Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-18-2008, 12:57 PM
|
#1
|
Member
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206
Rep:
|
Silentbanker virus
Is Linux less likely to be affected by this virus? Is there a way of checking our systems to tell if we have been compromised? As it seems that the banks can't protect us, are there any specific steps we can take other than not banking online?
I'm running Ubuntu 6.06 LTS on a Toshiba Satellite laptop, with a dial-up connection.
TIA
|
|
|
01-18-2008, 01:18 PM
|
#2
|
Senior Member
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,467
Rep:
|
Not been able to get much specific info on this trojan, but it does look like it attacks user's PCs rather than the bank's websites. This usually indicates a windows-oriented attack. Could also target browser vulnerabilities too but I can't find any info to state this or that, say, running a linux version of a browser would be targeted at all. Best to keep an eye out for it and hope that symantec or someone puts out more specific details of it.
Quote:
Since the Trojan is downloaded to individual computers, usually during routine Web-surfing, consumers have to look to their own computer security, not their bank's, for protection.
|
Quote:
Computer users who don't have up-to-date anti-virus security software installed, or who haven't updated their web browser to fix flaws that are allowing the Trojan to proliferate, are particularly open to attack.
"[Silentbanker] sits on the website, and unbeknownst to you it downloads to your system," said Huger, who added the hackers behind Silentbanker are probably also trying to send the virus out via e-mail.
|
|
|
|
01-18-2008, 09:05 PM
|
#3
|
Member
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71
Rep:
|
Trojan.Silentbanker
Something of concern:
Italian Bank's XSS Opportunity Seized by Fraudsters
To mitigate against this attack use
the NoScript plugin for Firefox.
To configure NoScript go to:
Tools > Add-ons > NoScript > Options > Plugins
Additional restrictions for untrusted sites
Check > Forbid <IFRAME>
Check > Apply these restrictions to trusted sites too
-
Last edited by internetSurfer; 01-18-2008 at 09:09 PM.
|
|
|
01-22-2008, 01:24 PM
|
#4
|
LQ Newbie
Registered: Jan 2008
Posts: 5
Rep:
|
Quote:
Originally Posted by cybergal
Is Linux less likely to be affected by this virus? Is there a way of checking our systems to tell if we have been compromised? As it seems that the banks can't protect us, are there any specific steps we can take other than not banking online?
I'm running Ubuntu 6.06 LTS on a Toshiba Satellite laptop, with a dial-up connection.
TIA
|
This appears to be a Windows only virus. The informaton below comes from Symantec
Discovered: December 17, 2007
Updated: January 8, 2008 12:54:17 PM
Also Known As: Spy-Agent.cm [McAfee]
Type: Trojan
Infection Length: 54,189 bytes and 98,304 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.
Bob
|
|
|
01-22-2008, 02:37 PM
|
#5
|
Member
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206
Original Poster
Rep:
|
Thanks to everyone for the replies. I installed NoScript yesterday. My bank had advice on their Website for Windows users only. Although I didn't expect them to mention Linux, they would probably have mentioned Mac if they were known to have been affected. So far so good...I hope!
|
|
|
01-24-2008, 03:22 PM
|
#6
|
Member
Registered: Aug 2003
Distribution: Fedora 22, Debian 8, Centos 6/7 for servers
Posts: 101
Rep:
|
Quote:
Originally Posted by rsmits
Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.
|
This Virus also changes DNS Records on affected computer generating Man-in-the-Middle attacks DEFEATING One Time Passwords generated by security tokens used by bacnks etc!!! It also modifies webpages on the fly adding forms to request additional information if needed.
This virus is a well produced and professionally developed changing its routines almost daily, with encryption added to help avoid detection. Very serious bad boy!!
|
|
|
01-24-2008, 06:23 PM
|
#7
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by cam34
serious bad boy!!
|
Listen, it's *microsoft only*, so no (this being the Linux Security forum).
|
|
|
01-24-2008, 11:32 PM
|
#8
|
Member
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206
Original Poster
Rep:
|
http://www.linuxquestions.org/questi.../?daysprune=-1
Could there be a connection here? Linux servers infected to transfer virus/trojans to Windows OS and apps? Not good for OpenSource.
|
|
|
01-30-2008, 02:44 PM
|
#9
|
Senior Member
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250
Rep:
|
Quote:
Originally Posted by cybergal
|
Are you talking about this thread: http://www.linuxquestions.org/questi...-sites-616089/ ?
That issue has not been determined to be a Linux vulnerability. Their best guess is that the attackers obtained a list of root passwords. Once compromised, the Linux servers are used to attack random Windows clients which DO have vulnerabilities. Not good for ClosedSource.
|
|
|
All times are GMT -5. The time now is 11:28 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|