Day: October 3, 2014

This is VERY interesting, they are betting the farm on Cloud Computing!

Red Hat CEO announces a shift from client-server to cloud computing

ZDNet – By: Steven J. Vaughan-Nichols – “Red Hat is in the midst of changing its image from a top Linux company to the future king of cloud computing. CEO Jim Whitehurst told me in 2011 that the Platform-as-a-Service (PaaS) cloud would be Red Hat’s future. Today in a blog posting, Whitehurst underlined this shift from Linux to OpenStack.

Whitehurst wrote:

Right now, we’re in the midst of a major shift from client-server to cloud-mobile. It’s a once-every-twenty-years kind of change. As history has shown us, in the early days of those changes, winners emerge that set the standards for that era – think Wintel in the client-server arena. We’re staring at a huge opportunity – the chance to become the leader in enterprise cloud, much like we are the leader in enterprise open source. The competition is fierce, and companies will have several choices for their cloud needs. But the prize is the chance to establish open source as the default choice of this next era, and to position Red Hat as the provider of choice for enterprises’ entire cloud infrastructure.

In case you haven’t gotten the point yet, Whitehurst states, ‘We want to be the undisputed leader in enterprise cloud.’ In Red Hat’s future, Linux will be the means to a cloud, not an end unto itself.

He’s not the only Linux leader who sees it that way. Mark Shuttleworth, Canonical and Ubuntu’s founder, agrees. If you read Shuttleworth’s blog, you’ll see he focuses far more on Ubuntu’s inroads into the cloud than, say, Ubuntu on the smartphone or tablet.

They both have excellent reasons for seeing it this way. With the exception of Microsoft Azure, all other cloud platforms rely on Linux and open source software. Amazon’s cloud services, for example, run on top of Red Hat Enterprise Linux.

So neither Linux leader is walking too far away from Linux. Shuttleworth, for example, is quite proud that Ubuntu is the leading Linux OS on OpenStack. Whitehurst was quick to note that ‘Red Hat Enterprise Linux is easily the best operating platform in the world, counting more than 90 percent of the Fortune 500 as customers.’

Linux leaders see a future where IT is based on Linux and the open source cloud. And if Whitehurst has his way, it will be a Red Hat-dominated future.”

This is a nasty botnet exploit, and a real indication that EVEN A MAC needs anti-virus. I use Kaspersky AV on my Macbook Pro. Dr. Web is another excellent anti-virus, this is from their web site!

New Mac OS X botnet discovered

Dr. Web Anti-Virus Web Site – to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical analysis indicates that there are more than 17,000 unique IP addresses associated with infected Macs.

Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically.

When Mac.BackDoor.iWorm is initially launched, it saves its configuration data in a separate file and tries to read the contents of the /Library directory to determine which of the installed applications the malware won’t be interacting with. If ‘unwanted’ directories can’t be found, the bot uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file. Then Mac.BackDoor.iWorm opens a port on an infected computer and awaits an incoming connection. It sends a request to a remote site to acquire a list of control servers, and then connects to the remote servers and waits for instructions. It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals.

While establishing a connection to the server whose address is picked from the list using a special routine, the backdoor attempts to determine whether the server address is on the exceptions list and engages in a data exchange with the server to employ special routines for authenticating the remote host. If successful, the backdoor sends the server information about the open port on the infected machine and its unique ID and awaits directives.

Mac.BackDoor.iWorm is able to perform two types of commands: different directives depending on the binary data provided and Lua scripts. Basic backdoor commands for Lua-scripts can be used to perform the following actions:

• Get the OS type.
• Get the bot version.
• Get the bot UID.
• Get a value from the configuration file.
• Set a parameter value in the configuration file.
• Remove all parameters from the configuration file.
• Get bot uptime.
• Send a GET query.
• Download a file.
• Open a socket for an inbound connection and then execute the commands received.
• Execute a system instruction.
• Sleep.
• Ban a node by IP.
• Clear the list of banned nodes.
• Get the node list.
• Get a node IP.
• Get node type.
• Get node port.
• Execute a nested Lua-script.

Information collected by Doctor Web’s researchers shows that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet created by hackers using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet created with Mac.BackDoor.iWorm is shown in the following illustration:

The signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X.”