[GLLUG] Ebay phishers use Linux botnets

Karl Schuttler rexykik at gmail.com
Thu Oct 4 22:10:52 EDT 2007 

Just a little wink wink,

"With Windows you practically need to inject a VNC server process just to do
anything useful.  Plus, the rootkits are a bit easier to install and use
(easier to hide processes, network connections, etc.) in Linux I think,
or at least more mature."

Botnets aren't controlled over VNC, they are typically controlled over
an IRC server. If you were to botnet over VNC, you would have to do
tasks individually with each computer. The whole advantage of
botnetting is being able to use all the computers' power at the same
time.

I definitely agree, however, that owning a linux box would be more
satisfying than a windows box. But rootkits aren't that difficult to
get owned by in windows, and certainly not easier to install than in
windows; look at back oriface and the success it had. Installing in
Windows would probably be easier, seeing that privilege escalation is
much simpler in a windows environment. I don't know about the level of
maturity that you mean, but a lot of these backdoor softwares are self
propagating. Furthermore, a lot of the zombies in the bot nets aren't
going to be used for server hosts themselves, but are more likely to
be using mail clients to mail bomb spam to people in order to get them
to visit the web server of the phishers.

Having a botnet and writing malware for exploiting flaws isn't
something that just the hobby hacker is doing anymore, it is an
industry that has great payoff, and with anonymity services like Tor,
pretty simple to keep from getting caught. Keep in mind that people
are being paid to professionally develop this malware.

And yes, of course they are going to use linux for some aspects,
probably to develop in, host some of their services like the irc
server, or the webservers they need to put up a phishing site. I think
the difference is that most of the zombies probably aren't linux, but
more of the upper management is.

Karl

On 10/4/07, Michael Rudas <audiotech50 at gmail.com> wrote:
> Mark Lachniet wrote:
>
> > I'm not sure its FUD really.  The source seems credible, despite the
> > venue of the statement (Microsoft's conference).  But, when you think of
> > it, what would YOU rather hack.
>
> But, again, the presentation is titled ("eBay phishers use Linux
> botnets")-- and framed ("Phishers are getting more organized and tend
> to exploit hacked Linux boxes more than Windows, according to eBay's
> security chief.") as though the Linux boxen WERE some sort of
> sooper-seekrit botnet in-and-of themselves.
>
> Deliberate lies and distortion are being used to obscure the truth--
> which is the very DEFINITION of FUD.
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>

More information about the linux-user mailing list