Authorities Shut Down Linux Server Botnet

[HardOCP News]

Thanks to the efforts of these hard working researchers, the six year old, 4,000-strong Mumblehard botnet has been taken down. The crooks have been hijacking unsuspecting Linux servers, turning them into spam machines, since early 2010.

One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016. ESET is operating a sinkhole server for all known Mumblehard components. We are sharing the sinkhole data with CERT-Bund, which is taking care of notifying the affected parties around the world through their national CERTs.

 

[Zarathustra[H]]

In before people poke fun at Linux being secure.

Note that most of these are due to people setting up game and other servers with default settings and never changing default passwords.

From a security perspective, I'd still take Linux over anything Microsoft or Apple by a country mile.

Just goes to show that whatever OS you use, you can't fix stupid.

 

[ShagnWagn]

It appears the daily "your paypal will be limited" broken english spam phish emails (LOL) are still coming through... :/

 

[devil22]

Security arguments in favor of Linux vs. Microsoft are usually disingenuous, they assume a stupid windows user vs. an educated Linux user. If all the computer illiterate Windows users switched to Linux, the security situation would be similar. Windows and Linux have very much the same security mechanisms: standard users, DEP, ASLR, firewall, etc. While Linux have the controlled app distribution I can't see people are going to want to stick to it, MS offers an app store as an *option* and the paranoia is thick and heavy. Any Linux distro that was used by mainstream users would have to allow something similar to Windows, click on a link on a website, download a file and execute it, 1 billion computer users are not going to learn how to use a command line to chmod just to use their computers. Even if they did, they'd probably do it for malware too.

 

[Zarathustra[H]]

Security arguments in favor of Linux vs. Microsoft are usually disingenuous, they assume a stupid windows user vs. an educated Linux user. If all the computer illiterate Windows users switched to Linux, the security situation would be similar. Windows and Linux have very much the same security mechanisms: standard users, DEP, ASLR, firewall, etc. While Linux have the controlled app distribution I can't see people are going to want to stick to it, MS offers an app store as an *option* and the paranoia is thick and heavy. Any Linux distro that was used by mainstream users would have to allow something similar to Windows, click on a link on a website, download a file and execute it, 1 billion computer users are not going to learn how to use a command line to chmod just to use their computers. Even if they did, they'd probably do it for malware too.

Mostly agreed. The user is much more important than the system when it comes to security. No operating system is going to be secure if set up by someone who doesn't know what they are doing.

That being said, you hear about properly firewalled and configured Windows machines getting compromised a lot more often than you properly configured Linux boxes.

 

[heatlesssun]

That being said, you hear about properly firewalled and configured Windows machines getting compromised a lot more often than you properly configured Linux boxes.

Do we?

 

[devil22]

Mostly agreed. The user is much more important than the system when it comes to security. No operating system is going to be secure if set up by someone who doesn't know what they are doing.

That being said, you hear about properly firewalled and configured Windows machines getting compromised a lot more often than you properly configured Linux boxes.

Probably because there are 92 Windows machines for every Linux machine. And most Linux machines are single function (just run a web server, etc.) instead of being used interactively by some fool searching for porn, music and warez. I do a variety of activities on my Windows machines, and haven't had malware since 2003 when I accidentally plugged an unfirewalled XP RTM into the net. Shipping XP unfirewalled was a huge mistake, but since they rectified that the security is not really any different between the main OSes.