new malware that targets Linux
http://www.forbes.com/sites/anthonyk...nd-keystrokes/
I guess I have not been infected with this malware: my home directory does not contain the offending file. I was just wondering: since we apparently know what server the malware file communicates with, will someone trace the geographical location of that server and arrest the owner? |
Wow. Is it me or is that a Phishing scam on Forbes?
|
Quote:
|
It has all the hallmarks of it. The file you're supposed to look for isn't even a hidden file, and the steps to "remove the trojan" are "delete the file" and "download this software". Sounds like a phishing scam to me.
If there is a real trojan out there I would expect a respected source to tell me which files to remove, not whose "free trial" software to download. The article writer does add some scepticism at the start but seems to just pass the rest on unchanged. |
So he got suckered?
|
Quote:
It looks like a "security firm" pushing product -- whether or not the threat is real I wouldn't like to guess. |
It does look like a scam. All the urls point to that website selling the sofware (and bob knows what kind of malicious software it can be)
|
I commented.
Quote:
|
I thought i read that forbes was among the sites HACKED ad serving up software for the java crack that oracle just pushed a BROKEN patch out for
|
BackDoor.Wirenet.1 Keylogger is a backdoor trojan that can run on Linux and MacOSX, stealing personal information, passwords, and banking credentials! It copies itself to the user's home directory at /home/WIFIADAPT
It then creates a connection to a remote IP, currently 212.7.208.65 Defence and Removal: Block that IP with your router / firewall. Delete the above directory/files. and My understanding is the wirenet-1 has to create a file in the directory ~/ WIFIADAPT Since Linux sees directories and files as the same (you can't have a file and directory by the same name) I believe that creating an empty file by the name of WIFIADAPT in your home directory would keep your from getting the Trojan since It would not be able to create the Directory WIFIADAPT the location it stores the infection. Just for extra measures I would set the permissions on the created file read only. This is just my suggestion but I believe this would work. It also wold be a good idea to block the above mentioned IP address. from http://askubuntu.com/questions/18193...door-wirenet-1 and also http://www.linuxforums.org/forum/cof...tml#post903002 sounds like a viable solution also. Quote:
Code:
$ java -version So java is disabled in addons till itis needed or fixed again (I bet nothing on that) |
Quote:
but that is the Oracle java , not OpenJDK . |
rokytnji
good tip on blocking site. 212.7.208.65 my router now blocks incoming and outgoing |
|
My guess is that since it creates a directory called WIFIADAPT to be inconspicuous to the regular user, this trojan might have originally come in the form of some WIFI or some other network utility program (APP).
|
meh, the lesson here is Linux isn't invulnerable to malware (especially those written in Java), however assuming the user doesn't go out of their way to go against the Linux security model, then it should be much easier to detect and clean up after a malware infection (because said malware can't spread beyond said user's home directory, or install itself in a way that the user can't simply rm -rf.
|
I think the lesson is, if malware can target Window$, Mac, AND Linux, they will say "New trojan targets Linux and Mac" and maybe in very small print if at all and Window$.
|
All times are GMT -5. The time now is 04:22 AM. |