David Jacoby Kaspersky Lab
Websites being defaced, servers being turned into nodes in botnets, shell accounts and backdoors being sold on the black market - this is what's happening on the Internet every day. This presentation looks at how the attackers do what they do, and what can be done to prevent ourselves from becoming a target.
Many people perceive that there is no such thing as malware for the Linux/Unix operating system, and that the security of this operating system is very high. What we are experiencing is that, due to this perception, even more websites are being compromised. The problem is that even though the operating system itself may have a lot of security options built in, very vulnerable applications are running on these secure operating systems.
The bad guys are now using automated tools to attack vulnerable applications running on Linux servers and are turning Linux servers into a malware-spreading nightmare, or a proxy for further attacks.
During my presentation I will explain how the bad guys exploit the usage of search engines to passively enumerate vulnerable. I will also talk about the vulnerabilities being exploited, how the bad guys use specially crafted application backdoors to install trojanized software, and what actions we have to take to prevent us from becoming a target.
I will then perform a live, step by step demonstration of some recent attacks to demonstrate the tools in action and also highlight some of the weaknesses in the Linux operating systems that the bad guys take advantage of.
