LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-18-2008, 12:57 PM   #1
cybergal
Member
 
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206

Rep: Reputation: 31
Silentbanker virus


Is Linux less likely to be affected by this virus? Is there a way of checking our systems to tell if we have been compromised? As it seems that the banks can't protect us, are there any specific steps we can take other than not banking online?

I'm running Ubuntu 6.06 LTS on a Toshiba Satellite laptop, with a dial-up connection.

TIA
 
Old 01-18-2008, 01:18 PM   #2
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,467

Rep: Reputation: Disabled
Not been able to get much specific info on this trojan, but it does look like it attacks user's PCs rather than the bank's websites. This usually indicates a windows-oriented attack. Could also target browser vulnerabilities too but I can't find any info to state this or that, say, running a linux version of a browser would be targeted at all. Best to keep an eye out for it and hope that symantec or someone puts out more specific details of it.



Quote:
Since the Trojan is downloaded to individual computers, usually during routine Web-surfing, consumers have to look to their own computer security, not their bank's, for protection.

Quote:
Computer users who don't have up-to-date anti-virus security software installed, or who haven't updated their web browser to fix flaws that are allowing the Trojan to proliferate, are particularly open to attack.

"[Silentbanker] sits on the website, and unbeknownst to you it downloads to your system," said Huger, who added the hackers behind Silentbanker are probably also trying to send the virus out via e-mail.
 
Old 01-18-2008, 09:05 PM   #3
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
Trojan.Silentbanker

Something of concern:

Italian Bank's XSS Opportunity Seized by Fraudsters


To mitigate against this attack use
the NoScript plugin for Firefox.

To configure NoScript go to:

Tools > Add-ons > NoScript > Options > Plugins

Additional restrictions for untrusted sites

Check > Forbid <IFRAME>
Check > Apply these restrictions to trusted sites too

-

Last edited by internetSurfer; 01-18-2008 at 09:09 PM.
 
Old 01-22-2008, 01:24 PM   #4
rsmits
LQ Newbie
 
Registered: Jan 2008
Posts: 5

Rep: Reputation: 0
Quote:
Originally Posted by cybergal View Post
Is Linux less likely to be affected by this virus? Is there a way of checking our systems to tell if we have been compromised? As it seems that the banks can't protect us, are there any specific steps we can take other than not banking online?

I'm running Ubuntu 6.06 LTS on a Toshiba Satellite laptop, with a dial-up connection.

TIA
This appears to be a Windows only virus. The informaton below comes from Symantec



Discovered: December 17, 2007
Updated: January 8, 2008 12:54:17 PM
Also Known As: Spy-Agent.cm [McAfee]
Type: Trojan
Infection Length: 54,189 bytes and 98,304 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.


Bob
 
Old 01-22-2008, 02:37 PM   #5
cybergal
Member
 
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206

Original Poster
Rep: Reputation: 31
Thanks to everyone for the replies. I installed NoScript yesterday. My bank had advice on their Website for Windows users only. Although I didn't expect them to mention Linux, they would probably have mentioned Mac if they were known to have been affected. So far so good...I hope!
 
Old 01-24-2008, 03:22 PM   #6
cam34
Member
 
Registered: Aug 2003
Distribution: Fedora 22, Debian 8, Centos 6/7 for servers
Posts: 101

Rep: Reputation: 16
Quote:
Originally Posted by rsmits View Post
Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.
This Virus also changes DNS Records on affected computer generating Man-in-the-Middle attacks DEFEATING One Time Passwords generated by security tokens used by bacnks etc!!! It also modifies webpages on the fly adding forms to request additional information if needed.

This virus is a well produced and professionally developed changing its routines almost daily, with encryption added to help avoid detection. Very serious bad boy!!
 
Old 01-24-2008, 06:23 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by cam34 View Post
serious bad boy!!
Listen, it's *microsoft only*, so no (this being the Linux Security forum).
 
Old 01-24-2008, 11:32 PM   #8
cybergal
Member
 
Registered: Mar 2003
Location: Parksville, BC Canada
Distribution: Ubuntu 10.04LTS, Absolute Linux,Debian 3.0, LinpusLite,
Posts: 206

Original Poster
Rep: Reputation: 31
http://www.linuxquestions.org/questi.../?daysprune=-1
Could there be a connection here? Linux servers infected to transfer virus/trojans to Windows OS and apps? Not good for OpenSource.
 
Old 01-30-2008, 02:44 PM   #9
SlowCoder
Senior Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by cybergal View Post
http://www.linuxquestions.org/questi.../?daysprune=-1
Could there be a connection here? Linux servers infected to transfer virus/trojans to Windows OS and apps? Not good for OpenSource.
Are you talking about this thread: http://www.linuxquestions.org/questi...-sites-616089/ ?

That issue has not been determined to be a Linux vulnerability. Their best guess is that the attackers obtained a list of root passwords. Once compromised, the Linux servers are used to attack random Windows clients which DO have vulnerabilities. Not good for ClosedSource.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Virus Removal... (Virus Live CD) Nathan1993 Linux - Distributions 7 04-06-2011 06:55 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 01:44 AM
Ever had a Virus like this? pleasehelp General 9 02-04-2004 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration