ransomware virus on Linux

Brandon J. Wandersee brandon.wandersee at gmail.com
Thu Nov 19 22:27:23 UTC 2015

Matthias Apitz writes:

> Any comments?

>From what I've been able to glean, this seems a little bit overblown. I
don't doubt the effects are significant for the people experiencing
them, but it seems extremely limited. The program is said to "take advantage
of" an outdated, running instance of the Magento e-commerce software, so
I have to think that it can only be executed via Magento. It also
encrypts only directories that would absolutely require root privileges
to modify--e.g., it specifically encrypts /home, not individual user
directories, so even if you deliberately executed it as a regular user
it would have no effect.

So it only affects improperly configured servers that run outdated
versions of one specific piece of software. It's not something most of
us will have to ever worry about, and the onus really falls first on
Magento to prevent this sort of remote execution (which it apparently
did before the malware even made it into the wild), and then on sysadmins to
update to the newer, secure version.

   		      :: Brandon Wandersee ::
                  :: brandon.wandersee at gmail.com ::
'A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
                            			- Douglas Adams

More information about the freebsd-questions mailing list