Linux Malware: Should You Be Concerned?

Linux Malware:

Linux-Logo1 Linux MalwareIt seems the honeymoon period for Linux without malware might be coming to an end. If you thought avoiding Windows was a safe way to avoid malware for your cheap hosting site, you are mistaken.

The ‘Hand of Thief' Trojan recently discovered has brought Linux users back to reality just a bit, making them question just how safe they really are. So what do you need to know?

Linux Malware: Hand of Thief

“Given the recent Hand of Thief news in which RSA's Limor Kessem explains how a Linux malware kit is sold on Russian websites, I have been contemplating about Linux security again,” said Hans Kwint in a blog post on LXer bearing the title “Linux Malware: Should We Be Afraid?”

“Here's my question to you,” continued Kwint. “Are you afraid attackers [will] break into your Linux boxes? Do you scan for rootkits from time to time, and check md5-sums of executables against your ‘trusted list?' Do you consider one distro safer as another? What is your level of paranoia?”

Linux Malware: Bloggers Respond

And the Linux blogging community began responding to this post.

“Linux malware isn't new, but for one reason or another it never seems to spread far,” said Hyperlogos blogger Martin Espinoza. “Sure, users could be tricked into installing malware from repositories in Ubuntu, but that could happen on any distribution with meaningful package management.

“Linux at least has some generally working security features that help keep infection down,” he added.

Blogger Robert Pogson agrees: “I've been using GNU/Linux for more than a decade and never saw any malware on it while I have seen hundreds of infections on a single PC running that other OS. Malware does exist, but GNU/Linux has so many layers of defense that unless a repository distributes it, the malware may not even run on a GNU/Linux system.

“There are all kinds of checks against that happening unless someone sneaks it into the source code,” he continued. “With the open development process of FLOSS, that is very unlikely to happen.”

Linux Malware: To Worry, Or Not To Worry

Google+ Blogger Kevin O'Brien, in an interview with Linux Girl, points out that any device that runs code is susceptible to malware. Linux has just been lucky thus far, thanks to their security measures. “That is not a very powerful shield, so learning safe computing applies to us as well.”

Mike Stone, blogger at Linux Rants, reminds Linux users that absolutely no operating system, ever, is immune to a Trojan Horse. Even Linux, held high on a pedestal by its users. Stone says, “Who thinks that there's no reason to attack the operating system that runs the majority of the world's websites, a massive chunk of he Internet, over 90 percent of the supercomputers out there and now a vast majority of the smartphones sold in the world?

“The Stock Exchanges in New York, London, and Tokyo all run on Linux,” he said. “No reason to attack that? Please.”

Linux Malware: What You Need To Know

As long as you're cautious and keep security in the forefront, you should be fine. Because according to Slashdot blogger hairyfeet, no OS is safe.

“Hand of Thief is just the beginning, folks, because as more and more virus writers find out that Android bugs can often run on Linux and that ‘How to Write a Linux Virus in 5 Easy Steps' works, then more and more malware writers will simply make their wares cross-platform.” Hairyfeet wonders “whether the Linux community will ‘man up,' accept this is the case and take steps to minimize risks? Only time will tell, but it IS a legitimate threat.”

Do you rely on Linux for your cheap hosting site? How do you feel about this threat?

Dropbox Used to Spread Malware

Dropbox Used to Spread Malware

DNSCalc gang has targeted the New York Times in the past, and now this cyber-hacking gang has found a new way to get its point across. Breaking news this afternoon has let to this discovery: the DNSCalc Gang is using Dropbox to spread malware to unsuspecting victims. Dropbox Used to Spread Malware

How Dropbox Is Being Used

The gang's setup is really clever. First, a file is sent to various Dropbox users (usually government officials or individuals with ties to the Association of Southeast Asian Nations). That file includes a .Zip file that appears to belong to the U.S.-ASEAN Business Council.

This file would then be sent to anyone interested in Council business, and the file actually contained a legitimate Council paper. Once the file was unzipped, the malware included in the file would open a backdoor to a host computer – all without recipients knowing what was happening.

After that, the malware file would find a WordPress blog that was created by the Gang. The malware contained IP address information in addition to a port number or a control server. From there, additional malware would begin to download. You could say that it was Game Over for anyone that was attacked.

Dropbox Used to Spread Malware: Why Dropbox?

Dropbox files tend to be trusted by most people. If you grant someone access to your Dropbox, you probably open up any file sent without a second thought. Gangs like the one mentioned above will use this vulnerability to send malware to unsuspecting Dropbox users. What can you do?

Unfortunately, this type of malware is hard to detect, and most company detection programs won't notice a thing happening when malware is moving around via Dropbox and to a WordPress blog. What you can do is report any kind of of attack like this one, so that other people are aware. If your system has already been attacked, it's really hard to do much about it.

One other tip: make sure you know who sent you a Dropbox file. Ask that person if they did, indeed, send you a file, and think twice before unzipping any files. These tactics will provide you with your best line of defense!

Darkleech: Apache Malware That Spreads Rapidly Is On The Rise

Darkleech: Apache Malware

Best-Security-Solutions Darkleech: Apache MalwareIt's every webmaster's worst nightmare: malware. But this just isn't any malware: it is highly vicious, and has attacked an enormous number of websites that run the Apache web server. In all, over 40,000 domains have been compromised in the past nine months, according to a report put out by ESET, an antivirus company.

The most worrisome part of all of this: the frequency of these attacks is on the rise. In May alone, 15,000 attacks occurred. The data shared by ESET pinpoints the beginning of the malware campaign to be no earlier than February of 2011.

It isn't restricted to the US, either. There is increasing activity in Europe, Canada, and the US, and Symantec predicted at the end of 2012 it would spread to Australia soon. Symantec actually released a white paper about ransomware, a form of malware, entitled “Ransomware: A Growing Menace.”


This Apache module is known as Darkleech, and was installed on those Apache web servers that were compromised. Darkleech loads an iframe into a web page, redirects the user to a malicious URL hosting the Blackhole exploit kit, which then attempts to take advantage of vulnerable, unpatched browsers, Java, or Adobe Reader plugins and install the malware.

If you're a visitor who hasn't installed patches to this vulnerability in the form of updates, you'll find yourself infected with a host of dangerous malware software. ESET reports that users are only attacked when they use Internet Explorer or Oracle's Java plugin.

An aspect of this malware campaign: users computers are locked, with a fee of $300 demanded in order to free their data. It's called a ransomware scam, and ESET figures the hackers have figured out how to effectively compromise CPanel and Plesk. The malware program is called Nymaim, and is customized according to the user's location. Some users are directed to a bogus warning that claims you are under investigation by the FBI.

Darkleech will sometimes pass by users accessing the Internet from IP addresses belonging to web hosting or security companies, users who have been hacked recently, and those visitors who did not access the hacked pages with specific search queries.

A Harder Battle To Fight

Because this module is selective with who it infects, it is a whole lot harder for security companies to learn more about Darkleech developers in efforts to block these infections from happening in the future.

What can you do? ESET advises webmasters to protect themselves and their users from this deadly malware by taking all necessary security measures such as keeping software and the operating system up to date, and relying on a security scanning program to verify the HTTP daemon of the server to make sure it has not been altered.

One thing is for certain: it isn't going to get better anytime soon. According to Sebastien Duquette, ESET malware researcher, “Malicious modification of server binaries seems to be a very popular trend for malware distribution.” Darkleech compromises the infrastructure of a web hosting company, spelling bad news for all web pages hosted there.

“Given how successful these campaigns have been so far at redirecting massive amounts of visitors it is hardly surprising to see these abuses on the increase,” said Duquette. Only time will tell if these hackers can be stopped.

6 Ways to Protect Your E-Commerce Site

Protect Your E-Commerce Site

As hackers grow more experienced, a number of ecommerce sites have come under attack. It's never good thing when any site is attacked, but it's even worse when it's a site that solely exists for the sake of your business. After all, if your site goes down, you lose site traffic, and that means a loss in revenue. So, what can you do? Follow these ecommerce safety tips.   ecommerce Protect Your E-Commerce Site

1. Go deep. Ask your IT team to create multiple security layers. If you can, try to set up multiple security teams too, and it never hurts to hire a hacker or two to search for holes.

2. Make sure to update. Updates seem like such a pain, don't they? But, an update can really save you when it comes to most types of hacks. Be vigilant when it comes to updating software and keeping things in check. Even though it will take a few minutes to update a site now, it will save you a lot of hassle in the future.

3. Cyber insurance. We will talk more about cyber insurance in an additional article posted on the site today, but this might be something that you will want to look into.

4. Try to segregate your sites. Keeping all of your sites hosted on the same server could mean setting yourself up for disaster. If one site is attacked, all the other sites on that server might be attacked too.

5. Encryption. At all times, when possible, encrypt your data. There are so many people out there that have been hired simply to tap into your data. If you encrypt what you have created, this information will be a lot harder to track down.

6. Make it your job. If you are a website administrator or owner, don't wait for someone else to set these security measures in place. If everyone that works with a site aims to protect that site against hacks, the more chances you have of really setting up a great defense. When it comes to protecting your site, don't wait!

Protect Your E-Commerce Site

If you need more site protection tips, ideas about what to do to protect your site, or any other information, please feel free to contact me. Just click on the “ask an expert” portion of the site, and an expert will get back to you shortly.

BlueHost: Crowned #1 For Linux Hosting Provider

BlueHost: Crowned #1

Looking for the top Linux hosting provider for your website? A premier portal has crowned who they feel provides the best services when it comes to features, technology, cost, speed, reliability, and tech support. After reviewing over 100 shared hosting providers priced under $10 per month and the reviews of their customers, the winner was BlueHost.

BlueHost's Background

bluehost-review-by-toptenhostingsBlueHost has been in the forefront of the shared hosting world since 1996. Since then, they have grown substantially, and now cater to over 2.5 million customers. They are the only shared hosting provider that invested heavily (like, 20-million-dollars heavily) in its data center that uses only Dell-brand servers and BGP4 smart routing technology with 5 fiber-lines brought directly into the building. Bandwidth exceeds 150,000 Mbits in all.

Overall Results measured hundreds of sites against their own testing as well as scouring the reviews left by actual customers to determine the results. Overall, the review site makes it clear that no one in the hundreds of sites that were reviewed had the stellar reputation of BlueHost. Whether linux hosting or shared hosting, prices are affordable and service is top-notch.

BlueHost accepts both credit card and PayPal to pay for their hosting services, and a big bonus: anytime you are dissatisfied, whether 30 days or three years, you can get your money back. That's right, an anytime money back guarantee.


Thanks to their customized Linux kernel and the data center they manage themselves, BlueHost guarantees 99.9% uptime. Their powerful web servers certainly support this. Why did they bother with a customized Linux kernel? That's simple: to offer the best shared hosting experience possible on the market today for their customers.

Using BlueHost's Linux platform means you can segregate Disk I/O, CPU, and memory used by all the clients hosted on a single server. Therefore, you don't need to worry about your information being compromised by someone on the same server.

Control Panel

BlueHost relies on the cPanel control panel, offering the best features for users. It's easy for new users, no matter if they are computer savvy or not, to use.

BlueHost customized the control panel, integrating it with the billing account system, Simple Scripts, and adding a CPU throttling feature. Simple Scripts was created by the founder of BlueHost, Matt Heaton, to give users the power to effortlessly install applications to their websites. It's comparable to Fantastico, something other hosting companies rely on, but is easier for users in terms of UI and overall experience.

Support and Pricing

Their support is truly second to none, and with shared hosting plans starting at $3.95 a month (44% off their usual price of $6.95 per month), it's the best value. Where else can you pay a fee as low as that and still get reliable, 24/7/365 support whether the toll-free US-based number, email, or live chat? The company actually employs 400 people to deal with customer support exclusively. They are all very well-trained, and know their technological stuff!

What else do you get for that low price? Well, a lot, actually. You get domain name, $50 Facebook advertising credits, $100 Google AdWords credits, and all that a Linux platform has to offer: PHP 5.3.18, Ruby on Rails, SQLite, PostgreSQL, ionCube PHP Loader, Zend Optimizer, Shared SSL, Secure Shell Access, hardware firewall and DDoS attack response, Cloudflare content delivery network integration, and more.

If you are looking for the best Linux hosting provider, it's safe to say BlueHost is an excellent choice.

Do you use BlueHost's services? Do you agree with the assessment that they are the best there is? We want to hear your BlueHost experience!