You are not logged in.

#1 2014-03-19 03:32:07

MisterAnderson
Member
Registered: 2011-09-04
Posts: 284

Windigo

Anyone affected by Operation Windigo? Whether on Arch or another disto.

Windigo on Slashdot


D:

Offline

#2 2014-03-19 03:51:38

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

MisterAnderson wrote:

<snip>

The Matrix has you!

http://it.slashdot.org/comments.pl?sid= … d=46520763

alen (225700) wrote:

April fools is here early

That was my first thought.


No, I haven't heard anyone complaining about being hacked, getting a trojan horse, trojan rabbit or trojan badger.

Offline

#3 2014-03-19 04:12:16

VanillaFunk
Member
From: MA. USA
Registered: 2013-06-10
Posts: 396
Website

Re: Windigo

I would assume if folks were loading in malicious software into packages... a maintainer would have spotted something somewhere along the way from what I understood of this article.


archx86_64 : awesomewm
https://github.com/dreemsoul

Remeber to feed the squirrels

Offline

#4 2014-03-19 12:04:20

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 4,662

Re: Windigo

Check the timeline of events in http://www.welivesecurity.com/wp-conten … indigo.pdf .

The attack on kernel.org / linux foundation servers in 2011 and the infection of cPanel in 2013 are considered by ESET as being part of windigo.

Especially the first one did impact all linux users.

Edit :

an interesting aspect of windigo is that while linux servers were compromised, they didn't target linux USERS at all.

Last edited by Lone_Wolf (2014-03-19 12:06:21)


Booting with apg Openrc, NOT systemd.
Automounting : not needed, i prefer pmount
Aur helpers : makepkg + my own local repo === rarely need them

Offline

#5 2014-03-19 13:24:40

DarkCerberus
Member
From: /dev/null
Registered: 2011-12-31
Posts: 247

Re: Windigo

I thought Linux doesn't get Malware, only via using that Wine software makes Linux malware compatible... Or so I thought.

Offline

#6 2014-03-19 13:34:48

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

Lone_Wolf wrote:

an interesting aspect of windigo is that while linux servers were compromised, they didn't target linux USERS at all.

A typical penguin lover lives in his parent's basement, I think the perpetrators of this attack don't even want to spy on him, I mean the stuff he's into is scary ...
Money? What money?
Spam all his friends? Ummm, his address book isn't going to be of much value.

;-)

Offline

#7 2014-03-19 14:35:30

Steef435
Member
From: age
Registered: 2013-08-29
Posts: 405
Website

Re: Windigo

DarkCerberus wrote:

I thought Linux doesn't get Malware, only via using that Wine software makes Linux malware compatible... Or so I thought.

It doesn't get malware but malware can be given to it. tongue I'd still call this a PEBLAC error, especially if it are just trojans.

EDIT: OMG Linux != secure I'm going to Hurd bye guys.

Last edited by Steef435 (2014-03-19 14:36:14)

Offline

#8 2014-03-19 15:47:44

ANOKNUSA
Member
Registered: 2010-10-22
Posts: 2,141

Re: Windigo

DarkCerberus wrote:

I thought Linux doesn't get Malware, only via using that Wine software makes Linux malware compatible... Or so I thought.

That kind of thinking might be useful for selling Macs to folks who don't know any better,* but it's not very good security policy. Linux systems can be infected by malware like trojans and rootkits just like any other OS. It's just never really been worth anyone's time to write malware aimed at desktop users, since very few black-hats out there write malware just because they can.  Servers are a different matter, but for such a prolonged "operation," one would think we'd have heard about a payoff for the crackers in question by now.

* Not intended to disparage OS X or folks who use it. I've personally heard a salesperson in an Apple store use the "Macs can't get viruses" line during a sales pitch, though.  Granted he was just a kid with a quota to fill, but still...  It's kinda like selling a gun to someone on the grounds that it has a fail-proof safety switch; you're practically encouraging carelessness and human error.

Offline

#9 2014-03-19 16:09:27

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 3,570
Website

Re: Windigo

ANOKNUSA wrote:

I've personally heard a salesperson in an Apple store use the "Macs can't get viruses" line during a sales pitch, though.

It's true, isn't it? (Serious) Are there any known viruses for Mac OS X or Linux?

I check every year or so by doing a quick Internet search for any news on the subject but nothing ever comes up.

Offline

#10 2014-03-19 16:31:38

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

drcouzelis wrote:
ANOKNUSA wrote:

I've personally heard a salesperson in an Apple store use the "Macs can't get viruses" line during a sales pitch, though.

It's true, isn't it? (Serious) Are there any known viruses for Mac OS X or Linux?

I check every year or so by doing a quick Internet search for any news on the subject but nothing ever comes up.

http://en.wikipedia.org/wiki/Linux_malware#Threats ?

Last edited by karol (2014-03-19 16:32:12)

Offline

#11 2014-03-19 16:56:24

Steef435
Member
From: age
Registered: 2013-08-29
Posts: 405
Website

Offline

#12 2014-03-20 04:15:16

ANOKNUSA
Member
Registered: 2010-10-22
Posts: 2,141

Re: Windigo

drcouzelis wrote:
ANOKNUSA wrote:

I've personally heard a salesperson in an Apple store use the "Macs can't get viruses" line during a sales pitch, though.

It's true, isn't it? (Serious) Are there any known viruses for Mac OS X or Linux?

I check every year or so by doing a quick Internet search for any news on the subject but nothing ever comes up.

Sure it's a super rare occurrence, but that wasn't really my point. Telling the average person who doesn't understand some of the intricacies of computer security that there aren't any viruses is akin to saying "You have absolutely nothing to ever worry about."  Every security breach results, either directly or indirectly, from misguided complacence  and/or carelessness.

Offline

#13 2014-03-20 09:57:46

graysky
Member
From: The worse toilet in Scotland
Registered: 2008-12-01
Posts: 8,818
Website

Re: Windigo

Steef435 wrote:

I'd still call this a PEBLAC error, especially if it are just trojans.

What does the "L" stand for?  Thought it should be a "K"...


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#14 2014-03-20 10:22:28

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

graysky wrote:
Steef435 wrote:

I'd still call this a PEBLAC error, especially if it are just trojans.

What does the "L" stand for?  Thought it should be a "K"...

'Lounge chair'?
Leopard?
:-)


Edit: Sorry, I need some more coffee ...

Last edited by karol (2014-03-20 10:26:11)

Offline

#15 2014-03-20 10:58:43

skanky
Member
From: WAIS
Registered: 2009-10-23
Posts: 1,844

Re: Windigo

graysky wrote:
Steef435 wrote:

I'd still call this a PEBLAC error, especially if it are just trojans.

What does the "L" stand for?  Thought it should be a "K"...

"Linux"


"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Offline

#16 2014-03-20 12:50:07

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 3,570
Website

Re: Windigo

THAT'S IT! I give up! mad

I'm switching to MenuetOS.

ANOKNUSA wrote:

Sure it's a super rare occurrence, but that wasn't really my point. Telling the average person who doesn't understand some of the intricacies of computer security that there aren't any viruses is akin to saying "You have absolutely nothing to ever worry about."  Every security breach results, either directly or indirectly, from misguided complacence and/or carelessness.

That's true. smile

Last edited by drcouzelis (2014-03-20 12:51:07)

Offline

#17 2014-03-20 12:54:39

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

drcouzelis wrote:

THAT'S IT! I give up! mad

I'm switching to MenuetOS.

http://vxheavens.com/lib/vsp06.html
http://www.thehackademy.net/madchat/vxd … ymoron.asm

<whistles innocently>

Offline

#18 2014-03-20 14:11:56

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 3,570
Website

Re: Windigo

...Windows 3.1? (The viruses can't get me if their all dead. wink)

Nah, I guess I'll just have to become a responsible computer user. tongue

Offline

#19 2014-03-20 14:25:56

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

How's Commodore 64 doing these days? ;P



I think that the thread's title could be expanded so it reads

Operation Windigo: malware attack that infected 25k Linux/UNIX servers

Offline

#20 2014-03-20 15:04:46

Steef435
Member
From: age
Registered: 2013-08-29
Posts: 405
Website

Re: Windigo

graysky wrote:
Steef435 wrote:

I'd still call this a PEBLAC error, especially if it are just trojans.

What does the "L" stand for?  Thought it should be a "K"...

Like Karol said, it's the xkcd joke(Leopard).

Let's not forget about java exploits either.

Last edited by Steef435 (2014-03-20 15:05:08)

Offline

#21 2014-03-21 13:19:12

simpla
Member
From: Mudgee NSW, Australia
Registered: 2012-08-01
Posts: 3

Re: Windigo

I found this pdf describing how it all works etc.. http://www.welivesecurity.com/wp-conten … indigo.pdf

Offline

#22 2014-03-21 13:25:13

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

simpla wrote:

I found this pdf describing how it all works etc.. http://www.welivesecurity.com/wp-conten … indigo.pdf

Lone_Wolf found it first: https://bbs.archlinux.org/viewtopic.php … 8#p1394318 :-)


Maybe Windows "requiring" a reinstallation every 6 months is a good thing. Even if you got the system infected, formatting the drive could very well take care of it in certain situations ;-)

Offline

#23 2014-03-21 13:33:05

simpla
Member
From: Mudgee NSW, Australia
Registered: 2012-08-01
Posts: 3

Re: Windigo

Also found some server stuff to possibly help block it until the creators update it again...
https://github.com/eset/malware-ioc/tree/master/windigo

Offline

#24 2014-03-21 13:35:06

simpla
Member
From: Mudgee NSW, Australia
Registered: 2012-08-01
Posts: 3

Re: Windigo

karol wrote:
simpla wrote:

I found this pdf describing how it all works etc.. http://www.welivesecurity.com/wp-conten … indigo.pdf

Lone_Wolf found it first: https://bbs.archlinux.org/viewtopic.php … 8#p1394318 :-)


Maybe Windows "requiring" a reinstallation every 6 months is a good thing. Even if you got the system infected, formatting the drive could very well take care of it in certain situations ;-)

Yes sorry.. He did.  I didn't follow the link or take notice of it. sorry.

Offline

#25 2014-03-21 13:40:28

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Windigo

simpla wrote:

Also found some server stuff to possibly help block it until the creators update it again...
https://github.com/eset/malware-ioc/tree/master/windigo

Aaaaaand you broke github: https://status.github.com/

13:35 UTC
We are continuing to work to mitigate the attack and reduce the number of legitimate users who are flagged as attack traffic.

Offline

Board footer

Powered by FluxBB