Security Patches and Linux FUD (Blaming Everything on "Linux" Again)

posted by Roy Schestowitz on May 15, 2024,
updated May 17, 2024

• Several Vulnerabilities Addressed in Ubuntu 24.04

  Ubuntu 24.04 LTS was released on April 25, 2024, with some new exciting features. Like every other release, it is not immune to vulnerabilities. Recently, the Ubuntu security team has addressed multiple security vulnerabilities affecting Ubuntu 24.04 that could potentially lead to a denial of service or the execution of arbitrary code. In this article, we will explore the details of these vulnerabilities and learn how to secure your systems.

• Bleeping Computer ☛ Ebury botnet malware infected 400,000 Linux servers since 2009 [Ed: This does not say what causes the compromise in the first place, but it's not Linux or SSH]

  A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.

• Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain [Ed: There is no effort to explain what causes this, only to falsely blame or FUD openSSH and Linux]

• Cyber Security News ☛ 400k Linux Servers Hacked to Mine Cryptocurrency [Ed: They wrongly assert Linux (Tux) is "HACKED" but the culprit is likely far from the kernel]

  A new report from cybersecurity researchers at ESET has uncovered a massive botnet comprised of over 400,000 compromised Linux servers being used for cryptocurrency theft and other illicit financial gain.

Update

Four more FUD samples today:

• 400,000 Linux Servers Hit by Ebury Botnet

• Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

• 400,000 Linux Servers Hit by Ebury Botnet

• Thousands of Linux servers infected by Ebury malware

Here is an explanation of what goes on here.

Dan Goodin joins the FUD party, smearing OpenSSH in the process ("backdoors SSH servers"):

• Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

  Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

LWN now contributes to this FUD.

Distraction from this?

Linux Security:

• 400k GNU/Linux Servers Hacked in Massive Cryptocurrency-Mining Botnet

  As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect our systems. Security researchers have identified a massive botnet comprising over 400,000 compromised GNU/Linux servers, reinforcing the need to stay alert and implement robust security measures.

Linux-hostile site covering this today (Thursday):

• 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers

They always say "Linux".

Even days later, same nonsense:

• Report: 400K Linux servers affected by Ebury malware

  The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.

Just in time to distract from the Microsoft grilling in a few days?

• Ebury botnet compromises 400,000+ Linux servers

  ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation.

Sam varghese now contributes to this FUD/misdirection:

• Linux kernel project played host to malware for two years before discovery

  A compromise of the kernel.org servers that host Linux kernel development lasted from 2009 well into 2011, with a rootkit known as Phalanx being used to effect entry, the Slovakian security firm ESET says in a detailed report published on Tuesday.

See this