Jim Geovedi <negative@australia.edu>
Some malicious worm has spread on the Internet and infect the server-Linux server running the vulnerable software.
1. Worms, viruses autopilot
Worm is a type of computer virus that is able to reproduce itself without need to be given command, by using perforated security system, worm can enter, infect, and then duplicate themselves for an attack on the host / other systems that also have system weaknesses.
Linux Worm is a worm variant that attacks on Linux systems, from most Linux worm that has spread there and there are of them, Ramen, Lion, and Adore, have a different danger,considering the purpose of the worm is for the purposes of specific, such as: taking the data user (password), change page
index.html (defacement).
2. Linux deployment Worm
As mentioned above, Linux Worm reproduce it self and then attack again to the host or other system
which has the same vulnerability.
Here are some methods that made Linux Worm for reproduce itself, and then to attack again to another host:
o Using the exploit to get into a system
Exploit is an exploit that is used is usually known, and can be found easily. Linux worm harness there is a vulnerability in a system, and then exploit that.
o Creating a backdoor, secure system of exploitation of other parties
In the Linux source code is usually supplied Worm rootkit tools, which there are various tools that can be used to create a backdoor, replacing the binary file specified to cover existence.
o Perform patching the vulnerability
Linux worm also will perform patching on vulnerability made managed to make it in, and also some other vulnerability already known. This is to avoid infiltration system have learned from another cracker or worm.
o Perform attacks on other hosts
After successfully mastering Linux Worm full system, it will do vulnerability scanning on another network at random, and do attack on the system that has the same vulnerability. Some Linux already has a list of the latest worm vulnerability, and also to exploit the vulnerability.
o Replace binary files on the system with a modified version
In a move to secure himself, Linux Worm will replace a binary file with a version that has been modified with purpose of the administrator or user in the system is not aware of its existence.
o Removing trace logging on and off the system
Linux worm will delete the log file and turn off the logging process under way, and usually it will replace the Linux Worm binary file that is used to run the logging process with a new file that has been modified.
o Adding partial activation process itself in the startup script file.
Linux worm also adds itself to startup activation process script is loaded when the system is restarted.
3. Early Detection
After installing Linux Worm rootkit tool to cover up the existence of her within a system. The odds of knowing where Linux worm, but that does not mean we can not figure it out at all, The following are some ways that can be used:
o Sensor IDS
If the IDS sensor configured properly, we can know the signature of several events have occurred that indicate anomalous intrusion on our network.
o Log file
We can know the existence of a Worm Linux log files, although it may be Linux worm has replaced logging program, but we can figure it out by using an additional program `` kind'' chkrootkit.
o System Load unnatural
Linux worm requires a fairly high resource when processing multiplication of ourselves, and to attack other hosts.
4. Sources of Information
Here are the resources that allow us to find information
Worm on Linux:
o Bugtraq Mailing List / Dev SecurityFocus Vuln
o SANS Mailing List
o Packetstormsecurity
5. Conclusion
Technology and methods of writing code Linux Worm is still very limited,Linux systems have given the user-level system where the current most daemons are no longer run by the root user. Linux Worm The current system can only utilize the existing vulnerability publicly known, and randomly scanning and assault only on the host that has a certain vulnerability that has been be the target.
Beside of limitations Worm Linux is, it does not mean then we can be safe and get away with it, we still have always alert to every possibility that will happen.
6. Reference
Some malicious worm has spread on the Internet and infect the server-Linux server running the vulnerable software.
1. Worms, viruses autopilot
Worm is a type of computer virus that is able to reproduce itself without need to be given command, by using perforated security system, worm can enter, infect, and then duplicate themselves for an attack on the host / other systems that also have system weaknesses.
Linux Worm is a worm variant that attacks on Linux systems, from most Linux worm that has spread there and there are of them, Ramen, Lion, and Adore, have a different danger,considering the purpose of the worm is for the purposes of specific, such as: taking the data user (password), change page
index.html (defacement).
2. Linux deployment Worm
As mentioned above, Linux Worm reproduce it self and then attack again to the host or other system
which has the same vulnerability.
Here are some methods that made Linux Worm for reproduce itself, and then to attack again to another host:
o Using the exploit to get into a system
Exploit is an exploit that is used is usually known, and can be found easily. Linux worm harness there is a vulnerability in a system, and then exploit that.
o Creating a backdoor, secure system of exploitation of other parties
In the Linux source code is usually supplied Worm rootkit tools, which there are various tools that can be used to create a backdoor, replacing the binary file specified to cover existence.
o Perform patching the vulnerability
Linux worm also will perform patching on vulnerability made managed to make it in, and also some other vulnerability already known. This is to avoid infiltration system have learned from another cracker or worm.
o Perform attacks on other hosts
After successfully mastering Linux Worm full system, it will do vulnerability scanning on another network at random, and do attack on the system that has the same vulnerability. Some Linux already has a list of the latest worm vulnerability, and also to exploit the vulnerability.
o Replace binary files on the system with a modified version
In a move to secure himself, Linux Worm will replace a binary file with a version that has been modified with purpose of the administrator or user in the system is not aware of its existence.
o Removing trace logging on and off the system
Linux worm will delete the log file and turn off the logging process under way, and usually it will replace the Linux Worm binary file that is used to run the logging process with a new file that has been modified.
o Adding partial activation process itself in the startup script file.
Linux worm also adds itself to startup activation process script is loaded when the system is restarted.
3. Early Detection
After installing Linux Worm rootkit tool to cover up the existence of her within a system. The odds of knowing where Linux worm, but that does not mean we can not figure it out at all, The following are some ways that can be used:
o Sensor IDS
If the IDS sensor configured properly, we can know the signature of several events have occurred that indicate anomalous intrusion on our network.
o Log file
We can know the existence of a Worm Linux log files, although it may be Linux worm has replaced logging program, but we can figure it out by using an additional program `` kind'' chkrootkit.
o System Load unnatural
Linux worm requires a fairly high resource when processing multiplication of ourselves, and to attack other hosts.
4. Sources of Information
Here are the resources that allow us to find information
Worm on Linux:
o Bugtraq Mailing List / Dev SecurityFocus Vuln
o SANS Mailing List
o Packetstormsecurity
5. Conclusion
Technology and methods of writing code Linux Worm is still very limited,Linux systems have given the user-level system where the current most daemons are no longer run by the root user. Linux Worm The current system can only utilize the existing vulnerability publicly known, and randomly scanning and assault only on the host that has a certain vulnerability that has been be the target.
Beside of limitations Worm Linux is, it does not mean then we can be safe and get away with it, we still have always alert to every possibility that will happen.
6. Reference
.jpg)
0 comments:
Post a Comment