back to article Hadoop coop thrown for loop by malware snoop n' scoop troop? Oh poop

Hadoop databases haven't been getting much interest from hackers so far, compared to other data silos, but that's changing, according to a new study. Security shop Securonix, reports that its research team has seen a sharp rise in attacks targeting known vulnerabilities in Hadoop components such as Hadoop YARN, Redis, and …

  1. Walter Bishop Silver badge
    Linux

    Xbash hits a vulnerable server

    If Xbash hits a vulnerable server, and can infect it, it first wipes the host's databases

    How does Xbash initially infect the server and could we have a link to the actual Xbash source code?

    1. diodesign (Written by Reg staff) Silver badge

      Re: Xbash hits a vulnerable server

      The means of infection are given in the article and linked-to post: Xbash uses three known vulnerabilities in Hadoop, Redis and ActiveMQ to hijack a machine and propagate.

      * Hadoop YARN ResourceManager unauthenticated command execution, which was first disclosed in October 2016 and has no CVE number assigned.

      * Redis arbitrary file write and remote command execution, which was first disclosed in October 2015 and has no CVE number assigned.

      * ActiveMQ arbitrary file write vulnerability, CVE-2016-3088

      The source is apparently here - caveat emptor:

      https://github.com/h3ct0rjs/XBash-malware-files

      C.

  2. Anonymous Coward
    Anonymous Coward

    Cue the panic...

    This is one reason to keep Hadoop in the DC and not on the cloud.

    Not that you can't run in the cloud, but you need to take more precautions.

    If set up correctly, Hadoop can be fairly secure.

    At the same time... most Hadoop clusters are isolated and deep within the enterprise.

    Unless of course you're running on the cloud. Then YMMV depending on which cloud provider and how careful your entire staff is...

  3. Anonymous South African Coward Silver badge

    Also won't hurt to change your database admin account to something else with a good, strong password (whenever possible).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019