DDoS attacks rally Linux servers

A significant string of distributed denial-of-service (DDoS) campaigns during the second quarter of 2014 were driven by Linux web servers that were compromised and infected by IptabLes and IptabLex malware, according to a threat advisory from Akamai’s Prolexic Security Engineering & Research Team (PLXsert).

“The .IptabLex/s threat is extensive,” Greg Lindor, lead malware analyst for the Akamai PLXsert team, told SCMagazine.com in Thursday email correspondence. “This threat is being used to take part in DDoS campaigns with significant size and reach.”

Researchers at PLXsert observed and measured the attacks, which exploited a number of vulnerabilities, including Apache Struts, Tomcat and Elasticsearch, on unmaintained servers. Stuart Scholly, senior vice president and general manager of Security Business Unit at Akamai, in a press release, urged Linux admins “to take action to protect their servers.”

See also  Linux Foundation Welcomes Members From Android, Embedded and Cloud Communities

Linux is not usually targeted in large scale DDoS attacks, Lindor noted. These types of actors typically seek “the route of least resistance…when building a botnet of significant size.”

Payloads called .IptabLes or IptabLex are located in the /boot directory and when rebooted run an .IptabLes binary. The infected system contacts a remote host via self-updating feature to download a file.

“As far as DDoS payloads, the .IptabLes threat is very similar to other DDoS related bot threats,” Lindor said. “What is new is the way this threat it being propagated and the targeted victims.”

See also  Linux geezers need fresh meat

Researchers said that in the lab, the infected server tried to contact two IP addresses in Asia. While the bulk of past DDoS bot infections have come out of Russia, more recently many have been found to originate from servers hosted in the U.S. But the command-and-control centers (C2, CC) for the two payloads are located in Asia.

Researchers at PLXsert believe that the DDoS botnet will expand and cause further infestation.

Troubling to researchers is the targeting of Linux servers. Linux is not usually targeted in large scale DDoS attacks. These types of actors typically seek “the route of least resistance…when building a botnet of significant size,” Lindor said.

See also  Red Hat ships Enterprise Linux 6.4, opens up Hadoop plug in for big data

Noting that “Linux is usually considered the Operating System of choice to build systems running many of our web related services,” Lindor said that “the focus on targeting Linux systems to perform large scale DDoS attacks is relatively new and uncharted territory for these types of actors.” After unrestricted access is gained “by any means the whole system is considered compromised,” he said. Simply hardening operating systems, then, “is no longer sufficient,” but rather “correctly configuring the services being [run] on these platforms is the first line of defense against threats like .IptabLes/x.”

Click here for full Story

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *