Early reports seem to point at a rootkit for Linux servers running Apache to server up malware to visiting Windows users.
http://www.linux.com/feature/125548
So far the vector for the rootkit installation is unknown, so keep up the security updates and don't run Windows.

Given the relative small number of affected machines, I would not be suprised if there is a vulnerability in a commonly used web application. But it's always good to be on guard, and to employ migitating techniques like SELinux, W^X/ExecShield, etc.

Given the relative small number of affected machines, I would not be suprised if there is a vulnerability in a commonly used web application. But it's always good to be on guard, and to employ migitating techniques like SELinux, W^X/ExecShield, etc.

Sometimes it come down to the lowest common denominator. Do you think that you are secure? If I do a simple search on 5f4dcc3b5aa765d61d8327deb882cf99, I come up with this (on reverse md5 lookup0:
http://us.md5.crysm.net/find?md5=5f4dcc3b5aa765d61d8327deb882cf99

There are now several GUIs for sniffing out info.
EG: here is a front end for ferret (http://www.erratasec.com/ferret.html):
http://community.corest.com/~hochoa/wifizoo/index.html Another front-end to ferret is called Hamster.

There are also shared resources (collective processing power (http://distributed.net/)) such as distributed.net available for cracking. This was recently used to crack the RSA Lab's 56 and 64-bit RC5 Encryption Challenge.

It sort of reminds me of a bunch of teenage kids that don't have jobs, and are bored. So they start inventing things to do....

But, that is why we have honeypots and tarpits.


I gotta go check my locks. Oops. I almost forgot to bring my shotgun.

My avatar handles such things! :biggrin: