Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Databases Google Open Source Programming The Almighty Buck Linux

Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers (softpedia.com) 62

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.
This discussion has been archived. No new comments can be posted.

Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers

Comments Filter:
  • by Anonymous Coward on Wednesday August 10, 2016 @09:29PM (#52681505)

    clearly the story is a fake there is no virus for linux because linux is OPEN SORES which means its BUGS are shallow and it is FREE FROM MALWARE. Wasn't freedom from malware one of the four freedoms?

  • by Anonymous Coward

    Set a password. Problem solved. There is literally nothing being exploited except total lack of a password to get in.
    Same thing would happen if you put up a Windows server with no password.

    • I don't have any Mod points today, but someone should mod this up. This is not a Linux failure, but a Redis admin failure.

  • by ewhac ( 5844 ) on Wednesday August 10, 2016 @09:47PM (#52681591) Homepage Journal
    The developers are fairly up-front about this: [redis.io]

    Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket. [ emphasis mine ]

    There is an "authentication" feature, but it's amazingly primitive, and the credentials are sent in the clear -- in other words, next to useless. The rest of the page makes it fairly clear: If you are running a Redis server accepting connections from the open Internet, you are an idiot.

    • If you are running a Redis server accepting connections from the open Internet, you are an idiot.

      Good thing we don't have too many of them! No, wait...

    • I think that this "trusted" within "trusted environments" scheme is unfit for todays and future IT integration.

      Because it will not encourage the developer(s) to write code with security in mind(*). Because it will remove this vector from their mindset.

      Secondly as an integrator you would need to built that trusted environment, infrastructure and with a "security neglecting" application another headache.

      Many security breaches manifest themself with a breakin into those "trusted enviroments", and my personal p

    • The result is that there are thousands of Redis servers exposed to malware. Clearly administrators can't always be trusted to do what's right which is why I find Redis' attitude irresponsible.

      by default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user.

      If Redis shipped with sensible defaults, none of this would have happened.

  • Clickbait (Score:5, Insightful)

    by ilsaloving ( 1534307 ) on Wednesday August 10, 2016 @09:48PM (#52681595)

    So in other words, the whole article/summary is flamebait/clickbait. Only an idiot would install a server and not configure an admin password.

    Saying that "Linux has malware!" because morons misconfigure an application running on Linux, is like saying "Windows has malware!" because SQL Server was installed with a blank sa password. I mean, sure, Windows does have malware, but this is just clickbait nonsense.

    • Can you really call it hacking a server when there is no password? Doesn't that make it an open server, kinda like open wifi?
      • Can you really call it hacking a server when there is no password? Doesn't that make it an open server, kinda like open wifi?

        "Hacking" might not be the best description or word to use, but it seems like an unauthorized entry or use of the platform.

        I know it's a bit fuzzy in terms of terminology, but the lack of a password on something doesn't automatically grant carte blanche permission to do whatever you want.

        Not having a lock on my door doesn't mean you have permission to open it and come in.

      • No, it doesn't. Unless the administrator has specifically declared that the open service is open on purpose, you cannot assume that it's there as a free-for-all.

        The vast majority of consumer-facing services, like open wifi, websites, ftp sites, etc, make it easy to forget that those services were left open *on purpose*. For example, the vast majority of (properly set up) wifi access points will present you with a guest access ToS screen.

        Unfortunately not everyone is competent in setting up front-facing serv

    • Saying that "Linux has malware!" because morons misconfigure an application running on Linux, is like saying "Windows has malware!" because SQL Server was installed with a blank sa password. I mean, sure, Windows does have malware, but this is just clickbait nonsense.

      But this makes the Windows lads feel much better about themselves. While it is whacked to say that an open server is a Linux malware, It allows them to say, just like in the summary "Linux has malware too". Nope. It's a badly written bit of kit.

      For all of the multitudes of Windows malware, the idea of pointing a finger at an open server and saying that Linux has Malware too!" is preposterous.

  • This is the year of the Linux desktop! ;-)
  • our faithful "editor" has apparently never heard of the Morris Worm.

  • What the heck is Redis? Okay, I see that it's some sort of database server... but why would anyone use it instead of software people have heard of?

Honesty is for the most part less profitable than dishonesty. -- Plato

Working...