LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-06-2012, 07:23 AM   #1
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu
Posts: 308

Rep: Reputation: 31
Question Flashback trojan threat ?


Comments please, on the vulnerability of linux to this bit of malware going 'round.
Your thoughts are welcome and appreciated.


"Flashback trojan captures over half a million Macs" This headline was copied from a 'Tech-site'.

Matthew
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-06-2012, 08:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by drmjh View Post
Comments please, on the vulnerability of linux to this bit of malware going 'round.
See http://www.f-secure.com/v-descs/troj...shback_i.shtml for details wrt Mac. Sure Java is vulnerable and sure it doesn't help those poor rich OSX users that Apple as usual is being slow fixing things but the exploit thrives on user gullibility. See http://www.oracle.com/technetwork/to...12-366318.html for a change list. Correct me if I'm wrong but I don't see anything Mac-specific there.
 
Old 04-06-2012, 01:12 PM   #3
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu
Posts: 308

Original Poster
Rep: Reputation: 31
Smile flashback-java vulnerability

Dear unSpawn,
Thank you for your comments. My question is not about Macs but about Java which I have enabled and the fact that MacOs is unix based. I will be sure follow up on the sites you recommend.
Matthew
 
Old 04-06-2012, 01:18 PM   #4
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fedora-30
Posts: 5,289

Rep: Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916
Quote:
Originally Posted by unSpawn View Post
See http://www.f-secure.com/v-descs/troj...shback_i.shtml for details wrt Mac. Sure Java is vulnerable and sure it doesn't help those poor rich OSX users that Apple as usual is being slow fixing things but the exploit thrives on user gullibility. See http://www.oracle.com/technetwork/to...12-366318.html for a change list. Correct me if I'm wrong but I don't see anything Mac-specific there.
macafee released a patch for the os-x bug. [mod removed malicious advice]

Last edited by onebuck; 04-07-2012 at 08:57 AM. Reason: malicious advice
 
Old 04-07-2012, 09:09 AM   #5
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: SlackwareŽ
Posts: 13,609
Blog Entries: 34

Rep: Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790
Moderator response

Hi,
@schneidz

You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action.

Do not do this again! Or you will suffer more than just an infraction or warning.
 
2 members found this post helpful.
Old 04-07-2012, 09:15 AM   #6
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292
Why is this in Linux General if it affects OSX ?
 
Old 04-07-2012, 09:27 AM   #7
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,582

Rep: Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349
Quote:
Originally Posted by H_TeXMeX_H View Post
Why is this in Linux General if it affects OSX ?
I think the original question is whether this could affect Linux. Since it's a bug in Java which works for both Windows and OSX it is, perhaps, worth asking whether it could be exploited in Linux also.
 
1 members found this post helpful.
Old 04-07-2012, 10:25 AM   #8
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292
From what unSpawn posted it seems to affect only OSX so far.
 
Old 04-07-2012, 10:35 AM   #9
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,582

Rep: Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349Reputation: 2349
Quote:
Originally Posted by H_TeXMeX_H View Post
From what unSpawn posted it seems to affect only OSX so far.
Yes, we know.
Do you know whether the Java exploit is present in the Linux build? Does the Mac variant do anything if opened using Linux?
 
1 members found this post helpful.
Old 04-07-2012, 10:52 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by H_TeXMeX_H View Post
From what unSpawn posted it seems to affect only OSX so far.
No, you've read it wrong. The F-secure page describes the exploit according to what's been found In The Wild because the exploit currently is available for Mac only. The Oracle change list does not show anything platform-specific.

* The Oracle page also contains a list of CVE identifiers. So if you have a CVELIST=$('links -dump $URI | awk '/\| CVE-20/ {print $2}'|xargs;') then depending on your distribution you could check if those require fixing and if they are yourself. Per-CVE details are at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-yyyy-nnnn (or www.cvedetails.com/cve/CVE-yyyy-nnnn/) for Red Hat / Centos / Scientific Linux see https://access.redhat.com/security/cve/CVE-yyyy-nnnn (or 'yum --cve CVE-yyyy-nnnn'), for SuSE see support.novell.com/security/cve/CVE-yyyy-nnnn.html, for Ubuntu see people.canonical.com/~ubuntu-security/cve/CVE-yyyy-nnnn, for Debian and .*BSD see http://cvechecker.sourceforge.net and for others, well, you either know how to find your distributions SO bulletins or CVE listings yourself already or your distro maintainer(s) simply may not care.
 
1 members found this post helpful.
Old 04-07-2012, 11:20 AM   #11
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fedora-30
Posts: 5,289

Rep: Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916
Quote:
Originally Posted by onebuck View Post
Hi,
@schneidz

You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action.

Do not do this again! Or you will suffer more than just an infraction or warning.
sorry, it was meant to be an obvious joke but i see how it wouldnt be obvious to someone who isnt very computer literate.

my point was that this exploit was a trojan that duped users into typing in their administrator password -- even the best security succumb to human ignorance.

Last edited by schneidz; 04-07-2012 at 11:27 AM.
 
1 members found this post helpful.
Old 04-07-2012, 12:32 PM   #12
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292
I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.
 
1 members found this post helpful.
Old 04-07-2012, 01:48 PM   #13
ronlau9
Senior Member
 
Registered: Dec 2007
Location: In front of my LINUX OR MAC BOX
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369

Rep: Reputation: Disabled
It is not OS X specific .
If you are still running Java with that bug than it can effect you're system .
So if you are not running OS X install the latest version of JAVA ,
Apple used her own version of JAVA , and she was very late in patching JAVA for OS X .
 
1 members found this post helpful.
Old 04-08-2012, 09:29 AM   #14
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,545
Blog Entries: 14

Rep: Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387Reputation: 3387
Quote:
Originally Posted by H_TeXMeX_H View Post
I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.
And who's to say one hasn't been?

BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability.
 
1 members found this post helpful.
Old 04-08-2012, 11:01 AM   #15
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292Reputation: 1292
Quote:
Originally Posted by GazL View Post
And who's to say one hasn't been?

BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability.
I have removed it completely, because I don't trust it and don't need it.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
flashback linux 4 aamerjavaid Linux - Newbie 9 09-07-2011 03:44 AM
Trojan.Malscript.C ciberrust Linux - Server 1 02-18-2010 03:15 PM
LXer: Microsoft's Courtroom Flashback LXer Syndicated Linux News 0 12-02-2006 12:03 PM
Windows ME is a Trojan HadesThunder General 12 04-16-2004 11:34 PM
Possible Trojan ! FreeFox Linux - General 4 08-03-2003 08:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration