Linux still has that fatal flaw called the user, if the user doesn't update when a bug is found and patched, then the system stays vulnerable.
In all, what probably happened was a service on the servers was vulnerable in some way, the attacker rooted the box, and then installed nginx(which is not a virus, it's a legit web server) on a non-standard port, and Bob's your uncle, you got a place to serve whatever ya want. Just my 2 cents. On Mon, Sep 14, 2009 at 12:01 AM, Loren Faeth <lfa...@leadingchange.com> wrote: > > > > > > Uh, Wonko, what was that about no virus on linux. We all know it is > invincible because it is open source... > > RIGHT! WHO IS THIS REALLY? (Noah) > > > At 03:23 PM 9/12/2009, you wrote: >> >> Attack of the open source zombies >> ........................................... >> A security researcher has discovered a cluster of infected Linux servers >> that have been corralled into a special ops botnet of sorts and used to >> distribute malware to unwitting people browsing the web. >> Each of the infected machines examined so far is a dedicated or virtual >> dedicated server running a legitimate website, Denis Sinegubko, an >> independent researcher based in Magnitogorsk, Russia, told The Register. But >> in addition to running an Apache webserver to dish up benign content, >> they've also been hacked to run a second webserver known as nginx, which >> serves malware. >> >> "What we see here is a long awaited botnet of zombie web servers! A group >> of interconnected infected web servers with [a] common control center >> involved in malware distribution," Sinegubko wrote here. "To make things >> more complex, this botnet of web servers is connected with the botnet of >> infected home computer(s)." >> The finding highlights the continuing evolution of bot herders as they >> look for new ways to issue commands to the hundreds of thousands of infected >> zombies under their control. It came the same day anti-virus provider >> Symantec reported "Google Groups" was being used as a master control channel >> for a recently discovered trojan. Four weeks ago, a researcher from Arbor >> Networks made a similar discovery when he found several "Twitter" profiles >> being used to run a botnet.....snip >> http://www.theregister.co.uk/2009/09/12/linux_zombies_push_malware/ >> >> _______________________________________ >> http://www.okiebenz.com >> For new and used parts go to www.okiebenz.com >> To search list archives http://www.okiebenz.com/archive/ >> >> To Unsubscribe or change delivery options go to: >> http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > Loren Faeth > > _______________________________________ > http://www.okiebenz.com > For new and used parts go to www.okiebenz.com > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > _______________________________________ http://www.okiebenz.com For new and used parts go to www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
