Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Major Linux virus, or systemd weakness?
View unanswered posts
View posts from last 24 hours

 
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1342
Location: Fayetteville, NC, USA

PostPosted: Sun Feb 24, 2019 11:13 pm    Post subject: Major Linux virus, or systemd weakness? Reply with quote

I am curious as to how this virus gets into the sytem and works. I am amazed that somebody was running a business on Ubuntu, but that also lends to my curiosity about whether or not this is due to systemd or something which affects us all, like a kernel flaw...

Linux Server Virus
_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7048
Location: almost Mile High in the USA

PostPosted: Sun Feb 24, 2019 11:30 pm    Post subject: Reply with quote

Systemd security issues would more likely be victim to local attacks. Unless the server was compromised by a local attack because someone downloaded malware and ran it on that machine, it's not likely systemd and something more typical like wordpress or myphpadmin.

The trouble with these security holes is that it's not always easy to find the hole, apparently the people on those threads are still looking for the entry point and binary, so things are still not quite figured out yet.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6960

PostPosted: Mon Feb 25, 2019 10:10 am    Post subject: Reply with quote

eccerr0r wrote:
and something more typical like wordpress or myphpadmin.

Or even more weird stuff like running a webserver thru wine under ubuntu ; never forget people are nuts :)
Back to top
View user's profile Send private message
pun_guin
Apprentice
Apprentice


Joined: 06 Feb 2018
Posts: 188

PostPosted: Mon Feb 25, 2019 12:09 pm    Post subject: Reply with quote

Does systemd count as a virus?
_________________
I already use the new Genthree.
Back to top
View user's profile Send private message
runningnak3d
n00b
n00b


Joined: 05 Sep 2018
Posts: 39

PostPosted: Mon Feb 25, 2019 12:16 pm    Post subject: Reply with quote

pun_guin wrote:
Does systemd count as a virus?


Absolutely it does. It has infected so many aspects of most distros, that it can't be classified as anything else.

-- Brian
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7048
Location: almost Mile High in the USA

PostPosted: Mon Feb 25, 2019 5:07 pm    Post subject: Reply with quote

If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6957
Location: Saint Amant, Acadiana

PostPosted: Mon Feb 25, 2019 6:34 pm    Post subject: Reply with quote

One can share the web directory over SAMBA and the Windows machine connected to it will happily encrypt it.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
figueroa
Guru
Guru


Joined: 14 Aug 2005
Posts: 401
Location: GA-USA

PostPosted: Mon Feb 25, 2019 7:58 pm    Post subject: Reply with quote

My best guess -- fake news!
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
steve_v
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2004
Posts: 113
Location: New Zealand

PostPosted: Mon Feb 25, 2019 10:08 pm    Post subject: Re: Major Linux virus, or systemd weakness? Reply with quote

The_Great_Sephiroth wrote:
I am curious as to how this virus gets into the sytem and works.
I can't find any detail on that one in particular, but 99.9% of all "linux viruses" get in by exploiting flaws in web applications, not in the Linux system itself. Dodgy PHP extensions, database injection and the like.

Wording like "infects Linux servers" and "website encrypted" make me think that this is probably the same.


figueroa wrote:
My best guess -- fake news!
There appears to be no reliable information available about this ransomware at all, and no analysis or reverse engineering up on the 'net that I can see. Either nobody has a sample to inspect, or your guess is correct.
_________________
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5584

PostPosted: Tue Feb 26, 2019 1:13 am    Post subject: Reply with quote

eccerr0r wrote:
If this is going to devolve into a systemd bashing thread, might well report this thread to a moderator and link it to systemd politics...

Firmly agree. After skimming the article for five seconds - more than most people apparently did - it's obviously about $php_CMS_worm_of_the_week, because they mention it affects windows users too.

Clickbait. Both the article and this thread.
Back to top
View user's profile Send private message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1342
Location: Fayetteville, NC, USA

PostPosted: Tue Feb 26, 2019 2:36 am    Post subject: Reply with quote

Not clickbait. Genuine concern. It is rare I hear about a Linux virus but I did want to understand it, if it was legit. The site was online yesterday indicating to me that it was a legit ransom. That is what brought me here. I do not work for ANY news organization. I do I T for a living.

Also, I despise systemd but did not intend to start a debate on it. I just thought that maybe systemd, with its many security holes could be at fault here, which would make me fell better since I do not use it.
_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2546

PostPosted: Tue Feb 26, 2019 2:48 am    Post subject: Reply with quote

Yes, if this devolves into systemd bashing then we can expect some saber rattling. The joke was amusing for one post, now on to the "virus" issue. At least until someone can provide evidence that the exploit was systemd and not php or some (extremely) more likely vector.

I think the answer to The_Great_Sephiroth is that Linux's greatest vulnerability remains between the keyboard and the chair. Don't let noobs have root access, don't run with scissors, etc.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Maitreya
Guru
Guru


Joined: 11 Jan 2006
Posts: 407

PostPosted: Tue Feb 26, 2019 12:24 pm    Post subject: Reply with quote

Yeah this is nowhere the fault of Ubuntu nor Linux.

Probably a combination of a non patched wordpress, chmod'ed 777 webdir.
Or similar PEBKAC stupidity.
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Tue Feb 26, 2019 8:17 pm    Post subject: Reply with quote

SystemD always had security flaws, that's why I don't use it. SystemDOS is next. OpenRC+eudev all the way!
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2546

PostPosted: Tue Feb 26, 2019 11:00 pm    Post subject: Reply with quote

Locked, since this is devolving into another systemd flame thread. I did try to warn you.

If anyone is interested in discussing the virus issue further I'm completely willing to unlock this thread so long as it remains on topic. Feel free to pm me.

--The Doctor
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum