[deleted]
Comment on Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs
girsaysdoom@sh.itjust.works 8 months agoFrom what it’s describing, it sounds like it would only impact Linux computers that allow SMB1 access, such as domain-joined systems with samba access allowed. It sounds like this would target mainly enterprise Linux deployments.
aniki@lemm.ee 8 months ago
Salamendacious@lemmy.world 8 months ago
My job still had Windows 95 machines running just a couple years ago. Could there still be Samba1 running out there or does Linux update differently?
lemmyvore@feddit.nl 8 months ago
Of course there is. Unfortunately the average Linux self-hoster doesn’t have much of a clue and probably runs vulnerable Samba (even if it’s not S1). Of course it doesn’t help that Samba seems to get a vulnerability about once a week. It’s one of the most targeted pieces of network software you could run.
Salamendacious@lemmy.world 8 months ago
I know that Linux is a host of OSs but generally speaking is it up to the user to keep their software up to date or is there some kind of automatic updating process?
aniki@lemm.ee 8 months ago
[deleted]Salamendacious@lemmy.world 8 months ago
Those machines were controlling a conveyor belt system and weren’t online. I was told the software they were running wasn’t available for other OSs. They were locked in a cabinet. That entire conveyor system is now gone so those machines are probably gone too.
TimeSquirrel@kbin.social 8 months ago
Is there actually still malware floating around out there that targets old Win9x machines? I'd think that without a population of hosts, it'd all die off and nobody is motivated to write more.
Toes@ani.social 8 months ago
Yeah windows 2000 assembly robots, too expensive to replace and too critical to not keep alive.
Salamendacious@lemmy.world 8 months ago
Well those were controlling a conveyor belt system that maintenance told me they bought used in the 90s.
micka190@lemmy.world 8 months ago
The bank I work at still has core systems running Lotus 🙃
Salamendacious@lemmy.world 8 months ago
Lotus 123 was outdated when I was still a kid. That’s impressive.
Salamendacious@lemmy.world 8 months ago
Interesting, thanks for that
Eyron@lemmy.world 8 months ago
They describe an SSH infector, as well as a credentials scanner. To me, that sounds like it started like from exploited/infected Windows computers with SSH access, and then continued from there.
With how many unencrypted SSH keys there are, how most hosts keep a list of the servers they SSH into, and how they can probably bypass some firewall protections once they’re inside the network: not a bad idea.
Salamendacious@lemmy.world 8 months ago
I think the original article talked about “spreading” to Linux machines so that generally tracks with what you’re saying that it starts on a Windows machine that itself has access to a Linux machine.