| View previous topic :: View next topic |
| Author |
Message |
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1602
Location: Fayetteville, NC, USA
|
 Posted: Sun Feb 24, 2019 11:13 pm Post subject: Major Linux virus, or systemd weakness? |
 |
|
I am curious as to how this virus gets into the sytem and works. I am amazed that somebody was running a business on Ubuntu, but that also lends to my curiosity about whether or not this is due to systemd or something which affects us all, like a kernel flaw...
Linux Server Virus
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9691
Location: almost Mile High in the USA
|
| Posted: Sun Feb 24, 2019 11:30 pm Post subject: |
|
|
Systemd security issues would more likely be victim to local attacks. Unless the server was compromised by a local attack because someone downloaded malware and ran it on that machine, it's not likely systemd and something more typical like wordpress or myphpadmin.
The trouble with these security holes is that it's not always easy to find the hole, apparently the people on those threads are still looking for the entry point and binary, so things are still not quite figured out yet.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Mon Feb 25, 2019 10:10 am Post subject: |
|
|
| eccerr0r wrote: | and something more typical like wordpress or myphpadmin.
|
Or even more weird stuff like running a webserver thru wine under ubuntu ; never forget people are nuts  |
|
| Back to top |
|
|
pun_guin
Apprentice
Joined: 06 Feb 2018
Posts: 204
|
| Posted: Mon Feb 25, 2019 12:09 pm Post subject: |
|
|
Does systemd count as a virus?
_________________
I already use the new Genthree. |
|
| Back to top |
|
|
runningnak3d
n00b
Joined: 05 Sep 2018
Posts: 62
|
| Posted: Mon Feb 25, 2019 12:16 pm Post subject: |
|
|
| pun_guin wrote: | | Does systemd count as a virus? |
Absolutely it does. It has infected so many aspects of most distros, that it can't be classified as anything else.
-- Brian |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9691
Location: almost Mile High in the USA
|
| Posted: Mon Feb 25, 2019 5:07 pm Post subject: |
|
|
If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 2965
Location: Edge of marsh USA
|
| Posted: Mon Feb 25, 2019 7:58 pm Post subject: |
|
|
My best guess -- fake news!
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
steve_v
Guru
Joined: 20 Jun 2004
Posts: 388
Location: New Zealand
|
| Posted: Mon Feb 25, 2019 10:08 pm Post subject: Re: Major Linux virus, or systemd weakness? |
|
|
| The_Great_Sephiroth wrote: | | I am curious as to how this virus gets into the sytem and works. |
I can't find any detail on that one in particular, but 99.9% of all "linux viruses" get in by exploiting flaws in web applications, not in the Linux system itself. Dodgy PHP extensions, database injection and the like.
Wording like "infects Linux servers" and "website encrypted" make me think that this is probably the same.
| figueroa wrote: | | My best guess -- fake news! |
There appears to be no reliable information available about this ransomware at all, and no analysis or reverse engineering up on the 'net that I can see. Either nobody has a sample to inspect, or your guess is correct.
_________________
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy. |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Tue Feb 26, 2019 1:13 am Post subject: |
|
|
| eccerr0r wrote: | | If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics... |
Firmly agree. After skimming the article for five seconds - more than most people apparently did - it's obviously about $php_CMS_worm_of_the_week, because they mention it affects windows users too.
Clickbait. Both the article and this thread. |
|
| Back to top |
|
|
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1602
Location: Fayetteville, NC, USA
|
| Posted: Tue Feb 26, 2019 2:36 am Post subject: |
|
|
Not clickbait. Genuine concern. It is rare I hear about a Linux virus but I did want to understand it, if it was legit. The site was online yesterday indicating to me that it was a legit ransom. That is what brought me here. I do not work for ANY news organization. I do I T for a living.
Also, I despise systemd but did not intend to start a debate on it. I just thought that maybe systemd, with its many security holes could be at fault here, which would make me fell better since I do not use it.
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Tue Feb 26, 2019 2:48 am Post subject: |
|
|
Yes, if this devolves into systemd bashing then we can expect some saber rattling. The joke was amusing for one post, now on to the "virus" issue. At least until someone can provide evidence that the exploit was systemd and not php or some (extremely) more likely vector.
I think the answer to The_Great_Sephiroth is that Linux's greatest vulnerability remains between the keyboard and the chair. Don't let noobs have root access, don't run with scissors, etc.
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
Maitreya
Guru
Joined: 11 Jan 2006
Posts: 441
|
| Posted: Tue Feb 26, 2019 12:24 pm Post subject: |
|
|
Yeah this is nowhere the fault of Ubuntu nor Linux.
Probably a combination of a non patched wordpress, chmod'ed 777 webdir.
Or similar PEBKAC stupidity. |
|
| Back to top |
|
|
NTU
Apprentice
Joined: 17 Jul 2015
Posts: 187
|
| Posted: Tue Feb 26, 2019 8:17 pm Post subject: |
|
|
| SystemD always had security flaws, that's why I don't use it. SystemDOS is next. OpenRC+eudev all the way! |
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Tue Feb 26, 2019 11:00 pm Post subject: |
|
|
Locked, since this is devolving into another systemd flame thread. I did try to warn you.
If anyone is interested in discussing the virus issue further I'm completely willing to unlock this thread so long as it remains on topic. Feel free to pm me.
--The Doctor
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
|
Other Things Gentoo
