Archive for LINUX

Panchan Peer-To-Peer Botnet Discovered By Researchers

Posted in Commentary with tags , on June 16, 2022 by itnerd

Akamai security researchers have released discovery on Panchan, a new peer-to-peer botnet and SSH worm that emerged in March and has been actively breaching Linux servers since. Panchan, written in Golang, utilizes its built-in concurrency features to maximize spreadability and execute malware modules. The malware also harvests SSH keys to perform lateral movement. That feature is pretty novel. You can read the full report on this botnet here. But Rob Shaughnessy, VP, Federal for GRIMM had this to say:

“Technologically, the recently disclosed Panchan botnet one has one potentially novel feature: harvesting SSH keys locally to facilitate lateral movement in the victim network. This method can increase lateral movement speed and help the botnet spread across connected organizations. The innovative use of harvested credentials helps explain why current victims of Panchan are mainly education institutions and show fairly significant geographic clustering. Research and educational institutions have traditionally favored collaboration and openness over strict security more than industry. Although botnets such as Panchan can be used for many functions, including highly malicious ones, Panchan is currently used for cryptocurrency mining. Using botnets is a way to effectively reduce or remove the most costly part of any cryptomining organization, providing an essentially free cloud computing infrastructure. With the recent collapse of cryptocurrency value globally, we will likely see increased utilization of botnets and similar malware for this purpose. For cyber defenders, this will substantially increase the network noise level and provide additional opportunities for more malicious code to insert itself using lower risk events, like Panchan, as cover.”

Clearly this botnet has a bunch of tricks up its sleeve. Which means that sysadmins and security professionals need to be on the look out for it as it is likely to pop up in a lot of places.

Linux Users Have A New Undetectable Malware To Worry About…. And It’s Called Symbiote

Posted in Commentary with tags , on June 12, 2022 by itnerd

Researchers and the BlackBerry Threat Research & Intelligence Team have come across a new and undetectable piece of Linux malware. It’s still called Symbiote:

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability.

And:

Symbiote is very stealthy. The malware is designed to be loaded by the linker via the LD_PRELOADdirective. This allows it to be loaded before any other shared objects. Since it is loaded first, it can “hijack the imports” from the other library files loaded for the application. Symbiote uses this to hide its presence on the machine by hooking libc and libpcap functions.

So in short, it evades detection and gives a threat actor significant control of a Linux machine. And since it does evade detection, it’s unclear how pervasive it is in the wild. Which means that it could be on a lot of Linux based computers. On top of that, how is it delivered to the target computer? Knowing that would help in terms of protecting yourself. The bottom line is that there’s still that we don’t know about it. Hopefully Blackberry follows up with a lot more detail on this threat.

Linux Malware Attacks Are A Thing…. And Businesses Aren’t Prepared

Posted in Commentary with tags , on February 14, 2022 by itnerd

Linux in the enterprise is becoming more prevalent. Which means that threat actors are going to target Linux boxes more often. The thing is that while threat actors have upped their game in terms of going after Linux boxes, business users haven’t upped their game in terms of defending themselves:

Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity – and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. 

Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there’s also a lack of focus on managing and detecting threats against them. This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments. 

That rise has opened new avenues that cyber criminals can exploit to compromise enterprise networks, as detailed by the research paper, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that might not be as strictly monitored as those running Windows. 

These attacks are designed for maximum impact, as the cyber criminals look to compromise as much as the network as possible before triggering the encryption process and ultimately demanding a ransom for the decryption key. 

It’s pretty clear that the attack surface is increasing. Which means that companies have to make immediate moves to defend themselves. The big question is, will businesses make the same level of investments that they have on the Windows side of the fence when it comes to Linux, or any other platform for that matter? I question that as I have been called into situations where a company has already been pwned and I’m expected to help them plug the holes that allowed the threat actors to get in and do their evil work. But maybe this time will be different. Though I am not holding my breath on that.

Qualys Uncovers Major Linux Vulnerability

Posted in Commentary with tags , on January 26, 2022 by itnerd

Security company Qualys has uncovered a dangerous memory corruption vulnerability in Polkit’s pkexec, CVE-2021-2034. Polkit, formerly known as PolicyKit, is a system SUID-root program installed by default in every major Linux distribution. The easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:

“The pkexec vulnerability and other similar zero-days exacerbate the need for protecting sensitive applications and data. With options like Confidential Computing and secure enclaves, although attackers could gain elevated privileges using the pkexec vulnerability, they would not be able to access protected workloads. Secure enclaves can essentially provide a future proof protection against such newly disclosed OS vulnerabilities.”

Linux is very popular in enterprises worldwide. Thus companies worldwide need to look at this and use the temporary mitigation outlined in the report from Qualys if no patchers are available for your Linux distribution.

LINUX Suffers From Serious Encryption Bug

Posted in Commentary with tags , on April 7, 2014 by itnerd

Usually, LINUX users like to look derisively at those who use Windows and Macs and their security issues. And laugh about how secure they perceive themselves to be. Here’s an example of where that isn’t true. According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple’s iOS and OS X. Here’s what the article says:

“The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical ‘goto fail’ flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.”

As the quote states, Apple has fixed this bug. However, LINUX users are at the mercy of many vendors of different versions of the operating system rather than having to deal with a single company. Thus one vendor might fix it, but others may not be so quick to do so. Red Hat, Debian, and Ubuntu among others have this bug. So one has to wonder what these companies plan to do to address this issues and how long will it take to do so.

Does Linus Torvalds Likes Windows 7?

Posted in Commentary with tags , , on October 23, 2009 by itnerd

The Interwebs are all a buzz today over a picture of Linus Torvalds who is best known for starting the development of the LINUX kernel posing for a picture in front of a Windows 7 display in Japan and giving a thumbs up.

So does the de facto father of LINUX love Windows 7? I doubt it. So does the guy who wrote the above article:

Do I actually believe Linus was endorsing Windows 7? No, he was in town for the Japan Linux Symposium. But it shows he has a clear sense of humor, understands tolerance, and knows how to lighten up when his Free Software counterparts are frothing at the mouth during one of the most important software launch days in Microsoft’s history.

Oh, it may be of interest that this display was across the street from a LINUX Symposium that Torvalds was attending. I guess Microsoft wanted to crash the party. Still, it’s enough of a story that a Google search shows how much digital ink is being dedicated to this topic today.

I can’t wait to hear his side of this.

IBM Pushing Microsoft Free Desktops…. Cites Vista As The Reason Behind This

Posted in Commentary with tags , , on August 6, 2008 by itnerd

In another sign that Vista sucks isn’t being widely adopted by business users, IBM is partnering with Canonical/Ubuntu, Novell, and Red Hat to introduce the world to desktop computers free of Microsoft Software. As for why they’re doing this, the head of IBM’s Lotus division is quoted as saying:

“The slow adoption of Vista among businesses and budget-conscious CIOs, coupled with the proven success of a new type of Microsoft-free PC in every region, provides an extraordinary window of opportunity for Linux.” said Kevin Cavanaugh, vice president for IBM Lotus Software. “We’ll work to unlock the desktop to save our customers money and give freedom of choice by offering this industry-leading solution.”

By the way, that sound you just heard was a chair being tossed across Steve Ballmer’s office. He can’t be happy about this. But this is in line with what is written in Microsoft’s recent 10K filing:

“Client faces strong competition from well-established companies with differing approaches to the PC market. Competing commercial software products, including variants of Unix, are supplied by competitors such as Apple, Hewlett-Packard, IBM, and Sun Microsystems. The Linux operating system, which is also derived from Unix and is available without payment under a General Public License, has gained some acceptance as competitive pressures lead PC OEMs to reduce costs and new, lower price PC form factors gain adoption. Apple takes an integrated approach to the PC experience and has made inroads in share, particularly in the U.S. and in the consumer segment.”

It almost sounds like Microsoft is scared of competition. It gets better when you read this statement about why Microsoft’s margins are going to decrease:

“Certain “open source” software business models challenge our license-based software model. Open source commonly refers to software whose source code is subject to a license allowing it to be modified, combined with other software and redistributed, subject to restrictions set forth in the license. A number of commercial firms compete with us using an open source business model by modifying and then distributing open source software to end users at nominal cost and earning revenue on complementary services and products. These firms do not bear the full costs of research and development for the software. Some of these firms may build upon Microsoft ideas that we provide to them free or at low royalties in connection with our interoperability initiatives. To the extent open source software gains increasing market acceptance, our sales, revenue and operating margins may decline.”

How about the fact that people in the open source world take what few original ideas that Microsoft has and improves upon them so that they work for a broader community of users? Hmmm?

I guess Microsoft is surprised that computer users simply want a choice. I guess Vista has been the catalyst to make computer users look at other options such as Linux or the Macintosh and away from Microsoft.

Frankly I’m not at all surprised, and it’s about time.

Select Dell Computers Now Available With LINUX….. Take That Microsoft!

Posted in Products with tags , , on July 18, 2008 by itnerd

This news must make Ballmer want to pick up a chair and throw it across his office.

According to the Direct2Dell website, the dudes at Dell have announced that you can get the Ubuntu 8.04 (Hardy Heron) flavor of LINUX on the XPS M1330N and Inspiron 1525N notebooks as well as the Inspiron 530N desktop. But apparently there’s more coming:

“In early August, we will also add the XPS M1530n and Studio 15n to the line-up. This is just in time for LinuxWorld where we will participate in a number of the conference sessions. That will be your chance to hear directly about what’s been accomplished over the last year and where we see it going in 2009.”

It’s nice to see a mainstream computer company step up to the plate and support LINUX. But I do have one question. Right now if I phone Dell, they are versed in the hardware and supporting the Windows install that comes with it. Will the same hold true for LINUX? After all, you’ll likely to attract some LINUX newbies who don’t know a bash shell from a DOS prompt. They’re likely to require more hand holding than the average Windows user. My feeling is yes, but I’d love to know for sure. Anyone from Dell care to comment as I do know that people from Dell read my blog?

Mandriva LINUX – Great For Newibes Who Want To Test LINUX

Posted in Products with tags , on May 1, 2008 by itnerd

Let’s say that you want to dump Windows, but you don’t want to go to Mac? That leaves LINUX as your only option. But you’re scared about moving to LINUX as you’re not sure that it’s right for you. No problem, there’s a LINUX for you and It’s called Mandriva LINUX One. I tried this out a week ago and it is nothing short of amazing!

First off the installation is dead easy. Simply boot your computer with the CD (which you download the disk image from their site and burn) and follow the wizard. Within 15 minutes or less you’ll be up and running. That’s right, I said 15 minutes or less. It was that quick to install the OS onto my Pentium 4. Compare that to an hour for Windows or Mac OS X. Plus you can play games while waiting for it to install. Finally it allows you to easily configure the various devices on your system with literally one push of a button. This makes it accessible to a large group of users who might be afraid of LINUX.

Secondly, it comes with a ton of stuff included. When I installed it I had chose all the categories except server and LBS from the Custom path, which gave me a system with 3.9GB worth of applications, including Firefox 2.0.0.6, GIMP 2.4.0 rc2, and OpenOffice.org 2.2.1. Not only that, but it includes some multimedia applications that allow you to create and edit sound files. You can edit video, watch DVDs too. There’s even a music player included.

Third, you can still run your Windows games. Mandriva includes an application called Cedega which allows you to run some (but not all) of your Windows games. I had half decent results with it.

Fourth there’s a utility that migrates all your Windows stuff easily called “Import Windows documents and settings.” This utility does as the name implies and works fairly well (at least it did for me). There’s also a Mandriva Linux Starter Guide, which is written primarily for new LINUX users. If you’re new to LINUX you’ll thank them for putting this in as it is very comprehenshive.

Oh yeah, all of this is FREE.

The bottom line is this: Mandriva is a great LINUX distribution and the hardest part about setting it up was downloading the disk image via BitTorrent (because my ISP throttles BitTorrent… grrrr. Though you can download it via a web browser too. But it will take longer). If you’ve been looking for a way to experiment with LINUX, this is the best way to do it. I highly recommend it.