Linux php-exploit bot



Incidents.org writes to remind as that bot’s aren’t just for Windows. The recent PHP exploits have seen the use of the “kaiten” bot. After infection on the system it connects to an IRC server. It would primarily target linux systems. They do give a very good way to blunt most Linux bot-style malwares…


Make /tmp it’s own partition and mount it as non-executable. About 80% of bugs will try to copy themselves there first and if it can’t run it’s dead in the water. For those that don’t want to repartition – a clever solution as well…

Don’t forget to make /usr/tmp and /var/tmp symlinks. If you don’t want to repartition: use a loopback file. Most Linux malware will compile itself on the target system. So removing development tools is always an option but a bit painful for many. And you may not be able to do without perl.

   Send article as PDF   

Similar Posts