For almost as long as there has been OS wars the mantra of the penguin herders has been that the likelihood of Linux ever being vulnerable to tings like viruses and trojans was next to nil. This was something that they liked to hold over the heads of all us dumb Windows users – much like the Mac contingent does as well.

How many times have we heard the chant … “you want to be safe use Linux – Windoze is for losers” or some such similar childishness?

Well now Windows users can tell all those Linux lording geeks to stuff it because just as with any operating system there are weaknesses that can be exploited (usually the person behind the keyboard) and Linux is no different. Regardless of how the Tux lovers might pontificate about the security of Linux the fact is that Linux can be exploited which is exactly what a security researcher has found with the discovery of a cluster of Linux servers that is being used as a special ops kind of botnet. As well it is being used to distribute malware to unsuspecting web surfers.

Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they’ve also been hacked to run a second webserver known as nginx, which serves malware.

"What we see here is a long awaited botnet of zombie web servers! A group of interconnected infected web servers with [a] common control center involved in malware distribution," Sinegubko wrote here. "To make things more complex, this botnet of web servers is connected with the botnet of infected home computer(s)."

Source: The Register – Linux webserver botnet pushes malware

While it is unclear how the infection began Sinegubko suggests that it may be because on nothing more than careless administrators who had their passwords sniffed – hence my comment about the biggest security weakness being from behind the keyboard regardless of operating system. Current the network consists of about 100 nodes running the Apache webserver on different distros of Linux.

Linux not so pure and safe after all is a post from: The Inquisitr

Twitter is being used for a lot of things these days but I bet one thing that the Twitter team never thought they would see their creation being used for the command and control of botnets but according to some investigation by Jose Nazario at Arbor Networks this is indeed the case. Jose also reports that the Twitter security team is already investigating the one known account being used for this type of thing.

Luckily the original bot in question (here’s the VirusTotal analysis) is detectable by 19 out 41 evaluated AV tools. Here is a short sample of what has been found so far

That second link yields a base64 encoded block of text. When we un-encode it using base64 we see a PKZIP archive (which we have dumped as “out.qqq” since we don’t know what the extension would have been beforehand). We can then unpack this and see what we find:

$ unzip out.qqq
Archive: out.qqq
inflating: gbpm.dll
inflating: gbpm.exe
$ openssl md5 gbpm.*
MD5(gbpm.dll)= ceb8d7fd74da0a187cc39ced4550ddb4
MD5(gbpm.exe)= a5cc8140e783190efb69d38c2be4393f

Source: Arbor Networks :: Twitter-based Botnet Command Channel

Like I said earlier this account is being examined and watched by Twitter but it appears to be one of more than a handful of botnet command and control accounts currently active on the service.

BotNet command and control finds new home on Twitter is a post from: The Inquisitr

Thanks, jerks.

It’s the question most internet users can’t seem to wrap their heads around. Why is spam so prevalent? Could anyone possibly be that stupid? What the hell is the point? Surely no one ever buys anything presented to them through the medium of spammy e-mails, right?

Wrong. The practice may live on because, in short, it actually kinda works. In a recent survey conducted by The Messaging Anti-Abuse Working Group, or MAAWG, a smallish sample of 800 people revealed some surprising information about the practice of unsolicited e-mail marketing.

Per the study, just under half the respondents (48%) indicated they’d never clicked on or answered spam. So, that means the other 52% have, which is understandable counting in stuff like your cat walking on your keyboard or a sluggish mouse. Now in this survey, 98% of the people polled have two or more e-mail addresses and consider themselves to to moderately to strongly aware of issues surrounding e-mail security. But 12% of those surveyed- wait for it… actually responded to spam out of interest.

Yes, it’s true. Spam may be keeping on because it’s a worthwhile marketing venture. Recent estimates by Microsoft have spam pegged for 97% of all e-mail traffic worldwide. And 80% of that spam is bot-net related, so… dolla dolla bills, y’all!

So, come on, 12 percenters- out yourselves. What have you tried to buy from spam?

12% of people stupid enough to shop through spam is a post from: The Inquisitr

As a way to show its viewer how easily their computers could be a part of a botnet the BBC technology show Click went out and purchased what they called a low value botnet from one of the many underground Internet chatrooms. They then used that network to spam a Gmail and Hotmail account specifically setup up for this investigation.

After successfully leaving thousands of spam emails in those accounts in a matter of hours they turned their attention to performing a distributed denial of service (DDoS) attack on a site provided by security company Prevx. Once they completed all that they wanted to do the show left messages on the infected computers in the botnet that they were infected and then disabled the botnet.

BBC shows what happens when you buy a botnet is a post from: The Inquisitr

You know for all we as individuals complain about viruses, trojans and other such nasties imagine how it must be for government agencies where people don’t care for the most part about what lands on their machines. This has proven to be enough of a problem I guess that the U.S. Army through its Research Office has gotten into fighting malware on its own instead of using off the shelf solutions.

According to Angela Moscaritolo of SCMagazineUS the tool was developed by SRI International and funded through a Cyber Threat Analytics research grant from the USARO and has been getting high marks across all platforms

“It works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots,” Marcus Sachs, director at SANS Internet Storm Center, told SCMagazineUS.com Tuesday in an email.

[...]

 

It reportedly helps Windows, Mac and Linux users detect malware-infected hosts on their networks by tracking interactions that typically occur when a PC is infected with malware, Porras said. The tool will generate an infection profile with all the forensic evidence that was gathered.

The infection profile report will then allow users to determine which machines on the network are acting like they are infected. The tool anonymizes infection profiles and passes them back to SRI, where they go into a repository that is used to help generate new threat intelligence.

BotHunter will not clean up machines. If infected, Porras recommended removing the machine from the network and running various removal tools –  including anti-virus and spyware solutions – to try and clear up infection.

 

To date there have been 35,000 downloads of BotHunter.

[hat tip to -=David=-]

U.S. Army in the anti-malware biz – for free is a post from: The Inquisitr