View previous topic :: View next topic |
Author |
Message |
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1602 Location: Fayetteville, NC, USA
|
Posted: Sun Feb 24, 2019 11:13 pm Post subject: Major Linux virus, or systemd weakness? |
|
|
I am curious as to how this virus gets into the sytem and works. I am amazed that somebody was running a business on Ubuntu, but that also lends to my curiosity about whether or not this is due to systemd or something which affects us all, like a kernel flaw...
Linux Server Virus _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9691 Location: almost Mile High in the USA
|
Posted: Sun Feb 24, 2019 11:30 pm Post subject: |
|
|
Systemd security issues would more likely be victim to local attacks. Unless the server was compromised by a local attack because someone downloaded malware and ran it on that machine, it's not likely systemd and something more typical like wordpress or myphpadmin.
The trouble with these security holes is that it's not always easy to find the hole, apparently the people on those threads are still looking for the entry point and binary, so things are still not quite figured out yet. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Mon Feb 25, 2019 10:10 am Post subject: |
|
|
eccerr0r wrote: | and something more typical like wordpress or myphpadmin.
|
Or even more weird stuff like running a webserver thru wine under ubuntu ; never forget people are nuts |
|
Back to top |
|
|
pun_guin Apprentice
Joined: 06 Feb 2018 Posts: 204
|
Posted: Mon Feb 25, 2019 12:09 pm Post subject: |
|
|
Does systemd count as a virus? _________________ I already use the new Genthree. |
|
Back to top |
|
|
runningnak3d n00b
Joined: 05 Sep 2018 Posts: 62
|
Posted: Mon Feb 25, 2019 12:16 pm Post subject: |
|
|
pun_guin wrote: | Does systemd count as a virus? |
Absolutely it does. It has infected so many aspects of most distros, that it can't be classified as anything else.
-- Brian |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9691 Location: almost Mile High in the USA
|
Posted: Mon Feb 25, 2019 5:07 pm Post subject: |
|
|
If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2965 Location: Edge of marsh USA
|
Posted: Mon Feb 25, 2019 7:58 pm Post subject: |
|
|
My best guess -- fake news! _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
steve_v Guru
Joined: 20 Jun 2004 Posts: 388 Location: New Zealand
|
Posted: Mon Feb 25, 2019 10:08 pm Post subject: Re: Major Linux virus, or systemd weakness? |
|
|
The_Great_Sephiroth wrote: | I am curious as to how this virus gets into the sytem and works. | I can't find any detail on that one in particular, but 99.9% of all "linux viruses" get in by exploiting flaws in web applications, not in the Linux system itself. Dodgy PHP extensions, database injection and the like.
Wording like "infects Linux servers" and "website encrypted" make me think that this is probably the same.
figueroa wrote: | My best guess -- fake news! | There appears to be no reliable information available about this ransomware at all, and no analysis or reverse engineering up on the 'net that I can see. Either nobody has a sample to inspect, or your guess is correct. _________________ Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Tue Feb 26, 2019 1:13 am Post subject: |
|
|
eccerr0r wrote: | If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics... |
Firmly agree. After skimming the article for five seconds - more than most people apparently did - it's obviously about $php_CMS_worm_of_the_week, because they mention it affects windows users too.
Clickbait. Both the article and this thread. |
|
Back to top |
|
|
The_Great_Sephiroth Veteran
Joined: 03 Oct 2014 Posts: 1602 Location: Fayetteville, NC, USA
|
Posted: Tue Feb 26, 2019 2:36 am Post subject: |
|
|
Not clickbait. Genuine concern. It is rare I hear about a Linux virus but I did want to understand it, if it was legit. The site was online yesterday indicating to me that it was a legit ransom. That is what brought me here. I do not work for ANY news organization. I do I T for a living.
Also, I despise systemd but did not intend to start a debate on it. I just thought that maybe systemd, with its many security holes could be at fault here, which would make me fell better since I do not use it. _________________ Ever picture systemd as what runs "The Borg"? |
|
Back to top |
|
|
The Doctor Moderator
Joined: 27 Jul 2010 Posts: 2678
|
Posted: Tue Feb 26, 2019 2:48 am Post subject: |
|
|
Yes, if this devolves into systemd bashing then we can expect some saber rattling. The joke was amusing for one post, now on to the "virus" issue. At least until someone can provide evidence that the exploit was systemd and not php or some (extremely) more likely vector.
I think the answer to The_Great_Sephiroth is that Linux's greatest vulnerability remains between the keyboard and the chair. Don't let noobs have root access, don't run with scissors, etc. _________________ First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
Back to top |
|
|
Maitreya Guru
Joined: 11 Jan 2006 Posts: 441
|
Posted: Tue Feb 26, 2019 12:24 pm Post subject: |
|
|
Yeah this is nowhere the fault of Ubuntu nor Linux.
Probably a combination of a non patched wordpress, chmod'ed 777 webdir.
Or similar PEBKAC stupidity. |
|
Back to top |
|
|
NTU Apprentice
Joined: 17 Jul 2015 Posts: 187
|
Posted: Tue Feb 26, 2019 8:17 pm Post subject: |
|
|
SystemD always had security flaws, that's why I don't use it. SystemDOS is next. OpenRC+eudev all the way! |
|
Back to top |
|
|
The Doctor Moderator
Joined: 27 Jul 2010 Posts: 2678
|
Posted: Tue Feb 26, 2019 11:00 pm Post subject: |
|
|
Locked, since this is devolving into another systemd flame thread. I did try to warn you.
If anyone is interested in discussing the virus issue further I'm completely willing to unlock this thread so long as it remains on topic. Feel free to pm me.
--The Doctor _________________ First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
Back to top |
|
|
|