First ever Linux botnet?
Mar 24, 2009 — by Eric Brown — from the LinuxDevices Archive — 1 viewsThe first botnet designed for broadband equipment and routers may also be the first involving Linux, says our sister publication, eWEEK. Before being stamped out, a malicious “Psyb0t” worm found a home in approximately 100,000 such devices running Linux “Mipsel” (Debian for MIPS processors), says an article by Larry Seltzer.
Psyb0t appears to have exploited the devices' weak or nonexistent authentication, and then harvested usernames and passwords through deep packet inspection. The Mipsel equipment is mostly found outside the U.S., in India, Russia, the Middle East, and Latin America, says the story.
The basic mechanisms of Psyb0t, which was uncovered and apparently undermined by DNS blacklist service, DroneBL, are similar to the malicious botnets that plague Windows PCs, says the story. Botnets are collections of software agents called bots that entrench themselves on systems autonomously and automatically, and then collaborate behind the scenes using encrypted communications. Their aim is often to compromise systems, harvest personal information, or siphon off computer resources, but the technology has also been used for non-malicious distributed computing applications.
More “Linbots” on the way?
Despite Linux's stellar reputation for security, embedded Linux is actually “a great platform for these little embedded devices,” claims eWEEK's Larry Seltzer. Linux is “small enough that it can fit in economical hardware, portable enough that you can put it on almost any processor and platform, and it's got great networking tools,” writes Seltzer. “It's easy to write binaries for [Linux] that do networking tasks, including hardening the bot and distributed denials of service.”
Psyb0t may been disabled, but it won't likely to be the last such attack on Linux devices and desktops, warns Seltzer. “The main thing keeping Linux on the desktop out of botnets is the sophistication of its users,” he writes. “Without that, embedded Linux devices are only as secure as the vendors want to make them. Given that vendors will usually make the security ease of use trade-off in favor of ease, I think psyb0t may just be the tip of the iceberg.”
Availability
Larry Seltzer's story, “The First Linux Botnet,” may be found at eWEEK,” here.
The latest Psyb0t update on may be found at this DroneBL page, here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.