eBay: Phishers Upgrading To Linux
Author: Dave Lewis
The folks from eBay have done an analysis on the attacks that they experience. They discovered that the majority of attacks were originating from rootkitted Linux boxes. Now, before the Windows koolaid drinkers start pointing and hooting realize this point. The Linux boxes are being targeted by phishers as they are prized for their reliability.
From Computer World NZ:
“The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes,” he said.
Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they’d been infected.
Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.
Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake websites, hoping to lure victims into disclosing their passwords.
An example of that reliability can be found in one of my own Linux boxes. It has been running smoothing with an uptime of 942 days. Not too shabby. Mind you it is also not directly attached to the internet.
Tags: Phishing, Phishers, eBay Security
while it is true that the windows koolaid drinkers should be aware that the linux boxes are prized for their reliability, *nix koolaid drinkers should keep in mind that rootkits (the real ones) came from the *nix platform in the first place…
i wonder how many of those affected sysadmin’s were operating under a false sense of security as a result of using linux and weren’t taking sufficient security precautions like booting from a floppy and looking for unauthorized changes… my guess would be probably not too many since clean booting (in order to operate from a known good environment) on a regular basis would ruin their uptime statistics…
Hey Kurt
Yeah, all OS acolytes should take this as a lesson that ANY OS or software package is vulnerable. If it isn’t today, wait 5 minutes. The sobering effect of this study will most likely be lost on sysadmins in general but, hope springs. Vigilance is not optional.