Choose style:

Author Topic: Ebury botnet - steal login names and passwords from computers running Linux  (Read 846 times)

0 Members and 1 Guest are viewing this topic.

Offline cavy

  • Trusted User
  • Member
  • *****
  • Posts: 420
  • Karma: 56
  • Caveman
    • View Profile
    • PeppermentOS Pixies
  • Peppermint version(s): Peppermint Eight
Came across this article this morning, it is the first time I've become aware of this vulnerability, should I be concerned and what precaution are available, if it is still a threat...?

http://www.bbc.co.uk/news/technology-40825511   
“We know what we are, but not what we may be.”

Desktop Dell 7040 i7-6700 500Gb-SSD 32Gb ram
Laptop    Dell 7470 i5-6300 500Gb-SSD  16Gb ram
Various antiques to sample other OS's etc

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
It's not a 'vulnerability', it's a rootkit and would need you to install it as it requires root permission to install.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Timo

  • Member
  • ***
  • Posts: 163
  • Karma: 37
  • Open Source is more than the sum of its bytes
    • View Profile
  • Peppermint version(s): PM7 Respin (64bit) & PM8 (64bit)
It's not a 'vulnerability', it's a rootkit and would need you to install it as it requires root permission to install.

Which is what makes Linux secure. Can't change the system without password, so can't get the password without the password. Give someone your password and he can get your password.

It's the Bios and hardware backdoors that are really scary. They can't be controlled by the OS but can have full access to the OS.

Offline cavy

  • Trusted User
  • Member
  • *****
  • Posts: 420
  • Karma: 56
  • Caveman
    • View Profile
    • PeppermentOS Pixies
  • Peppermint version(s): Peppermint Eight
Quote
Maxim Senakh was sentenced in Minnesota for running the Ebury botnet that was used to steal login names and passwords from computers running Linux.

The bit that bothered me, it was used to steal all login details of Linux users. I wont grasp the finite details of a botnet, apart from being an automated tracking device, seeking specified data through the internet.   ;)

As Timo correctly states, need the password. To change the OS. It begs the question, were these Linux users sloppy, with basic security. Or I have not grasped the complexity of the situation with botnet versus security.



“We know what we are, but not what we may be.”

Desktop Dell 7040 i7-6700 500Gb-SSD 32Gb ram
Laptop    Dell 7470 i5-6300 500Gb-SSD  16Gb ram
Various antiques to sample other OS's etc

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Quote
It begs the question, were these Linux users sloppy, with basic security.

Pretty much...

At some point they installed it from somewhere .. AFAIK it's never been claimed it was hosted on any distros default repos.
« Last Edit: August 04, 2017, 11:52:27 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Timo

  • Member
  • ***
  • Posts: 163
  • Karma: 37
  • Open Source is more than the sum of its bytes
    • View Profile
  • Peppermint version(s): PM7 Respin (64bit) & PM8 (64bit)
There's a reason why it's common to share source code instead of binarys in the Linux world. Means you might have to compile your mousedriver yourself, but you can read the code.

Maybe they just installed a driver that came as a binary or something like this and needed sudo for it. If the superuser isn't carefull the system isn't safe.