back to article 'FIRST ever' Linux, Mac OS X-only password sniffing Trojan spotted

Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted …

COMMENTS

This topic is closed for new posts.
  1. keithpeter Silver badge
    Linux

    Could THIS be the year of the Linux desktop?

    Platform being targeted by trojans...

    ...time to check where the uploaded packets are going I think

    1. Anonymous Coward
      Anonymous Coward

      Re: Could THIS be the year of the Linux desktop?

      https://en.wikipedia.org/wiki/Desktop_Linux#Year_of_Desktop_Linux

      So no,not yet....but Win8 will help it along.

    2. eulampios
      Thumb Down

      need to manually run it: proof of concept yet again

      You have to manually run it (allowing it to run with chmod in the first place) or worse to knowingly install it. Both of these things are hard to implement on the up-to-date GNU/Linux and *BSD systems unless a 0-vulnerability is known. You can install and run xinput <key-board-id> to capture all key pressings, BTW.

      Don't take Dr.Web's FUD for a sure thing.

      1. Wize

        Re: need to manually run it: proof of concept yet again

        All of us on here are less likely to get a virus than the average member of the public.

        The average member of the public doesn't know how to secure their computer properly (probably have more of a chance with Windows going by the number of users on Linux forums who reply 'RTFM' to general questions.)

        The average member of the public will click on any box that pops up when they think they are installing something fun, like a pink pony screensaver.

        Factor in the recent Java vulnerability (others will follow covering your currently installed software) and you aren't looking as safe as you thought you used to be.

        1. This post has been deleted by its author

          1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          @Wize - Re: need to manually run it: proof of concept yet again

          Could you please care to tell us why should we RTFM to the lazy user who just wants us to fix his problem while he doesn't even bother to read and (that's a tough one!) understand the documentation ? They should stay in Windows land where there are no manuals or documentation to be read. I don't want those users to come to Linux just for the sake of Linux desktop widespread adoption.

          Just to make myself clearly understood, as I Linux user I had the opportunity to be RTFMd but I used it to learn and improve my skills, both in Linux and in how to ask questions on support forums, no matter if it's Linux, Windows, Cisco or any other technology vendor.

          1. JDX Gold badge

            Re: @Wize - need to manually run it: proof of concept yet again

            >>Could you please care to tell us why should we RTFM to the lazy user

            And that sums up in a nutshell why Linux will never replace Windows; the users are dicks who shoot themselves collectively in the foot at every step.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Wize - need to manually run it: proof of concept yet again

              Windows users should be told to RTFM as well. Can you pass a driving test without knowing what, never mind where, a tyre/tire or accelerator/gas pedal is? That's the level of dumb we have to put up with.

          2. Anonymous Coward
            Anonymous Coward

            Re: @Wize - need to manually run it: proof of concept yet again

            come to linux - no support, but the community will embrace you - here's a fine example

        3. eulampios

          RTFM?

          To be honest, was not sure what that abbr. meant until googled it!

          1) I have never seen RTFM on any of Linux forums. There are tons of linux forums where things are explained for dumbies

          2) GNU/Linux and *BSD systems are still more secure for those who do not how to secure his/her computer properly. More precisely, there is no absolutely no rocket science here to follow : update your system whenever the update is available (just press that button!) and do not install anything outside of the repositories. Both of these thinks, although very clear to us, should be crammed into users' heads when they come from the Windows (95%) and Mac OS X world. User unfriendliness (reboot after most updates on M$ systems) and lack of repos on both is the ultimate reason for such behavior.

          As far as the Java or javascript vulns are concerned, just

          a) don't use Java (easy)

          b) use noscript, flash-killer, adblock across all platforms (easy)

          c) use AppArmor enabling firefox profile (fairly easy)

        4. Anonymous Coward
          Anonymous Coward

          Re: need to manually run it: proof of concept yet again

          I'm not convinced about your assertion of RTFMage. I have received friendly, courteous and above all helpful assistance from actual kernel hackers (the most friendly of whom is easily Jes Sorensen, who is a lovely chap). If you ask your question in a sensible way, include relevant information, and don't force people to real LOLcat or cross examine you to get the facts (i.e. exercise basic good manners), a lot of folks will be surprisingly helpful.

          Contrast this with the FreeBSD lot, when I was installing it on my Alpha, and couldn't get any console output on my DEC TGA, which was listed as supported by the default kernel. I enquired politely and clearly, detailing what I had done, and what I was using, and was told to "RTFM" in broken English. It turned out that there was a small bug that prevented it from working, in the end (after a slightly more grown-up dev looked into my problem, after I grumbled in response).

          (Oh, and don't even get me started on OBSD and Theo.. I thought my people skills were bad :D)

          1. Anonymous Coward
            Anonymous Coward

            Re: need to manually run it: proof of concept yet again

            Should have read "to reaD" LOLcat, dang nabbit.. Wish there was an "edit" button :)

    3. RICHTO
      Mushroom

      Re: Could THIS be the year of the Linux desktop?

      I wouldnt expect too many malware authors will be bothered until Linux hits at least 1% market share no matter how easy the Swiss Cheese of OSs is to hack....

      1. AlbertH
        Linux

        Re: Could THIS be the year of the Linux desktop?

        I wouldnt expect too many malware authors will be bothered until Linux hits at least 1% market share

        How does >90% of web servers grab you? Or ~100% of web routers?

        Clueless fanboi morons like you are welcome to their fundamentally insecure "operating systems" - the ones that are actually just silly computer games. Why don't you run off and let the grown-ups get on with real computing?

        Unix and its siblings are (effectively) invulnerable to malware. Sure enough you could (possibly) fool someone into downloading something malicious, but they would have to give it permission to run. It would also not have access to the operating system, as the OS is entirely divorced from the user files that could possibly be compromised.

        Go back to Windoze - you deserve it.

  2. El Cid Campeador
    Linux

    Had to happen

    It had to happen sooner or later. I hope they find the details on this thing and publish them soon, I'd like to see what common components between Linux and Apple's BSD/Mach mashup they're using.

    Of course, it could turn out that this thing must be manually installed or that it only runs in user space... in which case it's not a yawner but less unexpected.

    And I do suppose the envitable MS vs. the world flame war will erupt in 3.... 2.... 1....

    1. Anonymous Coward
      Anonymous Coward

      Re: Had to happen

      "Of course, it could turn out that this thing must be manually installed or that it only runs in user space... in which case it's not a yawner but less unexpected."

      Yeah, I reckon there's at least a chmod +x required somewhere to make it executable and even then I reckon it's still only user space - that is, until you enter your root password and then has it.

      I wonder if that recently reported Java vuln could be used to do the chmod +x and spread it though.

      Definitely need more info on this.

      1. Bill Neal
        FAIL

        Re: Had to happen

        "it's unclear how the trojan is designed to spread"

        also unclear how this AV company got their hands on it. Just because someone made a keylogger, that doesn't make it the 'FIRST ever' Linux, Mac OS X-only password sniffing virus.

      2. The BigYin

        Re: Had to happen

        "I reckon there's at least a chmod +x required"

        Almost certainly - which is why it is a trorjan and not a virus or a worm. Clue is in the name.

    2. peredur

      Re: Had to happen

      According to the site at the end of the link in the article:

      "It's not clear yet how the Trojan, which was added to the Dr.Web virus database as BackDoor.Wirenet.1, spreads. This malicious program is a backdoor that can work under Linux as well as under Mac OS X.

      When launched, it creates its copy in the user's home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65."

      So no details as to how it gets installed and no details as to how it's spread. Does this really merit an article? Because anybody can write a Linux virus - a shell script will do. The trick is getting it installed, giving it execute permissions and permissions to do its stuff.

      I'll start to worry when I find out it exploits a weakness in the OS that allows it to install itself by stealth and then escalate its privileges. Or when it somehow gets added to the Ubuntu repositories, of course.

      1. Anonymous Coward
        Anonymous Coward

        Re: Had to happen

        > Does this really merit an article?

        At least you can firewall off that IP address.

      2. Colin Brett

        Re: Had to happen

        "I'll start to worry when I find out it exploits a weakness in the OS that allows it to install itself by stealth and then escalate its privileges."

        Agreed. Except you should add "compile itself" as well. Unless a binary compiled on MacOS X will run on a Linux box and vice-versa. I strongly doubt that's even possible.

        Colin

    3. Naughtyhorse
      Mushroom

      Re: Had to happen

      hang on... id didnt have to happen at all!!!1!!11!!

      if i've read it once i've read it a thousand times, windoze boxes get virii cos they are crap, and the ppl who code for them smell of poo!

      linuxexexe on osexexex dont never get virii on account of them being super and smashing and programmed by angels and intrinsically resistant to anything bad.

      i thought it was bollocks then, glad to see you caught up at last.

      now if only there was a mature AV sector to help you out... or even some kind of system of regularly eradicating vulnerabilities as they become exposed....

      is that the sorta fing you are looking for :D?

      1. Flocke Kroes Silver badge

        Nothing new here

        Linux distributions already have regular security updates. I have heard Windows users complain that AV software smells of pooh so often that I am glad there is very little for Linux (There is some for filtering Microsoft malware out of email). In the Microsoft world, malware is installed and executed so it can hide and do damage before AV software can hunt for it. The rest of us don't run malware in the first place unless it is to test security.

        I have tried installing some but the install scripts got tripped up by little things like mounting /tmp and /var/tmp noexec. Trivial changes to the configuration like that make most Linux boxes more trouble than they are worth. There are plenty of more complex options available for high value targets to ensure that viruses have to be targeted to a specific organisation or machine.

        X86 is getting rare these days as much has been moved to AMD64, but my home also has MIPS and two incompatible flavours of ARM. Multiply that by the number of distributions and the users' choices about what software to use and you can see why Linux malware is just not as profitable as stuff for Microsoft even though some of the machines are very high value targets and Unix malware has been around longer:

        This is the Unix e-mail virus. It works on the honour system. Please send copies of this e-mail to your friends then delete a few files.

      2. El Cid Campeador
        WTF?

        Re: Had to happen

        Hmmm... not sure if joking or just Ballmerizing.....

      3. Anonymous Coward
        Anonymous Coward

        @Naughtyhorse - Re: Had to happen

        Frustrated Windows user, eh ? Chill out, there is life after Windows after all!

      4. Anonymous Coward
        Anonymous Coward

        Re: Had to happen

        It's not "virii". I would say "being pretentious and fucking up like that makes you look like a prat", but it's almost superfluous, looking at the rest of your execrable post.

    4. Anonymous Coward
      Anonymous Coward

      Re: Had to happen

      The GNU base system and daemons probably.

  3. vagabondo
    Meh

    trojan

    This article seems to be from a Dr Web press release:

    http://news.drweb.com/show/?i=2679&lng=en&c=14

    So far the only reported transmission method seems to be to get it from Dr Web and self-harm;

  4. Badvok
    Alert

    "Creating a strain of malware that infects Mac OS X and Linux machines but not Windows boxes seems, frankly, weird"

    Not if you consider that those two user bases, although small, are likely to have a higher personal disposable income.

    1. Anonymous Coward
      Anonymous Coward

      Only Linux users have

      a higher personal disposable income, Apple fans are wasting their money buying expensive iStuff from Apple so they should be the poorest from all crowd (Windows fans included).

  5. jai

    key logger?

    So does it pick up keystroke from the keyboard interface? or characters populating text fields on websites?

    Just wondering if utils like 1Password can be seen as a protection against this kind of attack, since they drop your password directly into the password field, the data isn't coming via the keyboard interface.

  6. Jamie Kitson

    an organisation that uses a mix of the two Unix flavours

    I can think of one rather large organisation that only uses Linux and Mac OSX.

    1. ChrisM
      Trollface

      Re: an organisation that uses a mix of the two Unix flavours

      Yes, Microsoft....

    2. Anonymous Coward
      Anonymous Coward

      Re: an organisation that uses a mix of the two Unix flavours

      That would be Google, wouldn't it.

  7. Michael H.F. Wilkinson Silver badge
    Joke

    Simple explanation for non-windows focus:

    The authors of this malware have all the complete set of passwords for windows boxes

  8. banjomike
    Thumb Up

    not Windows boxes seems, frankly, weird

    not if the hack author is a typical Linux/Apple fanbois who won't touch Windows because it is unsafe. Oh, wait...

  9. Anonymous Coward
    Anonymous Coward

    It's probably "cross-platform" in the sense that it uses *nix sockets and not Windows ones. I wish people would use cross-platform properly, to describe something that'll run on multiple architectures and not merely different OSes on the same platform.

    Writing a piece of Java code that runs on Linux and Windows is not exactly a challenge. *cough JVM cough*

  10. Anonymous Coward
    Anonymous Coward

    How it spreads...

    "Dear friend

    I hope you are well

    Please to run "sudo dpkg -i install makemoneyandpenisfast" on attached.

    For great money and health!

    "

    1. Vic

      Re: How it spreads...

      > Please to run "sudo dpkg -i install makemoneyandpenisfast" on attached.

      [vic@fortyniner ~]$ sudo dpkg -i install makemoneyandpenisfast

      [sudo] password for vic:

      sudo: dpkg: command not found

      Vic.

  11. PyLETS
    Linux

    Linux trojan is not news

    #!/bin/bash

    sudo rm -rf /

    #

    # now all you need to do is get some idiot to run this and enter their password.

    1. Peter Gathercole Silver badge

      Re: Linux trojan is not news

      Only if the idiot is authorized to do this in the sudo config. Unfortunately, many Linux distro's automatically put the first user set up during the installation into whatever group the sudo config. allows.

      It doesn't have to be this way!

      1. ChrisM

        Re: Linux trojan is not news

        Unfortunately as the population of linux and OSX users increases, the number of mouth-breathers who would blindly enter the root password blindly will increase...

        The vector of infection is usually those with the least technical ability. The only good thing is that in those OS's the need to enter that password cannot be overriden (as far as I know, please correct me otherwise), at least yet..

        1. Angry clown

          @ChrisM - Re: Linux trojan is not news

          Sadly, the population of Linux users is still not increasing and I doubt it will ever do. We're the same number we were a couple of years ago. Not that I feel bad about it or lonely. I guess we're becoming like those who prefer to build/drive custom cars in that only those who really want to be like us will join us and it's nothing wrong or special about it.

          And you're absolutely right about carelessly using the root password and let's pray Gnome and KDE and other WM devs will not goof for the sake of mimicking you all know who.

        2. Vic

          Re: Linux trojan is not news

          > the need to enter that password cannot be overriden

          That's trivially over-ridden.

          But to do so, you need to understand the sudoers file. Which means understanding the ramifications of such a thing. And that's why, quite often, a sysad says "no" when asked to do something[1].

          Vic.

          [1] For example, I installed MediaWiki for a customer once. The first thing he tried to do was to write a load of PHP in the pages to run his advertising scripts. He was furious when that didn't work, and *demanded* that I make PHP work in wiki pages. I told him I'd need written instructions before I'd do that...

      2. eulampios

        sudo != su

        Unfortunately, many Linux distro's automatically put the first user set up during the installation into whatever group the sudo config.

        And what is your problem with that? "sudo" is not "su"! Do you realize that?

        Also, with that bash virus you need to get it chmod'ed ( unless to be run with bash ~/virus ) and provide the password :

        <code>

        #/bi/bash

        echo "Please provide your password so we could erase your system. Thank you! "

        sudo rm -fr /

        echo "Now you can shut down this system for the last time ;( Bye now"

        exit 0

        </code>

        1. eulampios

          this won't even run with this shabang

          Should have typed it in Emcas with shell-mode enabled:

          #!/bin/bash

        2. Anonymous Coward
          Anonymous Coward

          Re: sudo != su

          Sudo may not be su, but the default behavior on many linux distros is as near as makes no odds. The problem is:

          sudo su -

          If you can su to root only using your own password, or even without a password it's game over for the security of your system.

          1. eulampios

            Re: sudo != su

            sudo su -

            Why not just "sudo -i"?

            If you can su to root only using your own password, or even without a password it's game over for the security of your system.

            Why without a password? What is the problem?

    2. RICHTO
      Mushroom

      Re: Linux trojan is not news

      Well at least you can upgrade to Windows after it finishes cleaning your HDD....

  12. Anonymous Coward
    Anonymous Coward

    Expect to read more BS FUD stories like this until Windows 8 comes out.

    1. RICHTO
      Mushroom

      Expect to see far more of them after Windows 8 comes out. Secure boot = much harder to root kit or compromise the kernel. Therefore Linux amd Mac viruses will become the new focus of Malware writers.

      After all OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500. to put that in perspective, XP has about 450 and Windows 7 about 200....

      i.e. they are Swiss Cheese compared to current Windows versions...(See Secunia.org)

      1. Anonymous Coward
        Anonymous Coward

        "Expect to see far more of them after Windows 8 comes out."

        So your argument would be that malware authors will target just a small percentage of users whilst the majority are protected by W8 ???

        Ha,Ha,Ha

        Wrong on SO many levels

      2. Anonymous Coward
        Anonymous Coward

        "OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500"

        About the same number of downvotes you've collected in ~ 2 months I'd guess

        1. Anonymous Coward
          Anonymous Coward

          Re: "OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500"

          It gets tiring down voting the schill. He spews such nonsense, only a fan could stand to have their logic so insulted.

      3. Anonymous Coward
        Anonymous Coward

        @RICHTO - Not so sure!

        Secunia is a Windows only company so I don't count them as security experts in *nix.

        As for the rootkits, they are a straw man. Secure boot is to force you to upgrade to whichever version of Windows Microsoft wants and also to stop you from running the version you already have.

      4. diazamet
        Mushroom

        Let's expand on the information you supplied...

        If we look at your source of information for OS security vulnerabilities, and post the rest of the information to neglected to mention:

        Windows 7:

        Most Critical Unpatched

        The most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated *Highly critical *.

        OSX:

        No information listed.

        SUSE 10:

        Most Critical Unpatched

        There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

        Also, if you include Ubuntu in your information:

        Affected By 62 Secunia advisories

        251 Vulnerabilities

        Monitor Product Receive alerts for this product

        Unpatched 0% (0 of 62 Secunia advisories)

        Most Critical Unpatched

        There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

      5. Synja

        @RICHTO

        You can't compare the overall number of vulnerabilities for any meaningful purpose. The real problem is how you define a "Linux" vulnerability. If a remote code execution vulnerability is discovered in.... Sendmail for example... is that a Linux issue, or a sendmail issue? What about the users who use Postfix or any other MTA? How do you compare issues across multiple kernel types? I'd venture to say that the Windows kernel has had *far* fewer vulnerabilities than the Linux kernel, but can you really compare security issue within a monolithic kernel with those in a pseudo-microkernel? Even if you could... who gets the blame for bad drivers written by an OEM?

        I highly doubt there are anywhere near 3500 vulnerabilities in the "core" of SuSE, but I could certainly see that across their entire repository. If Microsoft or Apple had the equivalent, they'd be up there too.

        1. eulampios
          Linux

          @Synja

          Good point, Synja. Plus, the remote arbitrary vulnerabilities are fortunately still very rare for the repositories even with such immense scale. Those ones are fixed right away without letting it there to linger for month(s), like some companies in Redmond and Cupertino do quite often

      6. jack.mitchell

        "After all OS-X has ~ 1700 known vulnerabilities and SUSE 10 ~ 3500. to put that in perspective, XP has about 450 and Windows 7 about 200....

        i.e. they are Swiss Cheese compared to current Windows versions...(See Secunia.org)"

        Ah, so that is why they are using Linux+Apache to server thier website!

        1. James Hughes 1

          Shill?

          Click on RICHTO 's name and get a listing of all his posts. This person does NOT like Linux/Unix one bit.

      7. Anonymous Coward
        Boffin

        "Secure boot = much harder to root kit or compromise the kernel."

        > Expect to see far more of them after Windows 8 comes out. Secure boot = much harder to root kit or compromise the kernel.

        That may hold true, if, and only if, there are no bugs. If you look at the sources for the Linux ACPI implementation, you'll see plenty of examples of bugs in ACPI that have had to be worked around in software. Add to this the number of UEFI-enabled systems out there where the UEFI firmware plain just doesn't work (because Windows 7 and earlier don't use it, it has never been tested)... In short I can see this ending badly.

        That said, I do take your point that the number of such attacks will rise as the "alternative" platforms become "mainstream". The tough bit about Linux is that the "fragmentation" of the community makes it a more difficult target ... a Slackware user is unlikely to get duped into a social engineering bug targetting Ubuntu for example.

  13. Steve Knox
    Joke

    Open Source?

    Shurely, to comply with the GPL, the trojan's authors have had to make the source code available?

  14. toadwarrior

    My guess is some anti-virus company maked this to try to drum up business or some windows fanboy who is butt hurt over the fact he loves the least safe OS.

    Either way I suspect it's not real harm unless you like running random bits of unknown code.

  15. corrodedmonkee

    Or this could be a mere proof of concept for something more sinister aimed towards Android and iOS?

  16. Anonymous Coward
    Anonymous Coward

    Linux trojan ? Utter rubbish!

    I'm no longer a Linux newbie and I'm very familiar with packages, dependencies and compiling from source and as an example, I still find installing VMware Player on the latest Fedora a serious threat for mental health. If anyone tries to tell me the malware guys will come up with a way of installing that trojan smoothly then I would suggest VMware to hire them and pay them a five figure salary.

    1. RICHTO
      Mushroom

      Re: Linux trojan ? Utter rubbish!

      Thats true of installing pretty much anything on Linux.

      Have you tried installing the streaming Office 2013 preview? Amazing stuff. You can launch an Office App in less than a minute while it carries on installing in the background. Good luck reproducing that on Linux.....

      1. Chemist

        Re: Linux trojan ? Utter rubbish!

        Any fool can install a trojan - so you should have no trouble !

      2. eulampios

        no office 2013 for Linux

        You can launch an Office App in less than a minute while it carries on installing in the background. Good luck reproducing that on Linux.....

        Wow, this is very awesome!

        Noway you can reproduce it on Linux, 'cause MS doesn't make... yeah, and even if it did, noone would allow thi sh#t on his/her Linux.

        However, I boot into Ubuntu or LMDE in about 25-30 seconds off my flashdrive and LibreOffice will start in another 5-10 seconds if launched right away. The full installation (with LibreOffice) of LMDE (Linux Mint Debian) took 12 minutes on a low-end 4 year old laptop.

      3. James Hughes 1

        Re: Linux trojan ? Utter rubbish!

        Er, why the f**k would I want to launch an office app whilst it's still installing? Is it really so important to get that PP presentation ready I need to do that? Once installed, they all start up in about the same time, so it's only during install this makes any difference whatsoever.

        This has got to be one of the weirdest 'features' I've ever heard of.

  17. Madboater
    Joke

    Internet Explorer

    I notice that IE was not on the list of browsers, must be more secure than any of the others...

    1. Anonymous Coward
      Anonymous Coward

      Re: Internet Explorer

      Indeed, because it's a major pain in the arse to install on Linux. I speak from personal experience.

    2. RICHTO
      Mushroom

      Re: Internet Explorer

      IE9 certainly has fewer security vulnerabilities than any other major browser.

      1. Howard 1
        Trollface

        Re: Internet Explorer

        Upvoted. For the lulz.

  18. Lars Silver badge
    Linux

    Funny

    I wonder why those stupid virus writers are so unaware of the fact that Linux is number one among the supercomputers, the stock exchange, the internet infrastructure, Google, Facebook, Twitter, Linkedin and so forth.

    Better this way of course. Or could it just be that it is harder.

    1. RICHTO
      Mushroom

      Re: Funny

      They are aware. Have you looked at what happens to those servers when they are internet facing lately?

      http://www.zone-h.org/news/id/4737

      1. Anonymous Coward
        Anonymous Coward

        @RICHTO - Re: Funny

        Yep! They are the only servers having the courage to face the Internet. Windows stopped doing that a long time ago. http://news.netcraft.com/archives/2012/08/02/august-2012-web-server-survey.html But they are secure, trust Steve.

        1. RICHTO
          Mushroom

          Re: @RICHTO - Funny

          Look at the number of Windows servers versus the number of Linux ones. Then look at the hacking statistics. You are far more likly to be hacked runing a Linux box as an internet facing server even allowing for the greater number of Linux servers....

      2. Steve Knox
        Pint

        @RICHTO

        There are other icons, my dear chap.

        1. RICHTO
          Mushroom

          Re: @RICHTO

          Sure, but it lets me find my posts nice and easily. And it makes sure the Linux sheep that downvote them all read them as well.

          1. James Hughes 1

            Re: @RICHTO

            You really are a twat!

          2. eulampios
            Happy

            Re: @RICHTO

            Dear RICHTO,

            you can use the link "My posts" on you right. To navigate more quickly, just use the find function in your browser with the "RICHTO" keyword. Even IE9 has it :)

            Many of us including me do enjoy your post. Thanks.

  19. Anonymous Coward
    Trollface

    Like Pavlov's Dogs

    Out come all the Linux/Mac fanboys to engage in mutual male bird mouth action, make fun of Windows users and by so doing provide one example of why their religion is in such a minority.

    Carry on guys, you're worth a fortune to Microsoft.

  20. Spoddyhalfwit

    The likelihood of a system being hacked is going to increase if

    1) the admin is poorly skilled

    2) the system is popular enough to warrant the attention of malware writers

    On the desktop windows has mass market share so malware writers will put most resources to it. Linux is still the preserve of geeks on the desktop, so fewer schoolboy errors like blindly installing something because a pop up asked you to.

    In the server world it's a different matter... Linux has the highest market share. Many poorly skilled users using windows on the desktop use cheap Linux web hosting, run unpatched Wordpress, set permissions wrong to get something to work, etc. So it no surprise to see more hacked websites running on Linux. The fewer windows servers are more likely to be run by professional corporate admins.

    The biggest problem is gullible and poorly skilled users. At present most use windows but as they migrate to Linux, OSX and android the problems will follow them.

  21. Chris007
    Trollface

    Let me correct that title for you

    'FIRST ever' Linux, Mac OS X-only password sniffing Trojan spotted

    Should be

    'Linux, Mac OS X-only password sniffing Trojan spotted for the first time"

    Are you sure it's the "FIRST ever"...

  22. Peter Snow

    Call me a sceptic, but it sounds to me like some anti-virus firm just got tired of Linux users not buying their product, so they thought they would write a virus to encourage them!

    A virus which you have to install and chmod +x is not "Proof of Concept" it's more like proof that it won't work!

    Stories like this make me feel ever more confident that I don't yet need to run anti-virus software on a Linux desktop.

  23. Crisp
    Coat

    If I were a criminal, I'd definitely target linux desktops

    It's like a huge unspoilt virgin wilderness, full of wallets to pilfer.

    That's not my coat. I'm just going through the pockets.

    1. Anonymous Coward
      Anonymous Coward

      Re: If I were a criminal, I'd definitely target linux desktops

      There is at least the reasoning that in targeting Linux and MacOS you are targeting a lot of users with a mindset of "my system doesn't have viruses, trojans or malware and it's much more secure than Windows", which leads to a lack of vigilance and general complacency in security.

      1. RICHTO
        Mushroom

        Re: If I were a criminal, I'd definitely target linux desktops

        Nah, it's because its a lot more fun. Such users find it a lot more irritating after claiming for years that such systems were secure....

    2. RICHTO
      Mushroom

      Re: If I were a criminal, I'd definitely target linux desktops

      But they are cheapskates running a 'free' OS. Probably they dont have any money not already converted to pot noodles and lentils....

  24. ffreading

    Uh oh, you mean to tell me that they've taken over our safety zone. This can't be good. Looks like it's time to create a new OS...

    -andrew

    http://www.failurefreeonline.com/home

This topic is closed for new posts.

Other stories you might like