Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Ignore the Linux worm hype, say security vendors

  1. #11
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Ah.. point taken.. I was under the impression that you though it came in through some kernel hole.. But what the heck.. Regardless if the machine needs a reboot or not it's a year old.. you've had plenty of time to test/implement the patch
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #12
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    That was pretty much my point as well. there was more than enough time to add the patch and it wouldn't need a reboot, maybe aweb server restart with apachectl stop then apachectl start

  3. #13
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by gore
    maybe aweb server restart with apachectl stop then apachectl start
    Hmm.. I was under the impression that Apache had a kind of 'soft restart' feature which allowed it to lose far less time online. I can't remember what it is called, but I'm sure it has something like that.

    [edit] Sorry, I was thinking of the graceful restart - but apparently it doesn't do that, it only sets the restart for a certain point in time. Please ignore this post!


    //me runs away and slaps himself

  4. #14
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I find it curious that the latest "Linux worms" attacks neither Linux nor any piece of Linux system software, but rather pieces of application software (Various PHP applications) which in fact might be equally vulnerable on Windows or anything else.

    So the worms that we see attacking xmlrpc.php etc - the so-called "Linux" worms, are actually not Linux specific at all.

    Mark

  5. #15
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by slarty
    I find it curious that the latest "Linux worms" attacks neither Linux nor any piece of Linux system software, but rather pieces of application software (Various PHP applications) which in fact might be equally vulnerable on Windows or anything else.

    So the worms that we see attacking xmlrpc.php etc - the so-called "Linux" worms, are actually not Linux specific at all.

    Mark
    Not exactly..

    They might just as well break into the Windows servers.. But the code they drop is linux specific..

    And at that only x86 linux (or X86_64 with x86 compatibility)..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  6. #16
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by J_K9
    Hmm.. I was under the impression that Apache had a kind of 'soft restart' feature which allowed it to lose far less time online. I can't remember what it is called, but I'm sure it has something like that.

    [edit] Sorry, I was thinking of the graceful restart - but apparently it doesn't do that, it only sets the restart for a certain point in time. Please ignore this post!


    //me runs away and slaps himself
    Code:
    apachectl restart
    That'll soft-restart apache sending the SIGHUP and not SIGTERM.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  7. #17
    I would agree that the main reasons to scan for malware on a linux/unix box would be for mail scanning or scanning file stores (used by Windows users).
    However, interestingly enough some *old* linux viruses are still doing the rounds.

    For instance Rst-B, which has just had its 6th year anniversary, is still being found on machines:
    http://www.sophos.com/security/blog/2008/02/1062.html


    On a slight side topic, the SophosLabs security blog is actually really interesting reading. Rather than them trying to sell you security software its a nice window into what a decent security firm is looking into on a day by day basis. http://www.sophos.com/security/blog/2008/03/

  8. #18
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    tsunami, you're replying to a thread that's almost 2 years old now..

    But in light of that and having re-read parts of it. It's an urban myth you need root/admin access to get infected with malware. Hence no exploits are needed to turn your *nix box into a spambot. Just the casual user clicking on an executable. So there really is no reason why viruses like NetSky can't exist on *nix.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #19
    Quote Originally Posted by SirDice
    tsunami, you're replying to a thread that's almost 2 years old now..
    oops, i didnt look at how old the thread was. Oh well nevermind.

    I agree completely, you can have malware cause untold issues on a machine without it ever having admin/root rights.

    The biggest issue we see at the moment at work are linux boxes that get hacked and added into botnets rather than them being infected with malware. I put that down to linux/unix being used far more for servers. If it were used way more on the desktop then we would start seeing far more socially engineered attacks.

  10. #20
    Banned
    Join Date
    Jan 2008
    Posts
    605
    that on some OSs reboots are only for hardware and Kernel code and the maybe reason of why no one saw it at all.
    Actually even in windows if you update a specific application alot of times it won't bother. And it's not as if you couldn't stop it from scheduling that through group policy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •