http://www.net-security.org/secworld.php?id=17322
As usual, the fault lies with the negligent admin who sets up a Linux server and then forgets it, thinking that because it is Linux it will be secure no matter what.
Same problem, five years ago.
As Steve and others have often pointed out, security is a process, not a product.
"We have traced one of the most significant DDoS attack campaigns of 2014 to infection by IptabLes and IptabLex malware on Linux systems,"
...
"This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Malicious actors have taken advantage of known vulnerabilities in unpatched Linux software to launch DDoS attacks. Linux admins need to know about this threat to take action to protect their servers,"...
...
Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions.
In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.
...
"This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Malicious actors have taken advantage of known vulnerabilities in unpatched Linux software to launch DDoS attacks. Linux admins need to know about this threat to take action to protect their servers,"...
...
Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions.
In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.
Same problem, five years ago.
As Steve and others have often pointed out, security is a process, not a product.
Comment