Botnet of Linux Servers with Dynamic IP Discovered
A Russian Web developer has found a network of a couple of hundred Linux servers that could distribute malware to Windows systems.
Linux being the server system of choice hasn't exactly escaped malware hackers. According to a current blog entry> from Russian developer Denis Sinegubko, a network of (meanwhile just under a hundred) infected Apache servers manage Windows systems through the dynamic DNS providers dyndns.org and no-ip.com and can thereby provide the malicious code.
The compromised Linux servers include dedicated or virtualized Apache webservers. The malware apparently landed on the target clients not because of an Apache vulnerability but due to weak or intercepted passwords or a security hole in the management software used. The attackers therefore installed next to Apache the small Nginx webserver that distributed the malware to the Windows clients. Site admins wouldn't normally notice the break-in because the Apache service wouldn't be affected.
The exact purpose of and, above all, the gateway used for the attacks are still not fully known. Shortly after Sinegubko's blog, the dyndns.com site took more than 100 systems off the net, and no-ip.com blocked about 100 domains after he contacted them. Unfortunately a cat-and-mouse game can ensue because dynamic hostnames can easily be registered.
Comments
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome’s Dash to Panel Extension Gets a Massive Update
If you're a fan of the Gnome Dash to Panel extension, you'll be thrilled to hear that a new version has been released with a dock mode.
-
Blender App Makes it to the Big Screen
The animated film "Flow" won the Oscar for Best Animated Feature at the 97th Academy Awards held on March 2, 2025 and Blender was a part of it.
-
Linux Mint Retools the Cinnamon App Launcher
The developers of Linux Mint are working on an improved Cinnamon App Launcher with a better, more accessible UI.
-
New Linux Tool for Security Issues
Seal Security is launching a new solution to automate fixing Linux vulnerabilities.
-
Ubuntu 25.04 Coming Soon
Ubuntu 25.04 (Plucky Puffin) has been given an April release date with many notable updates.
-
Gnome Developers Consider Dropping RPM Support
In a move that might shock a lot of users, the Gnome development team has proposed the idea of going straight up Flatpak.
-
openSUSE Tumbleweed Ditches AppArmor for SELinux
If you're an openSUSE Tumbleweed user, you can expect a major change to the distribution.
-
Plasma 6.3 Now Available
Plasma desktop v6.3 has a couple of pretty nifty tricks up its sleeve.
-
LibreOffice 25.2 Has Arrived
If you've been hoping for a release that offers more UI customizations, you're in for a treat.
-
TuxCare Has a Big AlmaLinux 9 Announcement in Store
TuxCare announced it has successfully completed a Security Technical Implementation Guide for AlmaLinux OS 9.
Linux botnet
maybe not apache
I think Apache is also running on windows, so linux to be use?
Linux-Botnet
Linux