RANSOMWARE - Is now a Linux phenomenon too.

For discussions about security.
Post Reply
Message
Author
rokytnji
Posts: 2262
Joined: Tue 20 Jan 2009, 15:54

#21 Post by rokytnji »

greengeek wrote:They don't say how the remote attackers achieve root status. It would be interesting to know how that step is done.
More info bro.

https://news.drweb.com/show/?i=9686&lng=en

http://arstechnica.com/security/2015/11 ... nux-system

http://news.softpedia.com/news/ransomwa ... 5836.shtml

I am gonna be on a Christmas trip shortly so no more posts from me after this one.
Top
Scooby
Posts: 599
Joined: Sat 03 Mar 2012, 09:04

#22 Post by Scooby »

Actually your question is quite good when I thought it over again.

If webserver is not executed as root how is the privilege
escalation done.

It is clear they have full acces to privilegies of the user
that the webserver is executed as.

From reading the articles I am not sure they know

*EDIT*
https://krebsonsecurity.com/2015/11/ran ... web-sites/

[quote]
“It’s worth noting that the malware requires the compromised user account
on the Linux system to be an administrator; operating Web servers and
Web services as administrator is generally considered poor security form,
and threats like this one just reinforce why.
Top
Post Reply

Return to “Security”