Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-28-2010, 01:32 PM   #1
Senior Member
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Koobface worm is capable of infecting Linux, too!

Yeah, Linux is popular, every day more and more and it wasn't really a surprise to see something like this happen. Same worm can infect Winblow$ and Mac OS X, but of course Linux is a different story.

Read the rest here;
Old 10-28-2010, 02:09 PM   #2
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158 is one reference for OS X.

Really, though...if it takes social engineering to kick-start the compromise, I don't consider that an actual worm. Worms self propagate. This one doesn't self-propagate, from what I understand. It's actually a trojan. Although it'll hijack user accounts and attempt to spread itself further via spam messages, it will still take a duped human to actually make the attempts successful.

Interesting stuff, though.
Old 10-28-2010, 03:32 PM   #3
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
The attack was spotted on social networking websites like Facebook, MySpace and Twitter, the usual hunting grounds of the Koobface gang.
Never go there, so not affected.

It begins with users receiving a messages from their friends, who direct them to an online video. Lures like "Is it you in this video?" have been observed.
Aah, really ...
The included link leads to a fake YouTube page, which displays a video thumbnail. Clicking it launches a Java applet, that users are asked to accept.
So not a worm then,

The applet exploits a remote code execution vulnerability in outdated versions of Java and checks the visitor's operating system.
Outdated java dependency - not reliable then.

Based on this determination, the appropriate version of the Koobface worm is installed without requiring any interaction from the victim.
I think there has been quite enough user interaction already, hardly a worm attack.
Once installed on a computer, the worm hijacks the social networking accounts of its owner and uses them to propagate.
Oh dear, never mind.
Darwin awards ?
Old 10-28-2010, 06:28 PM   #4
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 20,838

Rep: Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008Reputation: 4008
Why would anyone be surprised that a java attack would succeed against various (any ?) environment. Isn't that the java motto - "write once, fail everywhere" ?.
+1 for the Darwin nomination.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows PC - Weird Virus (Koobface worm cleanup) dudeman41465 General 1 04-10-2010 05:50 PM
Program infecting Services '(dswap)' during startup RBIaIS Linux - Security 10 03-15-2009 01:47 PM
LXer: Vista Capable Lawsuit is Too Capable LXer Syndicated Linux News 0 11-23-2008 08:50 AM
phpbb worm infecting other server chadi Linux - General 1 12-25-2004 10:44 PM
Worm on Linux? :O Cdzin Linux - Security 7 03-10-2004 04:51 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:48 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration