Unix security system

Spam sent from Windigo-affected serverIf you run a website on a Linux server or are responsible for the security of your company’s Unix servers, there’s something very important you should do right now.

Researchers at ESET, in collaboration with CERT-Bund, the European Organization for Nuclear Research (CERN), the Swedish National Infrastructure for Computing and other agencies, have uncovered a widespread cybercriminal operation that has seized control of tens of thousands of Unix servers.

And if your system is found to be infected, experts strongly recommend you re-install the operating system, and consider all credentials used to log into the machine as compromised. In short, if you are a victim, all passwords and private OpenSSH keys should be changed.

Windigo redirects iPhone users to X-rated websitesThe attack, which has been given the name “Windigo” after a mythical creature from Algonquian Native American folklore, has resulted in over 25, 000 Unix servers being hacked, resulting in 35 million spam messages being sent each day from compromised machines.

That would be bad enough, normally.

But in this case, malicious hackers have also been using hijacked web servers to infect visiting Windows PCs with click fraud and spam-sending malware, and display dating website adverts to Mac users.

Even smartphone users don’t escape – finding their iPhones redirected to X-rated content, with the intention of making money for the cybercriminals.

Victims by operating system

ESET’s security research team has published a detailed technical paper into “Operation Windigo”, and says it believes that the cybercrime campaign has been gathering strength, largely unnoticed by the security community, for over two and a half years.

“Over 35 million spam messages are being sent every day to innocent users’ accounts, clogging up inboxes and putting computer systems at risk. Worse still, each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements, ” said ESET security researcher Marc-Étienne Léveillé.

In its attempt to hijack servers and infect computers, Windigo uses a complex knot of sophisticated malware components including Linux/Ebury (an OpenSSH backdoor and credential stealer that was the subject of a detailed investigation by ESET researchers earlier this month), Linux/Cdorked, Perl/Calfbot, Linux/Onimiki, Win32/Glubteba.M, and Win32/Boaxxe.G.

During a single weekend, ESET researchers observed more than 1.1 million different IP addresses going through part of Windigo’s infrastructure, before being redirected to servers hosting exploit kits.

An analysis of the visiting computers revealed a wide range of operating systems being used.

This in itself threw up some light relief, as researchers discovered that “23 people apparently still browse the Internet on Windows 98, and one person even does it on Windows 95.”

You might also like

Alternative Open Source Hosting Control Panels  — TheHostingNews.com
Zpanel – Written in PHP, Zpanel is light and flexible, working on Windows, Linux and other Unix-like operating systems. It supports modules, themes and more.

iXsystems FreeNAS Mini - Network Attached Storage (12TB)
PC Accessory (iXsystems)
  • Energy efficient, powerful Intel Eight-Core 2.4GHz CPU, 17 Watt max power draw, 16GB of ECC memory (32GB upgrade optional, see our amazon listings), 4 x 3TB Western...
  • FreeNAS supports sharing for every major operating system with SMB/CIFS (Windows file shares), NFS (Unix file shares) and AFP (Apple File Shares) as well as FTP...
  • FreeNAS Plug-ins for PLEX, DLNA Streaming Media Server functionality, and many other services for the home & office.
  • FreeNAS supports multiple data protection features such as ZFS RAID, full-disk encryption, snapshots & replication.
  • 3 x USB 2.0 Ports (2 front, 1 rear), 1 x Serial Port (DB9), 1 x VGA and Physical Security with locking front bezel, latchable drive trays, and chassis lock eyelet...
Apple Mac OS X Version 10.5.4 Leopard Server Unlimited Client
Software (Apple)
  • Unlimited-client edition of Apple s award-winning UNIX server operating system; makes it easy for small businesses, workgroups, and enterprises to take full advantage...
  • Share calendars, schedule meetings, and coordinate events with iCal Server
  • Publish collaborative documents on your own wiki-powered website with Wiki Server
  • Capture, encode, publish, and distribute podcasts with Podcast Producer
  • Find people, shared contacts, groups, locations, and resources; find content on network servers quickly

Q&A

avatar
How does the UNIX file system work?

I'm not too sure what your question is. Any chance of sharing what you want>