Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

  • Thread starter Deleted member 137406
  • Start date


Is there a possibility that this could have been the cause/source of the latest attacks at Linux.org ?
 
o_O:mad:
Does that mean ARM devices running Linux are also susceptible.
What can we do to prevent this.

From the article.

Besides being compiled for ARM, x86, and x64 architectures, the malware is designed to support different Linux distributions, not to mention come with features to siphon sensitive information, install a rootkit, and act as a vector for follow-on activities.

 
Is there a possibility that this could have been the cause/source of the latest attacks at Linux.org ?
Good possibility that it was.
My understanding is cloud base servers are the main targets.
Seems to create havoc on whatever it attacks.
 

 
I see a lot about this online, but little to nothing products
to protect our computers from it, other than microsof 's own
Defender Endpoint.
Did not find any products to help from other sources.
 

From the article.

Besides being compiled for ARM, x86, and x64 architectures, the malware is designed to support different Linux distributions, not to mention come with features to siphon sensitive information, install a rootkit, and act as a vector for follow-on activities.

Yes, read than when I got time to click the link.
 
Best I can suggest is using CloudFlare and sand boxing your browser using Firejail and of course the UFW/GUFW firewall which is what I'm doing.

UblockOrigin and Privacy Badger are the browser extensions I use.

At this exact time I don't believe there is anything available for this in Linux.

This is a good reason why true Linux users prefer Linux to never become mega OS for the user home base.

I have faith in the Linux developers to develop a plan for keeping Linux safe.
 
Best I can suggest is using CloudFlare and sand boxing your browser using Firejail and of course the UFW/GUFW firewall which is what I'm doing.

UblockOrigin and Privacy Badger are the browser extensions I use.

At this exact time I don't believe there is anything available for this in Linux.

This is a good reason why true Linux users prefer Linux to never become mega OS for the user home base.

I have faith in the Linux developers to develop a plan for keeping Linux safe.
Yes, I use CloudFlare, UFW, and ClamAv and a Rootkit scanner,
and where possible Brave browser with TOR.
Must delve deeper and see what else is available. M1 Macbook air
 
"Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets."

This has nothing to do with Linux. It has to do with IoT manufacturers not properly securing SSH. Linux just happens to be the OS running most IoT devices, and MS is throwing shade.
 
Unless you’re the type of user who indiscriminately downloads and runs random things from the internet, it’s not likely to infect ordinary desktop installs of Linux. It’s more likely to infect vulnerable servers and IOT devices.
"Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets."

This has nothing to do with Linux. It has to do with IoT manufacturers not properly securing SSH. Linux just happens to be the OS running most IoT devices, and MS is throwing shade.
And there you have it in a nutshell.
 
"Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets."

This has nothing to do with Linux. It has to do with IoT manufacturers not properly securing SSH. Linux just happens to be the OS running most IoT devices, and MS is throwing shade.
they're throwing shade in a particularly clever way too, aren't you glad you know about this?! Nobody will argue that MS is more secure than linux overall, all devices have vulnerabilities, the important thing to know is either a) how to exploit them b) if a vulnerability matters and why, security professionals tend to HORRIBLE job at shedding light on both of these issues.
 
IoT has it's place in the world. But I have been vocal in my family that I do not IoT in my house, for this exact reason. By and large, IoT devices cannot be managed by the people who own them. Hence, we cannot guarantee they are secure and safe to have on our home networks.

My bro-in-law works for a big tech firm, and his house is full of gadgetry. All of his big appliances (refrigerator, dishwasher, clothes washer and drier), a full suite of cameras, Alexa and home automation to go with. He maintains multiple VLANs to separate his user devices from his IoT devices. It's all good and nifty, but his house would be a wet dream for a hacker if they could get in.

No thanks. I prefer to keep it simple. I don't need my drier to tell me it's done, or my fridge to tell me I'm out of milk.
 
IoT has it's place in the world. But I have been vocal in my family that I do not IoT in my house, for this exact reason. By and large, IoT devices cannot be managed by the people who own them. Hence, we cannot guarantee they are secure and safe to have on our home networks.

My bro-in-law works for a big tech firm, and his house is full of gadgetry. All of his big appliances (refrigerator, dishwasher, clothes washer and drier), a full suite of cameras, Alexa and home automation to go with. He maintains multiple VLANs to separate his user devices from his IoT devices. It's all good and nifty, but his house would be a wet dream for a hacker if they could get in.

No thanks. I prefer to keep it simple. I don't need my drier to tell me it's done, or my fridge to tell me I'm out of milk.
Two times I made the mistake of connecting up to my brothers wifi,
both times I got infected, I had to re install a linux distro and my android phone went into a never ending boot loop, downloading the manufacturers restore software failed to restore the phone, I had to boot the phone, take my chance it would start for long enough to find and press the restore factory settings button, after three hours I managed that, yet the manufacturers own software got caught by the by the boot loop and could do nothing.

It is their router, learned not to go back there.
 
IoT has it's place in the world. But I have been vocal in my family that I do not IoT in my house, for this exact reason. By and large, IoT devices cannot be managed by the people who own them. Hence, we cannot guarantee they are secure and safe to have on our home networks.

My bro-in-law works for a big tech firm, and his house is full of gadgetry. All of his big appliances (refrigerator, dishwasher, clothes washer and drier), a full suite of cameras, Alexa and home automation to go with. He maintains multiple VLANs to separate his user devices from his IoT devices. It's all good and nifty, but his house would be a wet dream for a hacker if they could get in.

No thanks. I prefer to keep it simple. I don't need my drier to tell me it's done, or my fridge to tell me I'm out of milk.
Simplicity/security are pretty related. My laptop worked for 5 years before it broke a couple days ago, and I'm not getting a new one. I've already got two desktops and an android, there's no need.
 
IoT has it's place in the world. But I have been vocal in my family that I do not IoT in my house, for this exact reason. By and large, IoT devices cannot be managed by the people who own them. Hence, we cannot guarantee they are secure and safe to have on our home networks.

My bro-in-law works for a big tech firm, and his house is full of gadgetry. All of his big appliances (refrigerator, dishwasher, clothes washer and drier), a full suite of cameras, Alexa and home automation to go with. He maintains multiple VLANs to separate his user devices from his IoT devices. It's all good and nifty, but his house would be a wet dream for a hacker if they could get in.

No thanks. I prefer to keep it simple. I don't need my drier to tell me it's done, or my fridge to tell me I'm out of milk.
Amen brother! Can we get a hallelujah! ... I was very vocal, too, against IoT years ago when this stuff was starting to gain traction. TBH, I never imagined it would get this popular*. I have a strict policy about IoT devices, too. I'm going to end up the crazy guy who bought a shipping container full of PCs, parts, monitors, accessories, etc. and downloaded over a petabyte of media & entertainment so he could completely disconnect from the world in a bunker with borehole water and tons of solar panels & high-efficiency Lithium batteries, hahaha!

*because...
of how useless and "future dystopia"-ish it seemed on paper. I mean web browser on your fidge? I honestly, I foresaw tablets becoming the staple and merging down into phones -- so I was half right, phones merged up into tablets -- and eventually phones "docking" on your desktop with your peripherals instead of having a PC. I still see the latter as an inevitability, effectively destroying freedom of building your own rigs by through economy. It is fairly obvious that there's an ARM push, considering Apple's and intel's latest lines. By bringing ARM to the desktop seriously, it's gonna drive massive investment, financial and, obviously, R&D from others to compete, which will see a repeat of the x86 race. In fact it kinda started when ARM64 became a thing, though I'd say this was still the pre-qualifier race. Desktop will be the track all the action's happening on. Why do you think ARM GPUs have gotten so much attention? I mean "mobile gaming" (as in real games, not Fruit Ninja) was a market that did not demand the hardware ability, but instead appeared because of the hardware ability.
 
"Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets."

This has nothing to do with Linux. It has to do with IoT manufacturers not properly securing SSH. Linux just happens to be the OS running most IoT devices, and MS is throwing shade.
IoT has it's place in the world. But I have been vocal in my family that I do not IoT in my house, for this exact reason. By and large, IoT devices cannot be managed by the people who own them. Hence, we cannot guarantee they are secure and safe to have on our home networks.

My bro-in-law works for a big tech firm, and his house is full of gadgetry. All of his big appliances (refrigerator, dishwasher, clothes washer and drier), a full suite of cameras, Alexa and home automation to go with. He maintains multiple VLANs to separate his user devices from his IoT devices. It's all good and nifty, but his house would be a wet dream for a hacker if they could get in.

No thanks. I prefer to keep it simple. I don't need my drier to tell me it's done, or my fridge to tell me I'm out of milk.
OH hell no we have zero lot devices in our house and who the hell needs a refrigerator creating my grocery list.

I don't trust anyone's wifi or connect to anyone's wifi.
No one connects any of their devices to our internet service.
We don't sync any devices to another device.
Desktops are all hardwired and only have one laptop the Wife uses.
 

Members online


Latest posts

Top