Linux Worm
-
I guess Linux has problems just like MS does. Linux Worm - Slapper[^] Apparently this one spread fast in it's initial "release" that the Code Red worm. I can see the flames coming. :) Nick Parker
**The goal of Computer Science is to build something that will last at least until we've finished building it. - Unknown
**
INteresting read.Thanks for the link Nick. Regards, Brian Dela :-)
-
Um. No. 1. Let's count the number of "Linux worms"* vs. the number of IIS worms. okay, didn't think you wanted to do that. 2. Um, apache currently has > 60% of the WWW market share. It's certainly odd that my apache logs are filling up with Nimda & Code Red, over a year later. On top of that, I still have _yet_ to get one of these SSL worms. :) Of course, I mean all this in the nicest way possible. IIS is a good deal easier to configure. But, let's not spread FUD in either direction.. :) not a linux worm, dolts - it's an apache worm evilpen dot net::msn messenger:negacao@hotmail.com
Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Regards, Brian Dela :-)
-
Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Regards, Brian Dela :-)
Brian Delahunty wrote: Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Maybe... although writing worms for Unix system was more en vogue 10-15 years ago. Maybe it's just gone out of style. :-D "Time spent with cats is never wasted." - Colette
-
Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Regards, Brian Dela :-)
Um, you say "Let's be honest" and express your opinion in the same sentence? Well, in that case: Let's be honest; most of these virii/worms are targeted at MS products because they're easier to get into. Flat out, MS products a script-kiddie heaven. Only the good ones can get into a Unix/* system. evilpen dot net::msn messenger:negacao@hotmail.com
-
Um. No. 1. Let's count the number of "Linux worms"* vs. the number of IIS worms. okay, didn't think you wanted to do that. 2. Um, apache currently has > 60% of the WWW market share. It's certainly odd that my apache logs are filling up with Nimda & Code Red, over a year later. On top of that, I still have _yet_ to get one of these SSL worms. :) Of course, I mean all this in the nicest way possible. IIS is a good deal easier to configure. But, let's not spread FUD in either direction.. :) not a linux worm, dolts - it's an apache worm evilpen dot net::msn messenger:negacao@hotmail.com
Kristopher wrote: 1. Let's count the number of "Linux worms"* vs. the number of IIS worms. okay, didn't think you wanted to do that. This is just the beginning. You mention it yourself below. It has +60% of the market share. More will come, no doubts! Kristopher wrote: 2. Um, apache currently has > 60% of the WWW market share. It's certainly odd that my apache logs are filling up with Nimda & Code Red, over a year later. On top of that, I still have _yet_ to get one of these SSL worms. The worms will come, I assure you. (Not that I have any inside-information ;P) It's more common these days to manually hack Unix-boxes than it is to wormify them. But sooner or later, it will be trendier to send out worms instead of doing manual labour. Oh.. btw, you haven't forgot about Tappen Morris Jr's worm which took out most of the internet some decade ago? Kristopher wrote: Of course, I mean all this in the nicest way possible. IIS is a good deal easier to configure. But, let's not spread FUD in either direction.. It's not FUD. It's reality! I'm not saying Linux is bad and Windows is better, nor the opposite! I'm just claiming that there a lot of newbies who have wielded something they can't handle. And some of these think they are "the überguru of the world" just because they run some operating system which is not mainstream. Since there are no sensible security models implemented in mainstream operating systems today, these kinds of attacks will just keep coming. Why can't mainstream operating systems do like OpenBSD? Default install has everything closed. You have to open services up manuall - and hopefully the admin will give it a thought before doing so! Redhat & co and Windows are despicable when it comes to the default install. Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
-
Kristopher wrote: 1. Let's count the number of "Linux worms"* vs. the number of IIS worms. okay, didn't think you wanted to do that. This is just the beginning. You mention it yourself below. It has +60% of the market share. More will come, no doubts! Kristopher wrote: 2. Um, apache currently has > 60% of the WWW market share. It's certainly odd that my apache logs are filling up with Nimda & Code Red, over a year later. On top of that, I still have _yet_ to get one of these SSL worms. The worms will come, I assure you. (Not that I have any inside-information ;P) It's more common these days to manually hack Unix-boxes than it is to wormify them. But sooner or later, it will be trendier to send out worms instead of doing manual labour. Oh.. btw, you haven't forgot about Tappen Morris Jr's worm which took out most of the internet some decade ago? Kristopher wrote: Of course, I mean all this in the nicest way possible. IIS is a good deal easier to configure. But, let's not spread FUD in either direction.. It's not FUD. It's reality! I'm not saying Linux is bad and Windows is better, nor the opposite! I'm just claiming that there a lot of newbies who have wielded something they can't handle. And some of these think they are "the überguru of the world" just because they run some operating system which is not mainstream. Since there are no sensible security models implemented in mainstream operating systems today, these kinds of attacks will just keep coming. Why can't mainstream operating systems do like OpenBSD? Default install has everything closed. You have to open services up manuall - and hopefully the admin will give it a thought before doing so! Redhat & co and Windows are despicable when it comes to the default install. Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
Um. "Maintream" operating systems? Well, for example: - RedHat, Mandrake, Gentoo Linux, FreeBSD: Not one of these has a webserver in the default install. Oh, and "the worms are coming" bullshit - you seem to think that apache has _recently_ gained this amount of marketshare.. Um, no. evilpen dot net::msn messenger:negacao@hotmail.com
-
Brian Delahunty wrote: Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Maybe... although writing worms for Unix system was more en vogue 10-15 years ago. Maybe it's just gone out of style. :-D "Time spent with cats is never wasted." - Colette
Navin wrote: Maybe... although writing worms for Unix system was more en vogue 10-15 years ago. Maybe it's just gone out of style. I think that people were under the impression that *nx systems were always under the watchful eye of some tape_on_the_bridge_of_the_glasses system admin and any attempt to crack in would result instantly in a black van pulling up to the front of your house and you never being seen again... I think that most admins look at Windows with all the fancy GUI and wizzards and stuff and think that they don't have to watch it at all. Boy, I think that some crackers and some *nx admins are in for a big surprize :)
-
Um, you say "Let's be honest" and express your opinion in the same sentence? Well, in that case: Let's be honest; most of these virii/worms are targeted at MS products because they're easier to get into. Flat out, MS products a script-kiddie heaven. Only the good ones can get into a Unix/* system. evilpen dot net::msn messenger:negacao@hotmail.com
The problem is that the 'good ones' will get in, drop a tag so they can proove they have been there and then leave. The 'script-kiddie' get's in by accident because he finally got the app to work, then he accidently trashes things while he is in there. I separate the 'good ones' from the 'destructive' ones only because a 'good one' is not interested in bringing the system down, only the thrill of the attack.
-
I guess Linux has problems just like MS does. Linux Worm - Slapper[^] Apparently this one spread fast in it's initial "release" that the Code Red worm. I can see the flames coming. :) Nick Parker
**The goal of Computer Science is to build something that will last at least until we've finished building it. - Unknown
**
Nick Parker wrote: I guess Linux has problems just like MS does. Uhm, Linux has always had tons more problems than MS. If you were to search google right now for 'stack overflow' then you'd get more than 1,000 *unique* responses targeting *nix programs. There are tons of exploits for *nix when compared to MS boxes.
-
Brian Delahunty wrote: Lets be honest. Most people who create these viri/worms etc target them at MS products. If they spent as much time trying to poke hole at linux there'd be a lot more worms/viri etc for the *nix platform. Thats just my opinion. Maybe... although writing worms for Unix system was more en vogue 10-15 years ago. Maybe it's just gone out of style. :-D "Time spent with cats is never wasted." - Colette
Navin wrote: Maybe it's just gone out of style. And the fact that there are way more machines with MS Software... Regards, Brian Dela :-)
-
Um, you say "Let's be honest" and express your opinion in the same sentence? Well, in that case: Let's be honest; most of these virii/worms are targeted at MS products because they're easier to get into. Flat out, MS products a script-kiddie heaven. Only the good ones can get into a Unix/* system. evilpen dot net::msn messenger:negacao@hotmail.com
Kristopher wrote: Um, you say "Let's be honest" and express your opinion in the same sentence? I do apologise for my crappy grasp of the human language :-D Kristopher wrote: most of these virii/worms are targeted at MS products because they're easier to get into. Some of them are yes.. Not all. I personally use both a lot... I think that there isn't all that much of a difference. A linux box with a sys admin who's an idiot is far easier to "get into" then a windows machine with a idiot driving. Regards, Brian Dela :-)
-
Navin wrote: Maybe... although writing worms for Unix system was more en vogue 10-15 years ago. Maybe it's just gone out of style. I think that people were under the impression that *nx systems were always under the watchful eye of some tape_on_the_bridge_of_the_glasses system admin and any attempt to crack in would result instantly in a black van pulling up to the front of your house and you never being seen again... I think that most admins look at Windows with all the fancy GUI and wizzards and stuff and think that they don't have to watch it at all. Boy, I think that some crackers and some *nx admins are in for a big surprize :)
Yup. Too many "power-user-wannabees" are getting jobs these days. They wouldn't manage to do any configurations using vi, even if vi jumped up and bit them in the ass! There is no pride in Unix sysadminship anymore.. :/ It used to be a craftmanship, but now any moron can do it by selecting check box named "Server Installation", pressing Ok a few times. Wham! You have a server with approximately 1200% more services running than you need in the first place. I used to work as a teacher at a university. You would not believe how clueless the sysadmins were! I got at least 10 phone calls a week requesting my help. Gah. There is no pride in system administration no more I tell you! Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
-
Um. No. 1. Let's count the number of "Linux worms"* vs. the number of IIS worms. okay, didn't think you wanted to do that. 2. Um, apache currently has > 60% of the WWW market share. It's certainly odd that my apache logs are filling up with Nimda & Code Red, over a year later. On top of that, I still have _yet_ to get one of these SSL worms. :) Of course, I mean all this in the nicest way possible. IIS is a good deal easier to configure. But, let's not spread FUD in either direction.. :) not a linux worm, dolts - it's an apache worm evilpen dot net::msn messenger:negacao@hotmail.com
Perhaps now that Linux is becoming more popular this sort of thing will be on the rise - hopefully not. Attacking open source projects seems excessively dense to me, but then who knows what goes on in the mind of a virus writer... X| The following statement about your geekness is true. The previous statement about your geekness is false.
-
Um. "Maintream" operating systems? Well, for example: - RedHat, Mandrake, Gentoo Linux, FreeBSD: Not one of these has a webserver in the default install. Oh, and "the worms are coming" bullshit - you seem to think that apache has _recently_ gained this amount of marketshare.. Um, no. evilpen dot net::msn messenger:negacao@hotmail.com
Did you count all other services running? Have you ever seen a Redhat box boot up? Please count all services coming up, ready to be attacked. I know RedHat used to include a webserver in the default "server installation" alongside with a billion of other crap services. I can't remember the defaults in Mandrake, but I know it too pushed a lot of crap into any default install. It is NOT sane to let million lines of code run on a system, especially when you don't utilize a tenth of it. That's just being ignorant of security problems that DO exist. Kristopher wrote: Oh, and "the worms are coming" bullshit - you seem to think that apache has _recently_ gained this amount of marketshare.. Um, no. Bullshit huh? Unix computers are the most hacked systems around. Why? Because you can use them for your own purposes after it's been compromised. You can't do much with a Windows box after it has been compromised, other than messing with it. Unix is way more usable much thanks to interactive logins. Now that the old school hackers seem to be a dying breed, you'll see that new trend will be to just f**k with servers. Best way to do that with getting easily caught? Worms. Apache isn't the only thing that's been attacked during the years. Pretty much everything from fingerd to sendmail has been hacked. And since there are no formal security reviews of most open source software packages (except for non-port OpenBSD-stuff), these vulnerabilities will not go away. And why are you so keen on calling me a bullshitter? Are you arguing skills so bad you have to resort to calling names? If you think I'm a Linux-basher, you are wrong. If that's the main reason why you are calling me names, you can stop now. Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
-
Nick Parker wrote: I guess Linux has problems just like MS does. Uhm, Linux has always had tons more problems than MS. If you were to search google right now for 'stack overflow' then you'd get more than 1,000 *unique* responses targeting *nix programs. There are tons of exploits for *nix when compared to MS boxes.
This fact is most likely related to the vast amount of Unix-versions out there. But you're right, there are a lot of exploits for Unix-like systems. A Unix sysadmin must regularly check for new exploits on bugtraq et al, and double check every new installation (which unfortunately very few does). Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
-
Um, you say "Let's be honest" and express your opinion in the same sentence? Well, in that case: Let's be honest; most of these virii/worms are targeted at MS products because they're easier to get into. Flat out, MS products a script-kiddie heaven. Only the good ones can get into a Unix/* system. evilpen dot net::msn messenger:negacao@hotmail.com
ROFL.
David Wulff http://www.davidwulff.co.uk
Pro wrestling is entertainment for the unentertained unentertainable.
-
I guess Linux has problems just like MS does. Linux Worm - Slapper[^] Apparently this one spread fast in it's initial "release" that the Code Red worm. I can see the flames coming. :) Nick Parker
**The goal of Computer Science is to build something that will last at least until we've finished building it. - Unknown
**
The fix for the security hole this worm uses was published over a month before it started to spread. Another article claims that the number of infected machines peaked at about 7000, and the fast initial growth stopped quickly.
-
I guess Linux has problems just like MS does. Linux Worm - Slapper[^] Apparently this one spread fast in it's initial "release" that the Code Red worm. I can see the flames coming. :) Nick Parker
**The goal of Computer Science is to build something that will last at least until we've finished building it. - Unknown
**
How would you go about cooking one of these Linux worms? Can you eat them in the same dishes as earthworms? :~
David Wulff http://www.davidwulff.co.uk
Pro wrestling is entertainment for the unentertained unentertainable.
-
How would you go about cooking one of these Linux worms? Can you eat them in the same dishes as earthworms? :~
David Wulff http://www.davidwulff.co.uk
Pro wrestling is entertainment for the unentertained unentertainable.
And do you eat those Linux worms while they are still warm, or do you wait till they get cold? I would think that a warm Linux worm would go nicely with chilled beer to wash it down. :rolleyes: Q. Why doesn't the Linux worm like winter? A. Because it's cold!
Regards,Rohit Sinha
-
Did you count all other services running? Have you ever seen a Redhat box boot up? Please count all services coming up, ready to be attacked. I know RedHat used to include a webserver in the default "server installation" alongside with a billion of other crap services. I can't remember the defaults in Mandrake, but I know it too pushed a lot of crap into any default install. It is NOT sane to let million lines of code run on a system, especially when you don't utilize a tenth of it. That's just being ignorant of security problems that DO exist. Kristopher wrote: Oh, and "the worms are coming" bullshit - you seem to think that apache has _recently_ gained this amount of marketshare.. Um, no. Bullshit huh? Unix computers are the most hacked systems around. Why? Because you can use them for your own purposes after it's been compromised. You can't do much with a Windows box after it has been compromised, other than messing with it. Unix is way more usable much thanks to interactive logins. Now that the old school hackers seem to be a dying breed, you'll see that new trend will be to just f**k with servers. Best way to do that with getting easily caught? Worms. Apache isn't the only thing that's been attacked during the years. Pretty much everything from fingerd to sendmail has been hacked. And since there are no formal security reviews of most open source software packages (except for non-port OpenBSD-stuff), these vulnerabilities will not go away. And why are you so keen on calling me a bullshitter? Are you arguing skills so bad you have to resort to calling names? If you think I'm a Linux-basher, you are wrong. If that's the main reason why you are calling me names, you can stop now. Woe to you, Oh Earth and Sea,for the Devil sends the beast with wrath, because he knows the time is short... Let him who hath understanding reckon the number of the beast for it is a human number, it's number is Six hundred and sixty six
IF YOU INSTALL THE SERVER, YOU ARE GOING TO GET SERVERS. Sheesh! Your statements are comparitive to being suprised the Windows 2000 Server comes with a &$*@#^$ server. btw, i called your statement bullshit; if being a bullshitter comes naturally to you, please continue. :) evilpen dot net::msn messenger:negacao@hotmail.com