nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Bronze badge

an answers

You'll be lucky.... But full marks for at least trying

0
0
Anonymous Coward

Linux botnet?

I'm always being told how bulletproof Linux is and how "only Windoze lusers" have security problems.

I am confuse.

1
2

Re: Linux botnet?

Linux *can* be made very secure, and most mainline desktop distros do a decent job of that.

Now, when you talk about stripped down versions made to fit in dirt-cheap hardware, that leave out various things to save money (space), and add various debug hooks, to save programmer time...we have a different situation.

If you think of linux as just the kernel...well, the kernel, assuming (wrongly) that they're using a newer one, is fairly decent. If you're talking about the entire environment (which some would call GNU/Linux) it' a matter of implementation and setup. These manufacturers are trying to make it easy for themselves, and sometimes, the user, by skipping all that bothersome real security.

For whatever reason, the various debug hooks are often left in the product, whether it be they are just forgotten, laziness, the idea that the manuf could support the product better (yes, I'm laughing too), and most of the things we see as issues are due to those. Maybe the developer found them hard to configure in the first place and left them in for later...again, to save time/money in the short term (which is all most of them consider - because that's all they are paid for).

Any operating system that allows developers to write applications can be brought to its knees this way, if the app or configuration can say "let someone in to do things". Good security is hard, and the average developer hasn't a clue how to balance that with ease of use - or even have it at all.

Windows is unlikely to be used (or other opsys) as being closed source and full fat, it's hard to make anything small work with them at all, not to mention the other costs. So if you can find a windows IoT thing, it's probably safe!

11
1
Silver badge

Re: Linux botnet?

Its simple really, if you take any OS and put in hard-coded passwords, or have badly configured web servers running with administrator rights, you have a cluster-fsk coming.

As for Winnows vs. Linux on the desktop it is, as usual, a complex question. If one is configured and used by a competent person and the other by a total muppet, you can guess what the outcome is without knowing which OS is which.

If compared on equal terms the two kernels have roughly the same number of serious flaws at any point in time, but Windows "enjoys" a much richer ecosystem of malware to exploit it and sadly many of the past MS decisions to make it easier to use (e.g. hiding file extensions, making execution rights part of the file name, etc) only serve to make matters worse for the average user.

10
0
Silver badge

Re: Linux botnet?

It's not actually a Linux bug. It's a simple rookie scripting error.

7
1
Silver badge
Meh

Re: It's not actually a Linux bug. It's a simple rookie scripting error.

Isn't it strange how this sort of comment gets upvoted when Linux is the host. I wonder if a simple scripting error on Windows would be commented on so favourably....

0
1
Anonymous Coward

Meh...

It looks like an advert for Unit 42. If you go to their "report", there's no actionable info there. They claim 70 vendors DVR's have this vulnerability, but they don't name them nor the models affected. So basically, it's just saying "There's a bogey man someplace, but we don't know or won't tell you where."

4
0
Silver badge

Re: Meh...

The blog post link in the second paragraph contains a list of the affected vendors.

http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html

2
0
Anonymous Coward

Re: Meh...

"If you go to their report, there's no actionable info there"...

You mean other than:

a list of IoCs,

a link to the blog that lists all the affected vendors,

links to the related Shodan and Censys searches,

a detailed breakdown of the C2 communications...

http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/#ioc

http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html

https://www.shodan.io/search?query=%22Cross+Web+Server%22

https://censys.io/ipv4?q=%22Cross+Web+Server%22

0
0
Silver badge

Meanwhile someone seems to have taken an alternative approach to insecure devices: https://www.bleepingcomputer.com/news/security/new-malware-intentionally-bricks-iot-devices/

2
0
Silver badge

...more fun and games, which we don't need.

0
0
Anonymous Coward

regulation required?

IoT/Linux botnet "Tsunami" that exploits a year-old but as yet unresolved vulnerability"

The true vulnerability is the failure to update discovered vulnerabilities in devices. Maybe it will take regulation (think the way the financial system is regulated).

0
0
Anonymous Coward

https://github.com/freddiebarrsmith/CCTV-Remote-Code-Execution-Metasploit-Module

I developed a metasploit module for this exploit

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing