Ransomware reaches Linux

[SpaceNugget]

But it also means it's just as susceptible as any other OS and its lack of market share is the only thing protecting it.

No it doesn't. 

[SpaceNugget]

When you execute a sketchy program as administrator, then it stops being a virus. It is pure stupidity.

/thread

It executes itself, whether or not it can get root access depends on how the server was set up.

[Godlygamer23]

No it doesn't.

It's an OS - all OSes can be infected with malware and by nature, it is flawed software with unknown security holes. If malware writers wanted to, they could create malware for it, but they don't because of market share. People said Mac OS X wasn't susceptible - it is and it has been proven multiple times, and with its market share growing, it's only going to become worse.

[FakezZ]

And yes it managed to infect many systems.

Also, it is not a  virus, it is a malware.

 

It exploited Magento CMS vulnerability, which allowed the malware to not only inject itself, but be ran by Magento CMS as administrator on the system. That is how it gain admin access.

So it is a vulnerability in Magento CMS, not Linux in general, right? Isn't the title misleading then?

I used the term virus out of habit, damn I hate how it is stuck to my head. I know the right term is malware

[FakezZ]

It executes itself, whether or not it can get root access depends on how the server was set up.

Exactly. So it is going to be the admin's fault, not a software vulnerability. But it seems that it is indeed a software vulnerability in the Magento CMS, as GoodBytes said.

[GoodBytes]

So it is a vulnerability in Magento CMS, not Linux in general, right? Isn't the title misleading then?

I used the term virus out of habit, damn I hate how it is stuck to my head. I know the right term is malware

Nope. Because it Magento CMS reaches Linux, and therefore infected a Linux based OS system.

Linux based OSs should have a line of defense against stuff like that as well. Of course, it not easy, Windows has this issue, no one said it would be. But it is the responsibility of the OS, in these day of age to provide security. In fact, OSs do. A lot of security measure are implemented. And I mean a LOT. It should have more, and it will have more, and it has been the case for many many many years now.

[AlTech]

 THIS IS WHY WE USE WINDOWS!  LOL RIP Linux. 

[FakezZ]

Nope. Because it Magento CMS reaches Linux, and therefore infected a Linux based OS system.

Linux based OSs should have a line of defense against stuff like that as well. Of course, it not easy, Windows has this issue, no one said it would be. But it is the responsibility of the OS, in these day of age to provide security. In fact, OSs do. A lot of security measure are implemented. And I mean a LOT. It should have more, and it will have more, and it has been the case for many many many years now.

Yeah true, but the vulnerability might be due to some of the extra stuff they added and not inherent to Linux. It would be surprising for it to have such a huge hole, so that a program can execute itself as admin, without it fixed in like a matter of hours.

[SpaceNugget]

It's an OS - all OSes can be infected with malware and by nature, it is flawed software with unknown security holes. If malware writers wanted to, they could create malware for it, but they don't because of market share. People said Mac OS X wasn't susceptible - it is and it has been proven multiple times, and with its market share growing, it's only going to become worse.

That doesn't make it equal. 

[Burusutazu]

Most of Linux's vulnerabilities come from software like flash player or java. This is different though, so I assume it will take high priority of being patched in the next Linux kernel.

[patrick3027]

Since when is it a thing to post every malware that's discovered as news?

 

I could make multiple posts about new viruses that only affect Windows PCs (I could start with this: http://www.itv.com/news/2015-10-14/dridex-virus-ten-things-you-need-to-know/) but I really don't see the point of that.

 

Everybody knowns that Linux systems get viruses too (https://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses) and I never saw a Linux user claiming it's immune. Heck, new Android vulnerabilities are discoverd every week.

 

Linux is still infinitely more secure than Windows PCs (here's why: http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html), deal with it.

Nope. Because it Magento CMS reaches Linux, and therefore infected a Linux based OS system.

So every Android vulnerabiliy is a Linux vulnerabity now?

[iamdarkyoshi]

As JGCertified said "Security through obscurity" 

 

Nobody is going to attack stupidly old obscure computers....

[Stadin6]

Most malware on Linux, OSX and Windows arent exploiting the OS, they are exploiting the human using it.

[Fetzie]

Since when is it a thing to post every malware that's discovered as news?

 

I could make multiple posts about new viruses that only affect Windows PCs (I could start with this: http://www.itv.com/news/2015-10-14/dridex-virus-ten-things-you-need-to-know/) but I really don't see the point of that.

 

Everybody knowns that Linux systems get viruses too (https://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses) and I never saw a Linux user claiming it's immune. Heck, new Android vulnerabilities are discoverd every week.

 

Linux is still infinitely more secure than Windows PCs (here's why: http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html), deal with it.

So every Android vulnerabiliy is a Linux vulnerabity now?

Although I'd question whether it is the linux running underneath Android, or the JRE that apps run in that is more to blame for the Android viruses

[Embattled]

*Downloads Temple OS*

[Decon]

FreeBSD everyone!

 

 

 

 

 

/jk

[Decon]

welp

there goes the excuse of linux being safer than windows

It's not that Linux can't get viruses and is therefore "safer than windows", it's that the community is so active and talented that bugs get patched almost immediately.  Bash bugs last year affected linux and BSD devices, but within hours there was a script to patch the issue.  An OS isn't safe because it can't get viruses, because all OS's will have some defect at some point, but more because of how fast those viruses/issues get patched.

[Albatross]

No!

 

Randsomware scares the hell out of me. I thought I would be safe from it on Linux, at least for a few years.

 

 

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

 

Linux elitists don't say that, Linux idiots/hipsters say it...

 

welp

there goes the excuse of linux being safer than windows

 

It is still safer than windows, so....

[PlayStation 2]

No!

 

Randsomware scares the hell out of me. I thought I would be safe from it on Linux, at least for a few years.

 

 

 

Linux elitists don't say that, Linux idiots/hipsters say it.

 

 

It is still safer than windows, so....

If you're not an idiot, Windows is safe. Not bashing on Linux, just saying that common sense goes a long way/

[RagnarokDel]

But Linux is secure!

[Albatross]

If you're not an idiot, Windows is safe. Not bashing on Linux, just saying that common sense goes a long way/

 

Well of course if you are careful, you are safer on Windows (and most people are idiots sadly). The difference is Linux is still way safer than Windows and you don't have to jump through as many loops or have as many worries as you do on Windows.

[PlayStation 2]

Well of course if you are careful, you are safer on Windows (and most people are idiots sadly). The difference is Linux is still way safer than Windows and you don't have to jump through as many loops or have as many worries as you do on Windows.

I run unprotected on Windows 8.1 so eh

You do have a valid point though. I've seen so many virus infested laptops.

[Albatross]

I run unprotected on Windows 8.1 so eh

You do have a valid point though. I've seen so many virus infested laptops.

 

You know what to avoid etc etc. Most people don't, unfortunately.

[dfsdfgfkjsefoiqzemnd]

But it also means it's just as susceptible as any other OS and its lack of market share is the only thing protecting it.

You have to look beyond the market share on the desktop.

While Linux may have never been an interesting target when it comes to home users, it absolutely dominates the server realm. This makes it a huge target for malware coders too. It has been under attack for a long time, it's just really rare when an attack somewhat succeeds. And if it does, you don't need to wait for Patch Tuesday to get a solution (nor pray that it doesn't mess up something else)

When writing malware for Windows or exploiting vulnerabilities in a Windows application, you're working with closed-source stuff, meaning that it needs to be solved by a group of programmers from the company that made the software.

When writing malware for an open source OS or open source applications (Magento makes an open source e-commerce platform), you're also up against a small army of neckbeards and white hats who are chomping at the bit to attack anything that threatens the OS they love.

[iamdarkyoshi]

If you're not an idiot, Windows is safe. Not bashing on Linux, just saying that common sense goes a long way/

This^^^^

I have been running PCs without antivirus for a couple years now. I install them and scan every once in a while, but nothing has ever come up. Probably not the best practice, but still. Even my grandmother has been virus free for a year with the same tactics.