It is currently Tue Apr 20, 2021 9:49 pm
All times are UTC + 8 hours

Docker - mining virus

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment.

Re: Docker - mining virus

Postby cheehoong » Wed May 20, 2020 9:10 am

sandro_rocha wrote:
father.mande wrote:Hi,

for specialist Docker is useful if you create your own container (test new version, create prototype) AND if you assume the permanent update of libraries and scripts inside ...
When you used pre-created container from HUB ... no control is done ... and it's at your OWN risk

Last even a virus check is done ... crypto mining is not a virus ... it's a normal application ... so never identified as a virus ... only the access open (generally a reverse connect) can be (or not) identified.

If you are really interested by container ... use tools where you have all the hand and control (like LXC or direct namespace management) so you keep a very large % of control on what are inside.
or if for you like and want to use Docker (even it's own internal security holes) ... create yourself container ... it's describe as difficult (for selling services) when in reality it's easy if you have a minimum of Linux administration skills (some free student formations exist on the Web)

So best solution is TRASH the bad container and all dependencies (some containers works with others containers started hidden), and search for another HUB and verify that it's not the same with another name

NB I am a user so you can trash this advice, but I have used Docker, LXC and Namespace on multiples NAS (and write some tool-book for another NAS brand) ... and today I build my own isolated environment like myHD APKG (an isolated Ubuntu 18.04 env.) or use LXC

I installed Docker-CE and didn't do anything else, didn't download or install any images, didn't start any containers and, a few hours later, there were four containers running. What explains that? Either the version available for the AS1002T is compromised or there is a security breach that allows external control.

I did some test too. If you DMZ your router to your Asustor, is high chance you will get this issue. Which I did before.
Now I hide it at the back ot router, limit the port open, then I did get issue with docker being injected with the mining "virus"
guess the asustor docker is open to attach, security is not good enough.
Posts: 5
Joined: Thu Feb 20, 2020 10:37 pm


Return to Docker

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 2 guests