"Linux users targeted by password-stealing Wirenet Trojan"
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Malware writers are interested in Linux after all. Russian security firm Dr Web has reported finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.
Technical details of Wirenet.1’s operation and technique for spreading are sparse for now, but the company reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin.
The first Trojan in history to steal Linux and Mac OS X passwordsAugust 22, 2012 Russian anti-virus company Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications. BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.
It's not clear yet how the Trojan, which was added to the Dr.Web virus database as BackDoor.Wirenet.1, spreads. This malicious program is a backdoor that can work under Linux as well as under Mac OS X.
When launched, it creates its copy in the user's home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.
Hopefully users/members will read the above linked pages.
Cross platform may be only because of an issue that is common to these. "Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin." And that the call or program is calls is in both OSx and Linux. So the issue is more the applications are at fault.
Gazl: Thanks for posting the H article. Before I read it, I was ready to dismiss this as an outright lie fabricated by DrWeb. If every story I read about this "malware" used DrWeb as its source, what else was I supposed to conclude?
Personally, I believe that everyone should be aware of potential problems instead of sticking their heads in the sand. It is just a matter of time before someone will take advantage of someone using OSX or a Gnu/Linux. Protection is very important no matter which OS you are using. The old thought was that Gnu/Linux is safe. We are aware of rootkits and now the possibilities of malware via our browsers.
Users should be careful and set their systems up securely and use good password protections along with good system practices.
The presented sites do have some questionable information but we should not flat out ignore. Verify it! No FUD.
Onebuck's comments deserve to be read and re-read dozens of times. Bear in mind that the most easily-exploited computer around is the one that's located in-between two earlobes. But you can very easily stymie any sort of rogue program simply by exercising a thimble-ful of common sense ... which is the one thing that "wetwear" (i.e. your brain) has in abundance, of which a digital computer has none at all.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by sundialsvcs
Onebuck's comments deserve to be read and re-read dozens of times. Bear in mind that the most easily-exploited computer around is the one that's located in-between two earlobes. But you can very easily stymie any sort of rogue program simply by exercising a thimble-ful of common sense ... which is the one thing that "wetwear" (i.e. your brain) has in abundance, of which a digital computer has none at all.
+1 common sense is the key. Ignoring things or, on the opposite end of the scale, spreading FUD does not help anyone.
No offense but I believe developers of this trojan sure are laughing at posts/mentality of people inquiring of antivirus programs such as ClamAV being able to detect it. Let's face it. Unix, being the first OS has been compromised, I believe, since the 80s, when rootkits began. Or was it the early 90s. Either way, there is no such thing as security..anywhere, even physical security...just LAYERS of security. The more layers, the harder it is to get in. In the past, we didn't have internet browsers and GUIs. Unix was just a terminal, offering whatever application that ran on there. Now its Linux. Its better but the end user is now able to become root since everyone owns a laptop and/or a desktop. Back then there was only 1 main machine being root with no internet browsing, GUI, etc and that was hard to compromise but not impossible. If you are an end user using Linux as a desktop, it's not all different than windows when browsing/downloading. Assume you will get a trojan or a rootkit installed without warning. That's my mentality. Even banks get hacked and they probably have the most secure system around so i doubt your latest ubuntu, centos or debian GUI is any safer.
Are you afraid now? Were you hoping Linux would never get hacked? The question is...what do YOU have that attackers want? Credit cards? Bank info? The real solution is..to mitigate these possible areas of interest the other way. Don't bank online. Disable debit/ATM cards linked to your main account. Don't allow outbound transfers without first contacting you. Add some additional security to your accounts. Open another bank account with a debit card, and keep 1-2k in it MAX, depending on your level of finance. If you're rich and spend $100k a day, you shouldn't be reading this in the first place. I had an unauthorized charge on my card and I thought I was super secure. Guess what? You swiped that card at the gas station or grocery store? It was the guy at the gas station or grocery store who stole your identity, used your card fraudulently or whatever. We have too much technology and way too many hackers. Criminals moved from the streets to the computers. If you have EXTREMELY sensitive MILITARY/GOVT stuff on your computer, it shouldn't even be connected to the internet to begin with!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.