Could THIS be the year of the Linux desktop?
Platform being targeted by trojans...
...time to check where the uploaded packets are going I think
Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted …
You have to manually run it (allowing it to run with chmod in the first place) or worse to knowingly install it. Both of these things are hard to implement on the up-to-date GNU/Linux and *BSD systems unless a 0-vulnerability is known. You can install and run xinput <key-board-id> to capture all key pressings, BTW.
Don't take Dr.Web's FUD for a sure thing.
All of us on here are less likely to get a virus than the average member of the public.
The average member of the public doesn't know how to secure their computer properly (probably have more of a chance with Windows going by the number of users on Linux forums who reply 'RTFM' to general questions.)
The average member of the public will click on any box that pops up when they think they are installing something fun, like a pink pony screensaver.
Factor in the recent Java vulnerability (others will follow covering your currently installed software) and you aren't looking as safe as you thought you used to be.
This post has been deleted by its author
This post has been deleted by its author
Could you please care to tell us why should we RTFM to the lazy user who just wants us to fix his problem while he doesn't even bother to read and (that's a tough one!) understand the documentation ? They should stay in Windows land where there are no manuals or documentation to be read. I don't want those users to come to Linux just for the sake of Linux desktop widespread adoption.
Just to make myself clearly understood, as I Linux user I had the opportunity to be RTFMd but I used it to learn and improve my skills, both in Linux and in how to ask questions on support forums, no matter if it's Linux, Windows, Cisco or any other technology vendor.
To be honest, was not sure what that abbr. meant until googled it!
1) I have never seen RTFM on any of Linux forums. There are tons of linux forums where things are explained for dumbies
2) GNU/Linux and *BSD systems are still more secure for those who do not how to secure his/her computer properly. More precisely, there is no absolutely no rocket science here to follow : update your system whenever the update is available (just press that button!) and do not install anything outside of the repositories. Both of these thinks, although very clear to us, should be crammed into users' heads when they come from the Windows (95%) and Mac OS X world. User unfriendliness (reboot after most updates on M$ systems) and lack of repos on both is the ultimate reason for such behavior.
As far as the Java or javascript vulns are concerned, just
a) don't use Java (easy)
b) use noscript, flash-killer, adblock across all platforms (easy)
c) use AppArmor enabling firefox profile (fairly easy)
I'm not convinced about your assertion of RTFMage. I have received friendly, courteous and above all helpful assistance from actual kernel hackers (the most friendly of whom is easily Jes Sorensen, who is a lovely chap). If you ask your question in a sensible way, include relevant information, and don't force people to real LOLcat or cross examine you to get the facts (i.e. exercise basic good manners), a lot of folks will be surprisingly helpful.
Contrast this with the FreeBSD lot, when I was installing it on my Alpha, and couldn't get any console output on my DEC TGA, which was listed as supported by the default kernel. I enquired politely and clearly, detailing what I had done, and what I was using, and was told to "RTFM" in broken English. It turned out that there was a small bug that prevented it from working, in the end (after a slightly more grown-up dev looked into my problem, after I grumbled in response).
(Oh, and don't even get me started on OBSD and Theo.. I thought my people skills were bad :D)
I wouldnt expect too many malware authors will be bothered until Linux hits at least 1% market share
How does >90% of web servers grab you? Or ~100% of web routers?
Clueless fanboi morons like you are welcome to their fundamentally insecure "operating systems" - the ones that are actually just silly computer games. Why don't you run off and let the grown-ups get on with real computing?
Unix and its siblings are (effectively) invulnerable to malware. Sure enough you could (possibly) fool someone into downloading something malicious, but they would have to give it permission to run. It would also not have access to the operating system, as the OS is entirely divorced from the user files that could possibly be compromised.
Go back to Windoze - you deserve it.
It had to happen sooner or later. I hope they find the details on this thing and publish them soon, I'd like to see what common components between Linux and Apple's BSD/Mach mashup they're using.
Of course, it could turn out that this thing must be manually installed or that it only runs in user space... in which case it's not a yawner but less unexpected.
And I do suppose the envitable MS vs. the world flame war will erupt in 3.... 2.... 1....
"Of course, it could turn out that this thing must be manually installed or that it only runs in user space... in which case it's not a yawner but less unexpected."
Yeah, I reckon there's at least a chmod +x required somewhere to make it executable and even then I reckon it's still only user space - that is, until you enter your root password and then has it.
I wonder if that recently reported Java vuln could be used to do the chmod +x and spread it though.
Definitely need more info on this.
According to the site at the end of the link in the article:
"It's not clear yet how the Trojan, which was added to the Dr.Web virus database as BackDoor.Wirenet.1, spreads. This malicious program is a backdoor that can work under Linux as well as under Mac OS X.
When launched, it creates its copy in the user's home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65."
So no details as to how it gets installed and no details as to how it's spread. Does this really merit an article? Because anybody can write a Linux virus - a shell script will do. The trick is getting it installed, giving it execute permissions and permissions to do its stuff.
I'll start to worry when I find out it exploits a weakness in the OS that allows it to install itself by stealth and then escalate its privileges. Or when it somehow gets added to the Ubuntu repositories, of course.
"I'll start to worry when I find out it exploits a weakness in the OS that allows it to install itself by stealth and then escalate its privileges."
Agreed. Except you should add "compile itself" as well. Unless a binary compiled on MacOS X will run on a Linux box and vice-versa. I strongly doubt that's even possible.
Colin
hang on... id didnt have to happen at all!!!1!!11!!
if i've read it once i've read it a thousand times, windoze boxes get virii cos they are crap, and the ppl who code for them smell of poo!
linuxexexe on osexexex dont never get virii on account of them being super and smashing and programmed by angels and intrinsically resistant to anything bad.
i thought it was bollocks then, glad to see you caught up at last.
now if only there was a mature AV sector to help you out... or even some kind of system of regularly eradicating vulnerabilities as they become exposed....
is that the sorta fing you are looking for :D?
Linux distributions already have regular security updates. I have heard Windows users complain that AV software smells of pooh so often that I am glad there is very little for Linux (There is some for filtering Microsoft malware out of email). In the Microsoft world, malware is installed and executed so it can hide and do damage before AV software can hunt for it. The rest of us don't run malware in the first place unless it is to test security.
I have tried installing some but the install scripts got tripped up by little things like mounting /tmp and /var/tmp noexec. Trivial changes to the configuration like that make most Linux boxes more trouble than they are worth. There are plenty of more complex options available for high value targets to ensure that viruses have to be targeted to a specific organisation or machine.
X86 is getting rare these days as much has been moved to AMD64, but my home also has MIPS and two incompatible flavours of ARM. Multiply that by the number of distributions and the users' choices about what software to use and you can see why Linux malware is just not as profitable as stuff for Microsoft even though some of the machines are very high value targets and Unix malware has been around longer:
This is the Unix e-mail virus. It works on the honour system. Please send copies of this e-mail to your friends then delete a few files.
So does it pick up keystroke from the keyboard interface? or characters populating text fields on websites?
Just wondering if utils like 1Password can be seen as a protection against this kind of attack, since they drop your password directly into the password field, the data isn't coming via the keyboard interface.
It's probably "cross-platform" in the sense that it uses *nix sockets and not Windows ones. I wish people would use cross-platform properly, to describe something that'll run on multiple architectures and not merely different OSes on the same platform.
Writing a piece of Java code that runs on Linux and Windows is not exactly a challenge. *cough JVM cough*
Unfortunately as the population of linux and OSX users increases, the number of mouth-breathers who would blindly enter the root password blindly will increase...
The vector of infection is usually those with the least technical ability. The only good thing is that in those OS's the need to enter that password cannot be overriden (as far as I know, please correct me otherwise), at least yet..
Sadly, the population of Linux users is still not increasing and I doubt it will ever do. We're the same number we were a couple of years ago. Not that I feel bad about it or lonely. I guess we're becoming like those who prefer to build/drive custom cars in that only those who really want to be like us will join us and it's nothing wrong or special about it.
And you're absolutely right about carelessly using the root password and let's pray Gnome and KDE and other WM devs will not goof for the sake of mimicking you all know who.
> the need to enter that password cannot be overriden
That's trivially over-ridden.
But to do so, you need to understand the sudoers file. Which means understanding the ramifications of such a thing. And that's why, quite often, a sysad says "no" when asked to do something[1].
Vic.
[1] For example, I installed MediaWiki for a customer once. The first thing he tried to do was to write a load of PHP in the pages to run his advertising scripts. He was furious when that didn't work, and *demanded* that I make PHP work in wiki pages. I told him I'd need written instructions before I'd do that...
Unfortunately, many Linux distro's automatically put the first user set up during the installation into whatever group the sudo config.
And what is your problem with that? "sudo" is not "su"! Do you realize that?
Also, with that bash virus you need to get it chmod'ed ( unless to be run with bash ~/virus ) and provide the password :
<code>
#/bi/bash
echo "Please provide your password so we could erase your system. Thank you! "
sudo rm -fr /
echo "Now you can shut down this system for the last time ;( Bye now"
exit 0
</code>
Expect to see far more of them after Windows 8 comes out. Secure boot = much harder to root kit or compromise the kernel. Therefore Linux amd Mac viruses will become the new focus of Malware writers.
After all OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500. to put that in perspective, XP has about 450 and Windows 7 about 200....
i.e. they are Swiss Cheese compared to current Windows versions...(See Secunia.org)
Secunia is a Windows only company so I don't count them as security experts in *nix.
As for the rootkits, they are a straw man. Secure boot is to force you to upgrade to whichever version of Windows Microsoft wants and also to stop you from running the version you already have.
If we look at your source of information for OS security vulnerabilities, and post the rest of the information to neglected to mention:
Windows 7:
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated *Highly critical *.
OSX:
No information listed.
SUSE 10:
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
Also, if you include Ubuntu in your information:
Affected By 62 Secunia advisories
251 Vulnerabilities
Monitor Product Receive alerts for this product
Unpatched 0% (0 of 62 Secunia advisories)
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
You can't compare the overall number of vulnerabilities for any meaningful purpose. The real problem is how you define a "Linux" vulnerability. If a remote code execution vulnerability is discovered in.... Sendmail for example... is that a Linux issue, or a sendmail issue? What about the users who use Postfix or any other MTA? How do you compare issues across multiple kernel types? I'd venture to say that the Windows kernel has had *far* fewer vulnerabilities than the Linux kernel, but can you really compare security issue within a monolithic kernel with those in a pseudo-microkernel? Even if you could... who gets the blame for bad drivers written by an OEM?
I highly doubt there are anywhere near 3500 vulnerabilities in the "core" of SuSE, but I could certainly see that across their entire repository. If Microsoft or Apple had the equivalent, they'd be up there too.
"After all OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500. to put that in perspective, XP has about 450 and Windows 7 about 200....
i.e. they are Swiss Cheese compared to current Windows versions...(See Secunia.org)"
Ah, so that is why they are using Linux+Apache to server thier website!
> Expect to see far more of them after Windows 8 comes out. Secure boot = much harder to root kit or compromise the kernel.
That may hold true, if, and only if, there are no bugs. If you look at the sources for the Linux ACPI implementation, you'll see plenty of examples of bugs in ACPI that have had to be worked around in software. Add to this the number of UEFI-enabled systems out there where the UEFI firmware plain just doesn't work (because Windows 7 and earlier don't use it, it has never been tested)... In short I can see this ending badly.
That said, I do take your point that the number of such attacks will rise as the "alternative" platforms become "mainstream". The tough bit about Linux is that the "fragmentation" of the community makes it a more difficult target ... a Slackware user is unlikely to get duped into a social engineering bug targetting Ubuntu for example.
I'm no longer a Linux newbie and I'm very familiar with packages, dependencies and compiling from source and as an example, I still find installing VMware Player on the latest Fedora a serious threat for mental health. If anyone tries to tell me the malware guys will come up with a way of installing that trojan smoothly then I would suggest VMware to hire them and pay them a five figure salary.
Thats true of installing pretty much anything on Linux.
Have you tried installing the streaming Office 2013 preview? Amazing stuff. You can launch an Office App in less than a minute while it carries on installing in the background. Good luck reproducing that on Linux.....
You can launch an Office App in less than a minute while it carries on installing in the background. Good luck reproducing that on Linux.....
Wow, this is very awesome!
Noway you can reproduce it on Linux, 'cause MS doesn't make... yeah, and even if it did, noone would allow thi sh#t on his/her Linux.
However, I boot into Ubuntu or LMDE in about 25-30 seconds off my flashdrive and LibreOffice will start in another 5-10 seconds if launched right away. The full installation (with LibreOffice) of LMDE (Linux Mint Debian) took 12 minutes on a low-end 4 year old laptop.
Er, why the f**k would I want to launch an office app whilst it's still installing? Is it really so important to get that PP presentation ready I need to do that? Once installed, they all start up in about the same time, so it's only during install this makes any difference whatsoever.
This has got to be one of the weirdest 'features' I've ever heard of.
Indeed, because it's a major pain in the arse to install on Linux. I speak from personal experience.
Dear RICHTO,
you can use the link "My posts" on you right. To navigate more quickly, just use the find function in your browser with the "RICHTO" keyword. Even IE9 has it :)
Many of us including me do enjoy your post. Thanks.
The likelihood of a system being hacked is going to increase if
1) the admin is poorly skilled
2) the system is popular enough to warrant the attention of malware writers
On the desktop windows has mass market share so malware writers will put most resources to it. Linux is still the preserve of geeks on the desktop, so fewer schoolboy errors like blindly installing something because a pop up asked you to.
In the server world it's a different matter... Linux has the highest market share. Many poorly skilled users using windows on the desktop use cheap Linux web hosting, run unpatched Wordpress, set permissions wrong to get something to work, etc. So it no surprise to see more hacked websites running on Linux. The fewer windows servers are more likely to be run by professional corporate admins.
The biggest problem is gullible and poorly skilled users. At present most use windows but as they migrate to Linux, OSX and android the problems will follow them.
Call me a sceptic, but it sounds to me like some anti-virus firm just got tired of Linux users not buying their product, so they thought they would write a virus to encourage them!
A virus which you have to install and chmod +x is not "Proof of Concept" it's more like proof that it won't work!
Stories like this make me feel ever more confident that I don't yet need to run anti-virus software on a Linux desktop.
There is at least the reasoning that in targeting Linux and MacOS you are targeting a lot of users with a mindset of "my system doesn't have viruses, trojans or malware and it's much more secure than Windows", which leads to a lack of vigilance and general complacency in security.