>Install a Linux distro they said
>It's secure they said
http://thehackernews.com/2015/11/linux-ransomware.html
It's over. Linux is kill.
<strawman>
It's over <x> is finished!
Still more secure than Windows and OSX.
>>51262219
literally nobody said linux was immune to malware
>>51262359
except for you, many times
>The ransomware threat is delivered to the target website through known vulnerabilities in website plugins or third-party software.
>known vulnerabilities website plugins or third-party software
>>51262219
>needs root access
>>51262381
>>51262423
this. only a noob will fall for this, nothing to worry about as usual.
>>51262517
windows users :^)
>>51262219 (OP)
you need to get it on your computer and execute it as root.
Who would execute a program they don't know as root ?
>>51262531
Windows users.
>>51262603
I don't think even they would actually. The reason why windows programs can easily "run as root" is that 1- most people disable UAC since it's a pain in the ass 99% of the time and useless 99.999% of the time (unlike root password which is a pain in the ass 10% of the time only), 2- there are shittons of exploits on NT.
>>51262603
It's even lower than that m8, it's probably caused by shit php code written by Indians.
See >>51262381
If someone told you Linux is secure, they're incompetent and retarded. Linux is probably the least secure major OS out there. The only reason we don't see desktop malware for it is because it has 1% desktop market share.
>>51262531
>you need to get it on your computer and execute it as root.
'no'. It'll encrypt the files your user has access to, it doesn't need root access. If it's run as a WordPress plugin it'll run as the apache user, meaning it'll have access to all the server files.
>>51262474
>i-i-i use Common Sense, it doesn't affect me!
Linux users on /g/ are now the same as Windows users on /g/.
>install linux
>its free as in price
>free as in freedom
>cant virus the linus!
>>51262219
Thank you, mr. Rajeesh.
>>51262359
Well you're not wrong, Linux WAS immune to malware...
>>51263113
>what is jail
>what is rbac
>what is mac
>what is CAP
Fuck off, openbsdfag. Just because your backdoor is wide open doesn't mean linux's is.
>>51263113
Usually server software is given its own extremely limited account for exactly this reason. If something happens nuke the account and restore from backups
>>51263113
>It'll encrypt the files your user has access to
Good thing nginx has write(!) access to my home directory.
Oh wait.
>>51262219
You're so fucking retarded.
>>51263235
>I dont know what RBAC is
>>51263317
Then google it.
>>51263331
>I dont know how green text works
how new are you?
>>51262219
I know this will make me sound like a linux shill,
but this proves one more time you should really
do backups.
And no, linux is not finished because of a single bug.
>>51263369
[butthurt intensifies]
>>51263389
It's not even linux-related beside the fact it targets it.
>>51263285
Usually server software is in a chroot jail.
>Once launched with administrator privileges
Oh, wow. It's nothing.
>>51262219
Who gives a heck
It's not like anyone with any importance in life uses GNU/Linux as their main OS
Stop being a god damn autist
>>51263484
>It's not like anyone with any importance in life uses GNU/Linux as their main OS
You retarded? This targets web servers. Anyone worth their salt uses Linux to host websites. This wouldn't wipe out some autist's loli manga collection. It would wipe out whole websites.
It's not very scary since it requires the user to be a moron and run random files as root.
>>51263407
>still doesnt understand greentext
>shitposting intensifies
stay mad newfag
>>51263526
Linux is shit and they deserve everything coming their way for using it
>>51263113
>Linux users on /g/ are now the same as Windows users on /g/.
Linux USERS? No. Linux ADMINISTRATORS.
This does not target desktops. It targets servers. We aren't asking random tech retards to use common sense. We're asking professionals to use common sense.
>>51263536
It's OK, one day you'll be able to understand greentext and to stop shitposting :)
>>51263464
Same with windows buddy.
>>51263526
>I have 0 idea about what I'm talking about
Wintards, everybody!
If your package manager checks signatures and your main distro's repo is not fucked up there is nothing to fear
>>51263057
>[citation needed]
>>51263550
>I use windows server
>>51262219
linux is a kernel, this is not a kernel exploit, therefor it is not a linux vulnerability.
The exploit comes from external programs, 3rd party plugins for your shitty wordpress blog, etc. These 3rd party tools have vulnerabilities, not linux.
I don't know a lot about Linux, can some explain how it's safe if it's source code is just out there for anyone to mess with?
>>51263897
The idea is that more eyes catch more bugs, but the reality is that they're pretty much the same, with some companies being sloppier than other companies.
>>51263389
As far as I can tell it's not even a fucking bug. I can't find much information about it, but it's "running this as root encrypts your files". Holy wow running a program as root gives it access to all your files, who would have guessed? It's like saying linux is insecure cos you can write a script which just rm -rf --no-preserve-root / and persaude a user to run it as root.
>>51264591
Once per week, to start the package manager which updates the system.
>>51264654
/thread
>>51262219
Who said linux was secure? Linux is the most hacked operating system in the world second to windows.
How many websites run linux and are hacked every day?
>>51264763
>apache being hacked means that linux gets hacked
>>51262219
this is the original article:
https://news.drweb.com/show/?i=9686&lng=en
>There have been some cases, when virus makers exploited the CMS Magento vulnerability to launch attacks on web servers. Doctor Web security researchers presume that at least tens of users have already fallen victim to this Trojan.
>tens of users
>>51264868
Fuck you NIGGER
>open article
>Since past few years,
>close tab, poor writing unacceptable
>>51264958
Terry go home
>>51265909
FUCK OFF MIT nigger
>>51264905
>Without this key, you will never be able to get your original files back.
Unless I have a backup of my original files, that is. Don't see this issue of stuff like this.
>>51262219
Linux has NEVER been immune to malware. The fact that normies think ANY os is immune to malware deserves it.
Cmon
http://thehackernews.com/2015/10/fbi-ransomware-malware.html
Fucking lol
>>51266040
Wouldn't surprise me if some of them are created by the FBI in order to generate revenue.
>>51262219
dr web is the original source, they speak of "tens of affected users" and they sell snakeoil anti virus software. I'm not sure why you'd take that as a serious source.
>>51262219
Stay on windows retard
>>51263057
> Linux
> OS
Well this guy knows what he's talking about
>>51263302
Why is your web server writing to your home directory? Something sounds seriously misconfigured here.
>>51266115
That would surprise me, in all honesty.
>>51264905
>tens of users
Likely all posting on the Ubuntu forums where the most common fix to a problem is to put sudo in front of the command. The malware author is going after some low hanging fruit here.
>>51266308
OBVIOUS JOKE
.
.
.
.
YOUR HEAD
>>51266410
I feel better missing a joke then. I was trying to figure out how one could fuck up a nginx install that bad but still mange to install Linux.
Hey, if this results in one less wintard venturing off the Microsoft plantation, and fucking up a dead simple Mint install, or trying Archtoo for their first & last distro, then mission accomplished.
"Yes, Linux is finished! Run for your liiiiiiiives!!!"
>>51263057
>1% market share
>1%
>(Still tryining the best to not represent the actual market share which is over 50%)
>still he said its more secure than windows
topkek
>>51266547
>50 %
Are you out of your mind linkek
>>51266448
The joke is he was being sarcastic. He even did the "Oh wait" thing, as in "Oh wait, it doesn't".
>>51266563
Stop making new memes anon
Everyone here knows that Linux runs has majority in everything except Desktops
>inb4 but desktops are more relevant
No one cares about your video game machine.Professional hackers better save their time writing viruses for servers and mainframes.
>>51262219
>The ransomware threat is delivered to the target website through known vulnerabilities in website plugins or third-party software.
oooooh so you can get hacked if you don't keep your system updated, this is big news !
>nothing to see here move along
>>51263426
>it targets linux
>s-s-so it's linux related right?
holy mental gymnastics batman
by that logic no windows malware is windows related
Also
>lel it requires root
https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/
it's pretty scary how retarded the average linux user is
am i banned?
>>51262219
Meh, all you need to have is your common sense antivirus running.
Here you can check if it is: https://thejh.net/misc/website-terminal-copy-paste
>>51268868
>https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/
I'll quote Linus Tovalds for this one :
>YOU are full of bullshit
When you want to prove something related to the Linux world, specifically about viruses, do not post a link, or any article where the source is someone that have something to sells you.
I don't say they are right or wrong. Just that quoting someone that sells antivirus is a terrible idea when it comes to viruses.
"It's secure" doesn't mean there's no malware. It means there is less malware, and what exists is easier to avoid.
On Linux, you use a package manager. You should NEVER run an executable off the Internet if you don't know what you're doing. That alone solves 99% of the malware problems you'd get on Windows, where running executables downloaded off the Internet as root is how you install software.
>>51268868
>https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/
>nakedsecurity.sophos.com
>sophos
K.
>Everyone says not to run nginx as root
>Run nginx as root because racecar
>Get ransomware
>Linux is the problem
>>51262219
and you have to go full rootard to get infected with it
>>51262219
>Targeting [gnu/]linux servers
>Not using bsd as a server os and linux as a desktop os
>the ransomware in question needs root privileges to work.
How do people even get infected with it?
>>51272731
because people are idiots who run mail servers as root instead of separate privsep/privdrop users
because people are idiots who use dynamic web engines when static site generation would suffice
because people are idiots who run untrusted binaries as root
because people are idiots who don't keep backups
>>51271516
yeah, you probably know heaps more about malware, reverse engineering, and security theory in general than any of those hack professionals
>>51263624
stupid tech writers. when will they learn?
>>51273242
>https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/
oh wait, that article actually did suck.
i was referring to the people who actually research, patch, and do the RE required to make the AV work
>>51262219
>requires root
>>51264591
sudo iceweasel
>>51266308
On OS X homebrew all software runs with user permissions :^)
>>51262380
>>51263174
>>51264591
>How many times a day do you run sudo anon? It's much easier than you think.
The question should be: How many times a day do you give execution permissions and run with sudo a random file that you downloaded from an untrusted site on the internet?
>>51262219
Hmmmm
>>51263572
But most Windows users run everything as admin. In linux, you have to be really retarded to run everything as root, and even more if it's a server.
>>51268868
>holy mental gymnastics batman
>by that logic no windows malware is windows related
Not him but is pretty clear that when you run a program that program will have the same permissions as the user that ran it, running a program as root will allow that program the chance to read and write practically any file in your system, this includes encrypting it.
What that guy refers to is that the program is not making use of a vulnerability in the system or the linux kernel, at best it uses vulnerabilities in third party programs, but then it'll have the same permissions as that program.
>it's pretty scary how retarded the average linux user is
it's pretty scary how the average windows user throws ad hominems without researching and ridiculing themselves in the process
