[ubuntu-uk] Phishing and linux

[Alan Pope]

Hi,

On Wed, 2007-10-03 at 09:05 +0100, Mac wrote:
> I hope we can just assume this is FUD.  Does anyone more familiar with 
> server security have anything consoling thoughts?
> 

AIUI most compromised Windows boxes are due to user error, people not
installing patches or firewalls on their windows desktops and laptops.

AIUI most compromised Linux boxes are due to user error, people not
installing patches for server apps and scripted applications on their
Linux servers.

Do we see a pattern here?

"At one point, he said, the bank spent a month as the largest phishing
target in the country, and in fighting this ongoing problem, it has
shutdown countless phishing sites surreptitiously installed on countless
machines across the net."

Phishing sites are AIUI most often installed on compromised server class
machines. The bit that does the real damage is the bot that spits out a
zillion spam mails containing the link to the server, through
potentially compromised servers, but also predominantly through
desktops.

If their specification during this witch-hunt was to look at the server
space for compromised machines then _of_ _course_ they will find Linux
boxen - as we know Linux is popular in the web/mail server space. These
were possibly running dodgy old copies of apps like drupal and phpbb
with naffed up xmlrpc implementations. 

Lets see the same test done against desktops and laptops shall we?

Cheers,
Al.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20071003/ca27e44e/attachment.pgp