Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I guess I have not been infected with this malware: my home directory does not contain the offending file. I was just wondering: since we apparently know what server the malware file communicates with, will someone trace the geographical location of that server and arrest the owner?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
It has all the hallmarks of it. The file you're supposed to look for isn't even a hidden file, and the steps to "remove the trojan" are "delete the file" and "download this software". Sounds like a phishing scam to me.
If there is a real trojan out there I would expect a respected source to tell me which files to remove, not whose "free trial" software to download.
The article writer does add some scepticism at the start but seems to just pass the rest on unchanged.
BackDoor.Wirenet.1 Keylogger is a backdoor trojan that can run on Linux and MacOSX, stealing personal information, passwords, and banking credentials! It copies itself to the user's home directory at /home/WIFIADAPT
It then creates a connection to a remote IP, currently 22.214.171.124
Defence and Removal:
Block that IP with your router / firewall.
Delete the above directory/files.
My understanding is the wirenet-1 has to create a file in the directory ~/ WIFIADAPT Since Linux sees directories and files as the same (you can't have a file and directory by the same name) I believe that creating an empty file by the name of WIFIADAPT in your home directory would keep your from getting the Trojan since It would not be able to create the Directory WIFIADAPT the location it stores the infection. Just for extra measures I would set the permissions on the created file read only. This is just my suggestion but I believe this would work. It also wold be a good idea to block the above mentioned IP address.
My guess is that since it creates a directory called WIFIADAPT to be inconspicuous to the regular user, this trojan might have originally come in the form of some WIFI or some other network utility program (APP).
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
meh, the lesson here is Linux isn't invulnerable to malware (especially those written in Java), however assuming the user doesn't go out of their way to go against the Linux security model, then it should be much easier to detect and clean up after a malware infection (because said malware can't spread beyond said user's home directory, or install itself in a way that the user can't simply rm -rf.