Linux webserver botnet pushes malware

Linux webserver botnet pushes malware
Linux webserver botnet pushes malware 

By Dan Goodin in San Francisco
The Register
12th September 2009

A security researcher has discovered a cluster of infected Linux servers 
that have been corralled into a special ops botnet of sorts and used to 
distribute malware to unwitting people browsing the web.

Each of the infected machines examined so far is a dedicated or virtual 
dedicated server running a legitimate website, Denis Sinegubko, an 
independent researcher based in Magnitogorsk, Russia, told The Register. 
But in addition to running an Apache webserver to dish up benign 
content, they've also been hacked to run a second webserver known as 
nginx, which serves malware.

"What we see here is a long awaited botnet of zombie web servers! A 
group of interconnected infected web servers with [a] common control 
center involved in malware distribution," Sinegubko wrote here. "To make 
things more complex, this botnet of web servers is connected with the 
botnet of infected home computer(s)."

The finding highlights the continuing evolution of bot herders as they 
look for new ways to issue commands to the hundreds of thousands of 
infected zombies under their control. It came the same day anti-virus 
provider Symantec reported Google Groups was being used as a master 
control channel for a recently discovered trojan. Four weeks ago, a 
researcher from Arbor Networks made a similar discovery when he found 
several Twitter profiles being used to run a botnet.


Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew! 

Site design & layout copyright © 1986-2014 CodeGods