Since its launch, Linux Mint operating system has faced a lot of DDoS attacks. Though no serious damage has been caused to the OS. This time, hackers managed to hijack the website using a WordPress vulnerability. Clement Lefebvre, who is the brain behind Linux Mint OS mentioned in his blog post that the website is running on the latest version of WordPress but a custom theme and “lax file permissions for a few hours” allowed the hackers to hijack the website.
As of now, the developers of the OS are not sure about the intentions of the hackers as the malware that they injected in the ISO file do not create a major problem other than compromising the computer to initiate DDoS attacks.
The researchers at Kaspersky Lab who looked into a few of the compromised files said in their statement that the malware is a simple backdoor which is controlled through unencrypted IRC connection. It can perform a number of functions that includes running types of TCP and UDP flooding for DDoS attacks, saving random files to the computer, and executing arbitrary commands.
Lefebvre also confirmed in the website’s blog that the personal information and passwords for forums.linuxmint.com were also compromised as the hackers managed to get access to the database. He has urged the users to change the passwords as soon as possible.
- The information that has been compromised due to the attack includes:
- Users forum usernames
- Users email address
- An encrypted copy of users forum password
- Any private information they might write on the forums (including private topics and private messages)
- Any personal information they might have put in your signature/profile/etc…
Clement Lefebvre also mentioned in his statement that only those users who downloaded Linux Mint 17.3 Cinnamon on or after Feb 20 were compromised, and those who downloaded the ISO from torrent are safe. Still if someone feels that their OS has been compromised, they can verify their ISO toward a handful of valid signatures posted on the blog – and destroy any compromised versions. He also mentioned that if the user has already installed the corrupted ISO file then the first thing to do is to use the computer offline, backup the data on the computer and reinstall the OS. The users can also get rid of the corrupted version by formatting the partition.
Lefebvre remained very transparent about the attack and has been updating the users about the attack continuously. He said in his statement that this is the first time that Linux Mint website got such a serious attack. According to him, it is important to talk about the issue and resolve it as soon as possible as we are not talking about some downtime or inconvenience here. The matter is serious, and if repeated, the developers will involve the authorities.