[ubuntu-uk] Phishing and linux

Tony Arnold tony.arnold at manchester.ac.uk
Wed Oct 3 09:41:56 BST 2007


On Wed, 2007-10-03 at 07:22 +0100, Mac wrote:
> I'm not sure what to make of comments about phishing sites I came across 
> here
> http://www.theregister.com/2007/10/03/ebay_paypal_online_banking/
> as follows:
> "These things are incredibly sophisticated, and when they take over a 
> computer, most [users] don't know it," he said. "With every single 
> phishing site [Washington Mutual has] shutdown, not one person was aware 
> been aware that their machine was compromised and used for phishing. 
> That includes university servers and company servers and personal PCs 
> and all sorts of things."
> More interesting is that most of the compromised machines were not 
> Windows machines. "The vast majority of [the phishing sites] we saw were 
> on rootkit-ed Linux boxes, which was rather startling. We expected a 
> predominance of Microsoft boxes and that wasn't the case."

It's not clear to me from the article what was meant by 'machines used
for phishing'.

There are two aspects, the machines used to send out the millions of
e-mail messages for the initial phish and then there is the machine used
to host the fake WEB site.

I would suspect that the first was on M$ desktop systems. We have
certainly seen such compromises at my University in this respect and it
is down to users not installing patches, firewalls etc.

With the second, the result is not surprising. If I was setting up a
fake WEB site I would look for a machine that is already running a WEB
server and has plenty of bandwidth. Such machines are more likely to be

I've seen plenty of Linux boxes get compromised. It's usually because a
user's password has become known to the hacker or it's been a poor WEB
app (phpbb was well known for this). IN both cases, the hacker has to do
some work to break into the machine, but that is probably worth it given
what he/she may get from the phishing site.

I would not conclude from this, though, that M$ is more secure than
Linux! I think the millions of M$ machines that get infected with bots
etc., far out way the number of Linux boxes used to set up phishing

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-uk mailing list