According to a web article, Akamai (a Content Delivery Network company) discovered a massive Linux botnet. A botnet is basically a bunch of compromised computers that allow attackers to perform various tasks that would otherwise be virtually impossible to accomplish without everyone’s compromised computers.
Basically the botnet comes in the form of a Trojan. This Trojan targets Linux systems (including network routers). Basically once it gets into the system, it then proceeds to download software to connect the computer to the botnet. The botnet is reportedly able to give up to a 150 Gbps DDoS** attack.
As I have said on my blog time and time again, Linux is NOT immune to security problems. No operating system on the planet is immune to security problems. In this case, it is people using weak, insecure passwords on their Linux boxes, but that does not change the fact that there still is a security problem (weak passwords).
If I set my Windows box’s Administrator password to ‘password123’ and enabled remote desktop on my computer and allowed remote desktop through the firewall, I would eventually get hacked. Was that Windows’ fault or Microsoft’s fault? No, of course not! It is my own fault for setting a bad password on my computer.
Many people say “Linux is more secure than Windows”, but if you notice 98-99% of the time, they do not give any technical arguments to backup what they just said. They just say it out loud like if they say it so many times it will just magically become true. That’s crazy.
For example, a part of one of someone’s comment posted online said (direct quote):
“The primary attack vector to take over these systems is default or weak login passwords, and allowing internet-facing remote root. That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”
Notice he said “That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”, but he did not give any technical arguments to backup what he said? I have seen this dozens of times (no kidding!).
What is worse is that people will listen to them assuming they are correct (e.g. Linux is more secure than Windows), and go off and repeat the same misinformation around on the Internet, without even bothering to check if the information they received is in fact accurate.
Web article link: http://www.engadget.com/2015/09/29/linux-botnet-hits-with-150-gbps-ddos/
** Simply put, a DDoS attack is basically an attack that uses up the victim’s available bandwidth. This causes the victim’s computers to not correctly function when communicating with the outside world and internal network.
Posted in Computers, Internet and Servers, Operating Systems, Software