Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im not sure how this article passed any quality control checks or editors, but bausically its just complete bullshit. Spend your time worrying about real threats that exist, not this drivel.
(There is no virus that will infect a compter that is unplugged. And no such thing as a virus that will spread from speaker to microphone.)
In defense of the article, it doesn't actually say that the virus can infect an airgapped computer, just that the malware in question is able to spread via USB devices, and that infected computers may be able to communicate via ultrasonic sound waves.
The evidence for the ultrasonic communication far from solid. The security researcher in question claims to have observed two unplugged, infected computers (without WiFi or Bluetooth) in close proximity communicating until he unplugged the microphone. So why didn't he simply record the supposed ultrasonic sounds and slow the recording down to shift the frequencies into the audible range?
A sensationalist article for sure, but not quite as far-fetched as the initial reports from other media suggested.
The title of the article is "malware that jumps airgaps," so I'd have to disagree with your first statement.
And if you didn't read that part, I'm almost certain you didn't read farther into the article. But I'm certainly not suggesting you waste any of your time doing so. None of it has any basis in reality.
I have of course read the entire article carefully. The "airgap jumping" refers to communication between already infected nodes, not a mechanism used by the virus for infecting new hosts.
The security researcher reporting this malware is not some random nobody. He could still be wrong, but nothing in the report is straight-out impossible, just unlikely for your average, garden-variety malware.
The malware in question (assuming it exists) would have to be vastly more complex than the viruses or trojans infecting the average Windows PC, but we've already seen malware with extremely complex payloads (Stuxnet) and advanced mechanisms for spreading from one host to another.
Im not sure how this article passed any quality control checks or editors, but bausically its just complete bullshit.
While the article itself certainly has a ring to it reminiscent of spy novels and doesn't reveal much in terms of actual facts I wonder what facts you based your ace assessment on? If you've never done that kind / level of auditing / forensics then what is your opinion actually worth?..
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I think the "jumping airgaps" thing should never have got past the editor. It's an appalling insinuation that machines can be infected using something like ultrasonic communication that is only clarified by weak inferences in the article. One could easily read that article and still come away thinking they were talking about infection by ultrasound and that, in my opinion, shows the editor up as not qualified to do the job they are in.
As for the content when translated from sensationalist bull double-speak I find some of it vaguely plausible but tend towards the opinion that somebody in the lab is deliberately infecting machines once they've been cleaned. I always go for the "simplest is usually the case" explanations and would, in tihs case, be looking for an insider with a grudge.
One thing forensics has taught me is that it is too easy to miss evidence based on assumptions and too easy to taint evidence by not being thorough enough. That's why old timers in this forum often remind people to base things on facts and facts alone. What is clear is that nobody talking about it on the 'net has all the facts the "victim" seems to possess. And without those only conjecture remains.
I sense at leasta #CLASSIFIED#-Million Dollar ##CLASSIFIED## Military Contract here ... ...
Hey, all I actually need to do is "to convince Representative So-And-So from California, who is up for re-election," that "(s)he will gainfully employ #CLASSIFIED# Registered Voters from his/her District" in the "#CLASSIFIED#-Million Dollar Contract" to Certify Every One of the US Government's Homeland-Security ("nine-wun-wun! nine-wun-wun! nine-wun-wun!") Systems are immune to This Imagined Threat!
"Don't laugh" ... because I'm not.
'So-and-so' gets re-elected ... and meanwhile, I walk away with #CLASSIFIED# #CLASSIFIED#ions of Dollars! (So, who came out ahead? "Yep! You gue$$ed it!")
Last edited by sundialsvcs; 11-04-2013 at 05:03 PM.
One thing forensics has taught me is that it is too easy to miss evidence based on assumptions and too easy to taint evidence by not being thorough enough. That's why old timers in this forum often remind people to base things on facts and facts alone. What is clear is that nobody talking about it on the 'net has all the facts the "victim" seems to possess. And without those only conjecture remains.
But this: "Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords ... were removed" is not true in any way, and that is not conjecture on my part. It is a fact of our reality.
At least it is my opinion that it is.
Last edited by szboardstretcher; 11-05-2013 at 07:52 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.