[ubuntu-uk] Phishing and linux
Ammonius.Grammaticus at googlemail.com
Wed Oct 3 09:05:57 BST 2007
>> I'm not sure what to make of comments about phishing sites I came across
>> as follows:
>> "These things are incredibly sophisticated, and when they take over a
>> computer, most [users] don't know it," he said. "With every single
>> phishing site [Washington Mutual has] shutdown, not one person was aware
>> been aware that their machine was compromised and used for phishing.
>> That includes university servers and company servers and personal PCs
>> and all sorts of things."
>> More interesting is that most of the compromised machines were not
>> Windows machines. "The vast majority of [the phishing sites] we saw were
>> on rootkit-ed Linux boxes, which was rather startling. We expected a
>> predominance of Microsoft boxes and that wasn't the case."
>> Any thoughts?
> You missed the next line off your quote:
> "This pleased Microsoft's head of Silicon Valley PR, who served as a
> conference sponsor."
Yes, that does make one suspicious. However, does the fact that M$
would be pleased with the outcome mean that it's not true that 'the vast
majority of [the phishing sites] we saw were on rootkit-ed Linux boxes'?
Assuming they aren't just lying, it could be sampling error - perhaps
their sample contained more Linux boxes than M$ boxes to start with. Or
it could be that there simply are more Linux machines in those parts of
the internet that are more likely to be attacked (more accessible? more
attractive? I don't know enough about rootkits to have any idea why
this might be). Or it could be that Linux boxes are more susceptible to
this kind of attack than we assumed (although, again, I don't know
enough to guess why). There may be other explanations.
I hope we can just assume this is FUD. Does anyone more familiar with
server security have anything consoling thoughts?
More information about the ubuntu-uk