Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Thousands of Servers Infected With New Lilocked (Lilu) Ransomware (zdnet.com) 12
Lilocked doesn’t encrypt system files, but only a small subset of file extensions, such as HTML, SHTML, JS, CSS, PHP, INI, and various image file formats. This means infected servers continue to run normally. According to French security researcher Benkow, Lilocked has encrypted more than 6,700 servers, many of which have been indexed and cached in Google search results. However, the number of victims is suspected to be much much higher. Not all Linux systems run web servers, and there are many other infected systems that haven’t been indexed in Google search results. Why it should scare you:
– affects Linux servers
– so far the vector of infection / vulnerability is unknown
– you can craft a Google search to watch it spread!
- by jmccue ( 834797 )
When I saw that I thought “Who would create a ransonware for lilo ?”, but on a re-read I saw the “real” name.
these name are getting worse and worse
Here’s a shortcut [google.com] for servers with the Apache web server. Google finds a little over five pages of results, so while the issue is serious the infection rate looks to be quite low.
Some people have seemingly disinfected [googleusercontent.com] themselves.
- Based on the crafted google search. A majority of infections are Russian domains or hosted in Russia
No surprise. Theyâ(TM)re all php sites.
What difference does that make?
… going down.
Was 6,600 and now is 6,190. That’s in ten (10) minutes.
http://pinpointsecurity.co.za/ [pinpointsecurity.co.za]
So it’s not just php.
- by caseih ( 160668 )
And it’s been hacked for quite a long time if the modify times are to be believed. Since July… Or is this something the hacker does to mislead people?
This dates to at least before 7/20:
https://twitter.com/demonslay3… [twitter.com]
which means it’s probably the old Exim exploit, not the new Exim exploit.
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Related Links Top of the: day, week, month.
- 582 commentsAG Barr Says Consumers Should Accept Security Risks of Encryption Backdoors
- 568 commentsIn a First, Israel Responds To Hamas Hackers With an Air Strike
- 447 commentsFBI Director Christopher Wray On Encryption: We Can’t Have an ‘Entirely Unfettered Space Beyond the Reach of Law Enforcement’
- 432 commentsAtlassian Changes Annual Performance Reviews To Stop Rewarding ‘Brilliant Jerks’
- 401 commentsInsect Collapse: ‘We Are Destroying Our Life Support Systems’
Slashdot Top Deals
- Get more comments
- 13 of 13 loaded
“In the face of entropy and nothingness, you kind of have to pretend it’s not there if you want to keep writing good code.” — Karl Lehenbauer