http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/

Dan Goodin @ ArsTechnica wrote:

Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam...

Linux spam servers? Infected with malware that was eradicated long ago on ever platform except MS? Oh the horror! No worries though, it will be fixed quickly with all eyes on it, despite it slipping through for the past 5 years.

So...

To read further on that bit of small-fry:

... The researchers uncovered evidence that Mumblehard may have links to Yellsoft, a company that sells DirecMailer, which is Perl-based software for sending bulk e-mail. The block of IP addresses for both Yellsoft and some of the Mumblehard C&C servers share the same range. What's more, pirated copies of DirecMailer silently install the Mumblehard backdoor. The pirated copies are also obfuscated by the same packer used by Mumblehard's malicious components...

No, quote it right ...

The Eset researchers still aren't certain how Mumblehard is installed. Based on their analysis of the infected server, they suspect the malware may take hold by exploiting vulnerabilities in the Joomla and WordPress content management systems.

So, looks like a few got clobbered by installing a dubious copy of a commercial program.

Imagine that, people too cheap to buy an O/S pirating the software they run. I waonder where they got the idea that free was the right price?

There's also the other usual exploits routes through unmaintained CMS websites. Also note that the underlying OS has little to do with the application itself directly having been exploited.

No Mr. Millions of eyeballs ...

A version of the Mumblehard spam component was uploaded to the VirusTotal online malware checking service in 2009, an indication that the spammer program has existed for more than five years.

Six years and it still isn't fixed. Like complaining about a security hole in Windows ME carried forward in every version to 10.

Then there is this:

The discovery is reminiscent of Windigo, a separate spam botnet made up of 10,000 Linux servers that Eset discovered 14 months ago.

http://arstechnica.com/security/2014/03/18/10000-linux-servers-hit-by-malware-serving-tsunami-of-spam-and-exploits/

Researchers have documented an ongoing criminal operation infecting more than 10,000 Unix and Linux servers with malware that sends spam and redirects end users to malicious Web pages.

Windigo, as the attack campaign has been dubbed, has been active since 2011 and has compromised systems belonging to the Linux Foundation's kernel.org and the developers of the cPanel Web hosting control panel, according to a detailed report published Tuesday by researchers from antivirus provider Eset. During its 36-month run, Windigo has compromised more than 25,000 servers with robust malware that sends more than 35 million spam messages a day and exposes Windows-based Web visitors to drive-by malware attacks. It also feeds people running any type of computer banner ads for porn services.

Hey, what's this? Linux machines are infecting Windows ones? Since there are easily 10X more windows machines to get infected than Linux ones, divide windows by 10X before you compare!

---

... Six years and it still isn't fixed. Like complaining about a security hole in Windows ME carried forward in every version to 10...

By 'eck you really have a vendetta. Good trolling there.

By what you describe as "fixed", that one quite possible isn't going to be fixed in that there isn't anything to fix other than educating people better. If anything, that problem is more an example of FLOSS being undervalued and being exploited by user ignorance...

You yourself have argued hard that you cannot fix users from deliberately running whatever malware.


What FLOSS and Linux does do is offer a better IT environment that can be completely free of Marketing coercion. You can enjoy using some very highly crafted software that works. Google is a big example that has made big business from that.

And to me, FLOSS looks to work far better than the example we have for Microsoft systems that have introduced the need for 3rd-party antivirus!

Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?...


IT is what we make it.
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?...

First of all, his name is Dan Goodin. Secondly, let's leave the personal attacks out of this. Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric.

If you bothered to read up on Dan, he's not an anti-virus seller, and he certainly by no means engages in scare tactics to bash the world outside of Microsoft.

I've chosen to ignore your petty comments that attack me, but you seriously look bad when you start attacking tech writers without knowing what you're talking about.

Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?...

First of all, his name is Dan Goodin.

Ooops, simply typo. No one is perfect especially me!

Secondly, let's leave the personal attacks out of this.

The 'vendetta' comment was towards the desperate nit-picking from Gary...

Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric.

Looking through Dan's list of recent articles on Ars, he has reported NO (NONE, ZERO, ZILCH) of anythign of any Microsoft flaws. In start contrast, his articles seize upon anything negative for all other systems, no matter whether or not petty.

Looks to me like some rare bias there...

And the widespread 'problems' do seem to have a far greater focus on Windows systems. More so than for the entire rest of the world of systems... My own bias is that is due to Marketing compromises and is in effect by design... I'm sure you will disagree.

[...]

Meanwhile, what of all the recent rather surprising articles about Microsoft waking up to Linux as reported even on Ars...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Secondly, let's leave the personal attacks out of this.

The 'vendetta' comment was towards the desperate nit-picking from Gary...

I was referring to your attacks on Dan Goodin as a Microsoft shill.

Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric.

Looking through Dan's list of recent articles on Ars, he has reported NO (NONE, ZERO, ZILCH) of anythign of any Microsoft flaws. In start contrast, his articles seize upon anything negative for all other systems, no matter whether or not petty.

Looks to me like some rare bias there...

Correlation is not causation. That Dan's most recent articles are rather widespread, and that there aren't any significant Microsoft flaws to write about on a daily basis (unless you want to resort to the pettiness other sites tend to do).

But don't take my word for it. Here's a March 18th article written by Dan:

http://arstechnica.com/security/2015/03/18/microsoft-takes-4-years-to-recover-privileged-tls-certificate-addresses/

The day before, here's an article where he criticizes Microsoft's lack of quick response:

http://arstechnica.com/security/2015/03/17/man-who-obtained-windows-live-cert-said-his-warnings-went-unanswered/

And on Feb 11th, an IE 11 flaw reported:

http://arstechnica.com/security/2015/02/11/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/

And on the 10th:

http://arstechnica.com/security/2015/02/10/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/

And on Feb 3rd:

http://arstechnica.com/security/2015/02/03/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/

These are all relatively recent articles. Perhaps you should dig deeper than just his front page recent articles.

And the widespread 'problems' do seem to have a far greater focus on Windows systems. More so than for the entire rest of the world of systems... My own bias is that is due to Marketing compromises and is in effect by design... I'm sure you will disagree.

Perhaps your own bias on blowing Microsoft security flaws out of proportion leads you to believe that every minute flaw needs to be reported on so as to scare every MS user away from that platform is preventing you from seeing the bigger picture I've been trying to provide.

And yes, I disagree with your assertion that Ars, or Dan, have been bought by Microsoft as a marketing front. Unless you have evidence to support your claim, I think it is a matter of Ars taking on a much larger approach to security while you've seized upon Microsoft alone.

I, for one, appreciate the much wider view of security-related articles that seem to be well written, and well-balanced that Dan writes. He is one of many reasons why I enjoy reading Ars' long-form journalism.

http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/

"Peter Bright" wrote:

As companies continue to beat the Internet of Things drum, promoting a world when every device is smart, and anything electronic is network connected, we have some news that shows just what a horrible idea this really is. A security firm has found that a Linux kernel driver called NetUSB contains an amateurish error that can be exploited by hackers to remotely compromise any device running the driver. The driver is commonly found in home routers, and while some offer the ability to disable it, others do not appear to do so.

NetUSB is developed by Taiwanese company KCodes. The purpose of the driver is to allow PCs and Macs to connect to USB devices over a network, so that these devices can be shared just by plugging them into a Wi-Fi router or similar. To do this, a driver is needed at each end; a client driver on the PC or Mac, and a server driver on the router itself.

This router-side driver listens to connections on TCP port 20005, and it's this driver that contains a major security flaw. SEC Consult Vulnerability Lab, which publicised the problem, discovered that the Linux driver contains a simple buffer overflow. As part of the communication between client and server, the client sends the name of the client computer; if this name is longer than 64 bytes, the buffer overflows. The company says that this overflow can be exploited to enable both denial of service (crashing the router), and remote code execution.

In its write up of the bug, the researchers described the issue as something of a throwback, writing "the '90s are calling and want their vulns back, stack buffer overflow." Simple stack buffer overflows in widely-deployed software are these days relatively unusual, as developers have become somewhat more conscientious of the danger they represent. But clearly not every developer has got the message yet.

SEC examined firmware for many SOHO routers, finding the flawed code in products from D-Link, Netgear, TP-Link, Trendnet, and ZyXEL. 92 different products, including many current generation models, were found to include the bad code (a full list is available in the advisory. A further 21 other vendors also appear to ship NetUSB products; SEC did not check those vendors' firmwares, so the dangerous driver is likely to be found in more than just those 92 devices. SEC estimates that millions of devices are affected.

Flawed code in the Linux kernel that runs in millions of routers, and a stack buffer overflow vulnerability no less.

http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/

"Peter Bright" wrote:

As companies continue to beat the Internet of Things drum, ...

NetUSB is developed by Taiwanese company KCodes. The purpose of the driver is to allow PCs and Macs to connect to USB devices over a network, ...

This router-side driver listens to connections on TCP port 20005, and it's this driver that contains a major security flaw. ... this overflow can be exploited to enable both denial of service (crashing the router), and remote code execution.

In its write up of the bug, the researchers described the issue as something of a throwback, writing "the '90s are calling and want their vulns back, stack buffer overflow." Simple stack buffer overflows in widely-deployed software are these days relatively unusual, as developers have become somewhat more conscientious of the danger they represent. But clearly not every developer has got the message yet.

... SEC estimates that millions of devices are affected.

Flawed code in the Linux kernel that runs in millions of routers, and a stack buffer overflow vulnerability no less.

Yep, quite a FUBAR.

Another good fun view is given by the bite of The Register:

'Millions' of routers open to absurdly outdated NetUSB hijack


Indeed a silly clanger that simply shouldn't be.

And indeed so... From the comments:

Because the company is too cool to use libusb…

I just had a look to see if this was a module they contributed to the Linux kernel or if it's something proprietary. So far, research hints it's [proprietary].

Digging further:

That code is not in the mainline Linux kernel and would be blasted into oblivion with creatively extremely negative verbosity long before ever reaching the eyes of Linus! No sane kernel person would put such a module directly into the kernel!! That is why we have user-space to limit any damage from any exploits that might make it through.


So, to me, that looks like cheap proprietary-ness secreting in some shoddiness for their own proprietary-rush shove-it-out-the-door quick products.

Such companies have the freedom to abuse Linux any way they like provided they abide to share any code as protected by the freedoms insisted upon by the GPL and other similar 'copy-left' licenses.


(Notably, a certain large company that is now surprisingly and rapidly moving into FLOSS needed over two years of work to get some of their proprietary code up to a reasonable enough standard to be accepted into the Linux mainline kernel. Even so, there were still some Big Boobs... ;-) )


IT is very much what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Well as we have been "reliably" informed by the OP over the past several years that most of the Internet's backbone is Linux makes the following two reports interesting to read...

Google Maps links White House to offensive terms

...but this one is a beauty...

FBI wants to ban Secure Internet by having backdoors

...what price "Secure Linux" if they succeed?

More Linux woes ... Android the fastest growing segment of Linux
http://www.cnet.com/uk/news/researcher-finds-mother-of-all-android-vulnerabilities/

Most Android phones at risk from simple text hack, researcher says

Last year, more than 1 billion Android devices shipped around the globe. Security firm Zimperium says this vulnerability could affect 95 percent of them.

Millions of eyeballs = zero security

---

This isn't good news for FLOSS
http://www.out-law.com/en/articles/2015/august/commercial-software-significantly-more-secure-than-open-source-software-says-new-report/

The software businesses build in-house or licence from suppliers is more secure than software built in an open source environment, according to a new report by software security testers.
...
It said that although commercial software contains more defects per 1,000 lines of code than open source software, the commercial software is "more in compliance" with software security standards such as the Open Web Application Security Project Top 10 and the Common Weakness Enumeration (CWE) 25 than open source software.

---

This isn't good news for FLOSS
http://www.out-law.com/en/articles/2015/august/commercial-software-significantly-more-secure-than-open-source-software-says-new-report/

The software businesses build in-house or licence from suppliers is more secure than software built in an open source environment, according to a new report by software security testers.
...
It said that although commercial software contains more defects per 1,000 lines of code than open source software, the commercial software is "more in compliance" with software security standards such as the Open Web Application Security Project Top 10 and the Common Weakness Enumeration (CWE) 25 than open source software.

FLOSS means “Free/Libre and Open Source Software”
It has nothing to do with security standards.
IT is what we want it to be.

Just do IT.

http://www.bbc.com/news/technology-33839925

The data scrambling systems used by millions of web servers could be much weaker than they ought to be, say researchers.

A study found shortcomings in the generation of the random numbers used to scramble or encrypt data.

The hard-to-guess numbers are vital to many security measures that prevent data theft.

But the sources of data that some computers call on to generate these numbers often run dry.

This, they warned, could mean random numbers are more susceptible to well-known attacks that leave personal data vulnerable.

"This seemed like just an interesting problem when we got started but as we went on it got scary," said security analyst Bruce Potter who, along with researcher Sasha Moore, carried out the study that was presented at the Black Hat security event in Las Vegas.

Isn't this random number weakness exactly what the NSA has already exploited?
https://www.techdirt.com/articles/20140422/12243126991/nist-finally-removes-nsa-compromised-crypto-algorithm-random-number-generator-recommendations.shtml

---

It had to happen, Anti-virus for Linux:
http://www.latimes.com/business/technology/la-fi-tn-wifatch-20151002-story.html

“For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities,” Symantec’s Mario Ballano said in an online post.

Linux has now joined the big boys! It has anti-virus!

---

It had to happen, Anti-virus for Linux:
http://www.latimes.com/business/technology/la-fi-tn-wifatch-20151002-story.html

“For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities,” Symantec’s Mario Ballano said in an online post.

Linux has now joined the big boys! It has anti-virus!

Anti-virus for Linux?
Internet browsers are prone to virus.
No matter what OS used.
Once per week I have to clean my browser for malware!

browsers

?? obviously you did not read the article. Has nothing to do with browsers.

---

browsers

?? obviously you did not read the article. Has nothing to do with browsers.

Merely thinking of computer viruses in general.
The article is about routers that have Linux as an OS.
I had one that you could use Telnet to access it.
Don't try that at home!

browsers

?? obviously you did not read the article. Has nothing to do with browsers.

Merely thinking of computer viruses in general.
The article is about routers that have Linux as an OS.
I had one that you could use Telnet to access it.
Don't try that at home!

Have you done that with your smartphone yet?

---

browsers

?? obviously you did not read the article. Has nothing to do with browsers.

Merely thinking of computer viruses in general.
The article is about routers that have Linux as an OS.
I had one that you could use Telnet to access it.
Don't try that at home!

Have you done that with your smartphone yet?

Smartphone? I'm sixty years old:)
Whatever.
There are plenty of ways to hack computers/phones/cars/routers...
If you want to be safe dont use computers.

Ars Technica benchmarked the recently released SteamOS against Windows for gaming performance. The results are not so good.

http://arstechnica.com/gaming/2015/11/ars-benchmarks-show-significant-performance-hit-for-steamos-gaming/

Kyle Orland @ ArsTechnica wrote:

Since Valve started publicly talking about its own Linux-powered "Steam Boxes" about three years ago now, we've wondered what kind of effect a new gaming-focused OS would have on overall PC gaming performance. On the one hand, Valve said back in 2012 that it was able to get substantial performance increases on an OpenGL-powered Linux port of Left 4 Dead 2. On the other hand, developers I talked to about SteamOS development earlier this year told me that the state of Linux's drivers, OpenGL tools, and game engines often made it hard to get Windows-level performance on SteamOS, especially if a game was built with DirectX in mind in the first place.

With this week's official launch of Valve's Linux-based Steam Machine line (for non-pre-orders), we decided to see if the new OS could stand up to the established Windows standard when running games on the same hardware. Unfortunately for open source gaming supporters, it looks like SteamOS gaming comes with a significant performance hit on a number of benchmarks.

...


All that said, right now, it seems that choosing SteamOS over a Windows box means sacrificing a significant amount of performance on many (if not most) graphically intensive 3D games. That's a pretty big cost to bear, considering that Alienware sells its Windows-powered, console-style Alpha boxes at prices that are only $50 more expensive than identically outfitted SteamOS machines. That's not to mention the fact that Steam on Windows currently has thousands of games that aren't on SteamOS—including most AAA recent releases—while SteamOS has no similar exclusives to recommend it over Windows.

Hopefully, Valve and other Linux developers can continue improving SteamOS performance to the point where high-end games can be expected to at least run comparably between Linux and Windows. Until then, though, it's hard to recommend a SteamOS box to anyone who wants to get the best graphical performance out of their PC hardware.