Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.
The malware appears to be in its development stages as the code is rather large (more than 500k, including debugging information) and Kaspersky noted that "some of the functions don’t seem to be fully working or they are not fully implemented yet."
Security researcher Georg Wicherski said that the code does not seem to be a variant of a publicly available rootkit, but a result of "contract work of an intermediate programmer with no extensive kernel experience". The malware is also likely to have been customized by the buyer, which introduced critical flaws. Wicherski speculated that, based on his research, the rootkit may have been created by a Russia-based attacker.
The security researcher concluded that the "code quality would be unsatisfying for a serious targeted attack", including a "lack of any obfuscation and proper HTTP response parsing, which ultimately also led to discovery of this rootkit".
I'm thinking Debian (stable).
And then the buyer will keep introducing new flaws to "improve" it.
"What do you mean my rootkits got infected and zombiefied?"
The headline would have you believe that there was a web server virus out there wreaking havoc as we speak, but it apparently only has the potential to infect the tiny percentage of web servers running that particular kernel. I wonder how much Microsoft paid for that headline, I expect the Microsoft PR bots to cite it constantly as "proof" that Linux is also insecure.
Anything can be broken into, IF:
1. It can be accessed by a human.
IS this really a correct headline?
How does this rootkit attack us users in any kind of way?
Isn't it the webservers that are infected?
Or is this something that is spread to users?
Nothing is told in what type of way we as users are being attacked?
What kind of harm does do for us users directly?
A really unclear written article that doesn't build further on the headline at all.
"adds an iframe to all served web pages -> "adds (or tries to add, as I read) malware to all served web pages".
I alsoL1npr0WTF, what a sensationalist headline... Linux is an secure operating system, which is why it has over 90% of the web server market while Windows is tied with BSD with about 5%. Desktop Linux users will only have social engineering attacks to fear if Linux hits 100% of the desktop/laptop market, because if it were possible to own it, there's already more than enough incentive for hackers to attack those hundreds of millions of web servers. Instead, we only get these 'proof of concept' viruses that can't actually do anything.The headline would have you believe that there was a web server virus out there wreaking havoc as we speak, but it apparently only has the potential to infect the tiny percentage of web servers running that particular kernel. I wonder how much Microsoft paid for that headline, I expect the Microsoft PR bots to cite it constantly as "proof" that Linux is also insecure.
I like the idea that despite of desktop market share, the interesting things are in linux servers, which should be percentually more targeted... But anyways, Linux is secure while you keep in mind that (and why) could fail (isn't like the life itself ?)...