A Skeptical Look At The Linux Server Botnet

31
Article Source InformationWeek’s Open Source Weblog
September 15, 2009, 8:12 am

When The Register ran news of a “Linux botnet” out in the wild, the bloviation did fly: See? Linux really isn’t that secure! But odds are this has nothing to do with Linux security per se, and everything to do with the biggest and most notorious security hole of all: bad system administration.

Last year a friend of mine sent me some then-early details about a similar-sounding Linux server exploit. The whole thing seemed fishy, especially the bit about how the problem persisted after a complete system scrape-and-reinstall. My guess was that it was not so much an extant vulnerability as a security hole being left open by the admin — e.g., a default root password was being reused, and was someone’s way to get back in even after a full nuke-and-pave. My friend concurred. The real problem, as he saw it, was compromised user credentials, which make most anything possible in its wake…

Read More