0

Security researchers at Sophos Labs have revealed that nearly 70 percent of all Linux honeypot infections are caused by a single virus. Perhaps even more shocking, all things considered, is the fact that the virus in question, Linux/Rst-B, is actually six years old now. So concerned is Sophos at this identified trend that is has now made a specific tool available just to detect whether this one virus is present on your Linux based computer or server.

The fact that Linux servers are of great interest to the cyber-criminal fraternity should come as no surprise, after all these are likely to be 24/7 running machines and because the general (misplaced) perception is that Windows based systems are inherently insecure and Linux ones the opposite, protection against malware attack is sadly lacking. The cold, harsh truth is that Linux systems are pretty much ideal for being compromised for use as a botnet controller, ironically more often than not being in control of a virtual army of infected Windows PCs.

"The number of malware programs in existence is around 350,000, and while only a very small number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.

Meanwhile, Billy McCourt, a SophosLabs UK researcher, wants your help to determine just how prominent these Linux based botnet controllers are. In order to do this he is asking that anyone who is not running some kind of anti-virus solution on their Linux boxes to run the small rudimentary Linux/Rst-B scanner and contact the labs with the results if they show that you have been infected. Billy asks that you scan your whole system but if this isn't feasible then at least scan your /bin /usr/bin /tmp /var/tmp /sbin and /usr/sbin directories and send any infected files (in encrypted format) to rstb@sophos.com who will check whether they are infected hacking tools or just infected standard binaries.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.