LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 09-03-2012, 09:48 AM   #1
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,122
Blog Entries: 3

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
"Linux users targeted by password-stealing Wirenet Trojan"


Hi,

Linux users targeted by password-stealing Wirenet Trojan is a article that some may find interesting;
Quote:
Malware writers are interested in Linux after all. Russian security firm Dr Web has reported finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.
Technical details of Wirenet.1’s operation and technique for spreading are sparse for now, but the company reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin.
Dr Web has reported;
Quote:
The first Trojan in history to steal Linux and Mac OS X passwords August 22, 2012
Russian anti-virus company Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications. BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.
It's not clear yet how the Trojan, which was added to the Dr.Web virus database as BackDoor.Wirenet.1, spreads. This malicious program is a backdoor that can work under Linux as well as under Mac OS X.
When launched, it creates its copy in the user's home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.
Hopefully users/members will read the above linked pages.

Other useful links in Links for Helpful Linux articles & books

Last edited by onebuck; 05-26-2013 at 10:12 AM. Reason: add link
 
Old 09-03-2012, 10:55 AM   #2
jefro
Guru
 
Registered: Mar 2008
Posts: 11,340

Rep: Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386Reputation: 1386
Cross platform may be only because of an issue that is common to these. "Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin." And that the call or program is calls is in both OSx and Linux. So the issue is more the applications are at fault.
 
Old 09-03-2012, 11:10 AM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,367

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
The H article on this is worth a read:
http://www.h-online.com/security/new...n-1697425.html

Don't think there is much to worry about for anyone who follows sensible precautions.
 
3 members found this post helpful.
Old 09-03-2012, 12:58 PM   #4
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by GazL View Post
The H article on this is worth a read:
http://www.h-online.com/security/new...n-1697425.html

Don't think there is much to worry about for anyone who follows sensible precautions.
That describes much better what it is. It is interesting, but I'm not sure it is a major threat. I can't find whether clamav detects it or not.
 
Old 09-03-2012, 01:56 PM   #5
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
...

Last edited by NyteOwl; 09-03-2012 at 01:59 PM.
 
Old 09-03-2012, 03:38 PM   #6
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,159
Blog Entries: 4

Rep: Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760Reputation: 760
Quote:
Originally Posted by H_TeXMeX_H View Post
...I can't find whether clamav detects it or not.
Seems not.
https://www.virustotal.com/file/1c4b...is/1346436576/
 
1 members found this post helpful.
Old 09-03-2012, 04:31 PM   #7
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,614

Rep: Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415Reputation: 1415
Previous thread:
http://www.linuxquestions.org/questi...ux-4175425165/

Gazl: Thanks for posting the H article. Before I read it, I was ready to dismiss this as an outright lie fabricated by DrWeb. If every story I read about this "malware" used DrWeb as its source, what else was I supposed to conclude?

Last edited by dugan; 09-03-2012 at 05:58 PM.
 
Old 09-03-2012, 06:20 PM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,122
Blog Entries: 3

Original Poster
Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
Member Response

Hi,

Personally, I believe that everyone should be aware of potential problems instead of sticking their heads in the sand. It is just a matter of time before someone will take advantage of someone using OSX or a Gnu/Linux. Protection is very important no matter which OS you are using. The old thought was that Gnu/Linux is safe. We are aware of rootkits and now the possibilities of malware via our browsers.

Users should be careful and set their systems up securely and use good password protections along with good system practices.

The presented sites do have some questionable information but we should not flat out ignore. Verify it! No FUD.
 
2 members found this post helpful.
Old 09-04-2012, 12:44 PM   #9
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
It's too bad clamav can't detect it. Any other way to detect it ?
 
Old 09-04-2012, 01:13 PM   #10
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,330

Rep: Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100Reputation: 1100
Onebuck's comments deserve to be read and re-read dozens of times. Bear in mind that the most easily-exploited computer around is the one that's located in-between two earlobes. But you can very easily stymie any sort of rogue program simply by exercising a thimble-ful of common sense ... which is the one thing that "wetwear" (i.e. your brain) has in abundance, of which a digital computer has none at all.
 
1 members found this post helpful.
Old 09-06-2012, 10:08 PM   #11
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, FreeBSD 10.0, CRUX 3.1
Posts: 3,012
Blog Entries: 15

Rep: Reputation: 756Reputation: 756Reputation: 756Reputation: 756Reputation: 756Reputation: 756Reputation: 756
Hmmm...
 
Old 09-06-2012, 10:27 PM   #12
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with Slackware 14.
Posts: 2,617

Rep: Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552
Quote:
Originally Posted by sundialsvcs View Post
Onebuck's comments deserve to be read and re-read dozens of times. Bear in mind that the most easily-exploited computer around is the one that's located in-between two earlobes. But you can very easily stymie any sort of rogue program simply by exercising a thimble-ful of common sense ... which is the one thing that "wetwear" (i.e. your brain) has in abundance, of which a digital computer has none at all.
+1 common sense is the key. Ignoring things or, on the opposite end of the scale, spreading FUD does not help anyone.
 
Old 09-09-2012, 05:59 AM   #13
rootaccess
Member
 
Registered: Mar 2012
Posts: 211

Rep: Reputation: Disabled
No offense but I believe developers of this trojan sure are laughing at posts/mentality of people inquiring of antivirus programs such as ClamAV being able to detect it. Let's face it. Unix, being the first OS has been compromised, I believe, since the 80s, when rootkits began. Or was it the early 90s. Either way, there is no such thing as security..anywhere, even physical security...just LAYERS of security. The more layers, the harder it is to get in. In the past, we didn't have internet browsers and GUIs. Unix was just a terminal, offering whatever application that ran on there. Now its Linux. Its better but the end user is now able to become root since everyone owns a laptop and/or a desktop. Back then there was only 1 main machine being root with no internet browsing, GUI, etc and that was hard to compromise but not impossible. If you are an end user using Linux as a desktop, it's not all different than windows when browsing/downloading. Assume you will get a trojan or a rootkit installed without warning. That's my mentality. Even banks get hacked and they probably have the most secure system around so i doubt your latest ubuntu, centos or debian GUI is any safer.

Are you afraid now? Were you hoping Linux would never get hacked? The question is...what do YOU have that attackers want? Credit cards? Bank info? The real solution is..to mitigate these possible areas of interest the other way. Don't bank online. Disable debit/ATM cards linked to your main account. Don't allow outbound transfers without first contacting you. Add some additional security to your accounts. Open another bank account with a debit card, and keep 1-2k in it MAX, depending on your level of finance. If you're rich and spend $100k a day, you shouldn't be reading this in the first place. I had an unauthorized charge on my card and I thought I was super secure. Guess what? You swiped that card at the gas station or grocery store? It was the guy at the gas station or grocery store who stole your identity, used your card fraudulently or whatever. We have too much technology and way too many hackers. Criminals moved from the streets to the computers. If you have EXTREMELY sensitive MILITARY/GOVT stuff on your computer, it shouldn't even be connected to the internet to begin with!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
unique password for "update" and "synaptic" and "apt-get" SaintDanBert Linux - Security 1 09-17-2010 04:53 AM
How do I disable "shutdown" and "restart" options in KDE logout screen for all users? maxgsp Linux - Distributions 1 12-12-2008 03:18 PM
Who recognizes this: "trojan.linux.rst.b"? missyou4417 Linux - Security 9 04-24-2008 04:19 PM
"adduser" not adding users to default group "users" PunkPT Slackware 2 09-23-2004 11:50 AM


All times are GMT -5. The time now is 12:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration