New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
from irreticent@lemmy.world to linux@lemmy.ml on 15 Sep 2024 00:40
https://lemmy.world/post/19780113

cross-posted from: sh.itjust.works/post/25130414

#linux

threaded - newest

TootSweet@lemmy.world on 15 Sep 2024 00:42 next collapse

The sooner the crypto bubble bursts, the fewer victims there will be of fraud like this.

Max_P@lemmy.max-p.me on 15 Sep 2024 00:44 next collapse

The real victim here is the poor souls that have to use Oracle products

TootSweet@lemmy.world on 15 Sep 2024 00:53 next collapse

No joke. I’m ashamed to say I have had to endure Weblogic in the past. God was that time a massive clusterfuck.

The company I worked for decided to use two particular separate products (frameworks, specifically; ATG and Endeca, even more specifically) to use in tandem in a rewrite of the company’s main e-commerce application. Between when we signed on the dotted line and when we actually started implementing things, Oracle acquired the companies behind both products in question.

The company should have cut their losses, run away screaming, and started evaluating other options. That’s not what happened. Instead, they doubed-down and also adopted several other Oracle products (Weblogic and Oracle Linux on (shudder) Exalogic servers) because that’s, of course, what Oracle recommended to use with the two products in question. The company also contracted with Oracle-licensed “service integration” companies that made everything somehow even worse.

And the e-commerce site rewrite absolutely crashed and burned in the most gloriously painful way possible. They ended up throwing away tens of millions of dollars and multiple years on it.

When the e-commerce site rewrite did happen, it was many years later and used basically only FOSS technologies. I guess at least they learned their lesson. Until the upper management turns over again.

data1701d@startrek.website on 15 Sep 2024 05:04 collapse

Like, why the heck is Oracle still on this Earth? The only thing I can think of is MySQL, to which my response is, “Just use MariaDB.”

phoenixz@lemmy.ca on 15 Sep 2024 15:49 collapse

Nah, they’ll use something else instead.

Stanley_Pain@lemmy.dbzer0.com on 15 Sep 2024 00:50 next collapse

I’m actually kind of impressed that you can mine crypto still. I thought most of that went away some time ago

TootSweet@lemmy.world on 15 Sep 2024 01:01 collapse

You can’t really and make a profit. You pay more in electricity than you get in crypto.

…unless someone else is (unknowingly) paying for the electricity.

(Of course, when the price of crypto takes an upturn, sometimes it might get profitable again. And I’d imagine there are people mining it even when the price is low banking on the idea that it’ll spike again and they can sell it.)

HumanPerson@sh.itjust.works on 15 Sep 2024 01:36 next collapse

Also there are various specific cryptos that are easier or harder to mine. I believe monero is quite easy and bitcoin is more difficult, for example. I swear I’m not a cryptobro, I’m just a computer nerd who has been asked to explain it so many times that I have an okay understanding. Plus I had a CS teacher who was super into crypto and did a few lectures on it. You are generally correct, though. Also apologies for incoherence. My brain is not braining so well today.

possiblylinux127@lemmy.zip on 15 Sep 2024 03:37 collapse

I’m just imagining how much money a compromised Azure tenant could make

AbouBenAdhem@lemmy.world on 15 Sep 2024 05:24 next collapse

At least Oracle Weblogic is being useful for someone.

irreticent@lemmy.world on 15 Sep 2024 05:31 collapse

The shareholders, mostly.

phoenixz@lemmy.ca on 15 Sep 2024 15:50 next collapse

So this has shit to do with Linux, it’s Oracle doing Oracle. Great, you pay through the nose, get abused and for that you get shitty software that allows hackers to take over your machine. All sorts of awesome

smeg@feddit.uk on 15 Sep 2024 16:07 collapse

That thumbnail is a good one for !veryrealtechpics@lemmy.world

Strawberry@sh.itjust.works on 15 Sep 2024 16:41 collapse

thank you, those pictures pain me