The Lagoon TechMy little blog in Cyberspace.

According to a web article, Akamai (a Content Delivery Network company) discovered a massive Linux botnet. A botnet is basically a bunch of compromised computers that allow attackers to perform various tasks that would otherwise be virtually impossible to accomplish without everyone’s compromised computers.

Basically, the botnet comes in the form of a Trojan. This Trojan targets Linux systems (including network routers). Once it gets into the system, it proceeds to download software to connect the computer to the botnet. The botnet is reportedly able to give up to a 150 Gbps DDoS** attack.

As I have said on my blog repeatedly, Linux is not immune to security problems. No operating system on the planet is immune to security problems. In this case, it is people using weak, insecure passwords on their Linux boxes.

If I set my Windows box’s Administrator password to ‘password123’ or ‘qwerty’, enabled remote desktop on my computer, and allow remote desktop through the firewall, I would eventually get hacked. Was that Windows’ fault or Microsoft’s fault? No, of course not. It would be my fault for setting a bad password on my computer.

Many people say “Linux is more secure than Windows”, but if you notice – most of the time – they do not give any technical arguments to backup what they said.

For example, a part of one of someone’s comment posted online said (direct quote):
“The primary attack vector to take over these systems is default or weak login passwords, and allowing internet-facing remote root. That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”

Notice he said “That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”, but he did not give any technical arguments to backup what he said. How is Windows “insecure”? How is Linux I have seen this dozens of times (no kidding).

What is worse is people will listen to them, assuming they are correct (e.g., Linux is more secure than Windows), and go off and repeat the same misinformation around on the Internet without even bothering to check if the information they received is in fact accurate.

Web article link: https://www.engadget.com/2015/09/29/linux-botnet-hits-with-150-gbps-ddos/

** Simply put, a DDoS attack is basically an attack that uses up the victim’s available bandwidth. This causes the victim’s computers to not correctly function when communicating with the outside world and internal network.