Xonotic Forums
[ALERT] New malware targets Linux and Mac OS X - Printable Version

+- Xonotic Forums (https://forums.xonotic.org)
+-- Forum: Community (https://forums.xonotic.org/forumdisplay.php?fid=6)
+--- Forum: Off Topic (https://forums.xonotic.org/forumdisplay.php?fid=15)
+--- Thread: [ALERT] New malware targets Linux and Mac OS X (/showthread.php?tid=3466)



[ALERT] New malware targets Linux and Mac OS X - Droid - 09-05-2012

Oh no! Were doomed.
You guys thought that linux and macs were secure, but they're not.
A new piece of malware targeting Macs and Linux-based systems is causing a world of trouble for those in its path. Wirenet.1 is responsible for stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload.

The outbreak was just recently detected meaning there are still multiple pieces of the puzzle missing. It’s unknown how the malware is being spread but Russian anti-virus company Dr. Web says the malicious code installs itself into the user’s home directory under the name WIFIADAPT.

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected (for a fee, of course). Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.

The malware further highlights a growing trend to target operating systems with a smaller install base – basically anything other than Windows – that were once thought to be more secure. The most popular Trojan to affect a non-Windows system was Flashback, a modified version of the BackDoor.Flashback.30 variant first discovered by Dr. Web in April 2012. This code found its way to more than 600,000 Mac computers.

Source: Techspot, written by Shawn Knight


RE: [ALERT] New malware targets Linux and Mac OS X - edh - 09-05-2012

Good thing I use Konqueror, a browser obscure enough that it doesn't even register as a target for malware authors.

I'm not sure that paying for this anti-virus is going to be a worthwhile thing for Linux users. If a software issue exists which allows this to happen it will be closed very quickly and no doubt in a way to prevent similar exploits.

I wouldn't go so far as to say this is insecure in the big scheme of things. This will be entirely running under a users account so isn't able to take root control and do worse things. In effect, the system remains totally secure, it's just the users account which has been compromised.


RE: [ALERT] New malware targets Linux and Mac OS X - Maddin - 09-05-2012

So that´s the third (IIRC) virus in total which affects Linux systems whereas Windows OSs are attacked by thousands per day. Big Grin

Anyway, thanks for the info. Is this file named WIFIADAPT hidden (which I assume it isn´t since it hasn´t a dot in front of the first character)? Or can it be seen when you just open your home directory?


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-05-2012

Don't use Java, don't use Flash or other Adobe products (Acrobat), don't run binaries that you don't trust, and you'll have the most obvious transmission channels controlled. Virii don't spontaneously appear on your machine, you have to get infected first.


edh: I care more about my $HOME being secure than my system directories. Getting my passwords captured would be a bigger annoyance tbh. I can't see what "worse things" it could do on my single-user machine.


RE: [ALERT] New malware targets Linux and Mac OS X - Droid - 09-05-2012

(09-05-2012, 07:10 AM)Mr. Bougo Wrote: Virii don't spontaneously appear on your machine

I know, i thought that when i read the original post on techspot


RE: [ALERT] New malware targets Linux and Mac OS X - Maddin - 09-05-2012

THIS is interesting: http://linuxforums.org.uk/index.php?topic=10389.0 Read it carefully!


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-05-2012

(09-05-2012, 07:17 AM)Maddin Wrote: THIS is interesting: http://linuxforums.org.uk/index.php?topic=10389.0 Read it carefully!

I don't understand. Self-replicating is easy if you can intercept ssh (I know it uses pinentry nowadays, which is designed to capture the keyboard directly to prevent user-level keyloggers to work I think?, but many people reuse passwords so ssh keys can be figured out in some cases). Same thing if you can send mail.

As for executability for email/IM transmitted or otherwise downloaded files, just tar it up with the rigth permissions and call the script/binary inside myholidayphoto.jpg or whatever. It's not too different from Windows viruses that abuse the target's naïveté.


RE: [ALERT] New malware targets Linux and Mac OS X - edh - 09-05-2012

Just thinking about this some more, there seems to be a lot of attention being given to this being a 'Linux virus'. There is however a lot of barriers being suggested here to why it would not spread successfully. There are just too many unknown variables between systems to allow effective spread. Is it possible however that this is a virus targetted at MacOS X, an environment similar enough between systems that a virus could spread effectively and it just so happens that because it runs in userspace, it will also run on other Unix like systems with appropriate software installed? Linux being the environment that comes to mind to the security company that has done the investigation. If this is true it would also run on BSD, Solaris or anything else Unix like with the required other parameters.


RE: [ALERT] New malware targets Linux and Mac OS X - hutty - 09-05-2012

welp ... as of 3 months ago ... my root password is longer than 3 letters ...
wha ? that doesn't matter ... oh well ....

although apple will probably use this as fuel for there app-store-only mindset they are sinking into ... (for osx ... not iso)

also ... certain distros are growing quite large (ubuntu) so linux systems beeing too diffrent is not a certianty


RE: [ALERT] New malware targets Linux and Mac OS X - Cyber Killer - 09-06-2012

It doesn't target OpenJDK, only Oracle Java, so most GNU/Linux users are safe, as oracle java is no longer in any distro repos and you need to install it manually (which is a whole load of hassle!).


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-06-2012

(09-06-2012, 05:21 AM)Cyber Killer Wrote: It doesn't target OpenJDK, only Oracle Java, so most GNU/Linux users are safe, as oracle java is no longer in any distro repos and you need to install it manually (which is a whole load of hassle!).

That's one transmission channel. The alleged virus itself isn't dependant on Java AFAIK.


RE: [ALERT] New malware targets Linux and Mac OS X - Minkovsky - 09-06-2012

(09-05-2012, 07:52 AM)Mr. Bougo Wrote: As for executability for email/IM transmitted or otherwise downloaded files, just tar it up with the rigth permissions and call the script/binary inside myholidayphoto.jpg or whatever. It's not too different from Windows viruses that abuse the target's naïveté.

Ubuntu will then warn you about it being an executable text file if it's a script, or will not display the thumbnail if it's an ELF file. Some people will pick up on that. Additionally, if hitting "display" in the alert for an executable text file brings up a bunch of code, shouldn't it ring some bells?


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-06-2012

(09-06-2012, 03:28 PM)Minkovsky Wrote: Ubuntu will then warn you about it being an executable text file if it's a script, or will not display the thumbnail if it's an ELF file. Some people will pick up on that. Additionally, if hitting "display" in the alert for an executable text file brings up a bunch of code, shouldn't it ring some bells?

Does it warn for perl or python scripts too?


RE: [ALERT] New malware targets Linux and Mac OS X - neXus - 09-07-2012

android = linux => NOOOOOO


RE: [ALERT] New malware targets Linux and Mac OS X - edh - 09-07-2012

(09-07-2012, 03:28 AM)neXus Wrote: android = linux => NOOOOOO

Without knowing more about this malware it's difficult to say if it could infect Android. If so that is a very big target market for malware!


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-07-2012

Isn't there malware for Android already anyway?


RE: [ALERT] New malware targets Linux and Mac OS X - Droid - 09-07-2012

Yes, i got 3 anti viruses on my xperia.
But if more ppl manage to do malware for linux and macs there will be more antiviruses needed which will slow up the pc and the speed was the main thing i went to linux.

But linux IS growing fast because
1-of the recession so nobody wanna spend 100 bucks on a windows os
2-proof is... http://free.avg.com/us-en/download.prd-alf
http://www.avast.com/linux-home-edition
http://www.clamav.net <-FREE


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-07-2012

It seems antiviruses for Android are rather useless, being sandboxed the same way any other app is.


RE: [ALERT] New malware targets Linux and Mac OS X - Minkovsky - 09-08-2012

Real malware for Android is probably going to target rooted phones, and really, if you know how to root your phone, you're probably smart enough to not install weird stuff. "Malware" for non-rooted phones is a) hugely dependent on how uninformed the victim pool is, and b) very limited, and will probably just steal some texts and display ads in the notification area.


RE: [ALERT] New malware targets Linux and Mac OS X - Mr. Bougo - 09-08-2012

Or text overpriced numbers, people make money that way.


RE: [ALERT] New malware targets Linux and Mac OS X - edh - 09-08-2012

(09-08-2012, 04:11 AM)Mr. Bougo Wrote: Or text overpriced numbers, people make money that way.

This has actually just happened in the UK and resulted in a fine for a Russian company:
http://www.bbc.co.uk/news/technology-19463697

As it happens on the phone network rather than the Internet it's much easier to catch them.


RE: [ALERT] New malware targets Linux and Mac OS X - Minkovsky - 09-08-2012

(09-08-2012, 04:11 AM)Mr. Bougo Wrote: Or text overpriced numbers, people make money that way.

Don't apps need a permission to access "Services that cost you money"?

Wait, yes, but still, if somebody really wants to see special emoticons in their texts, they are likely to give the app the permission. So really, malware for Android is pretty much scamware and not much else. Unless somebody found a hole in Dalvik sandbox. (Good thing that implementation is clean room as opposed to Oracle, though.)


RE: [ALERT] New malware targets Linux and Mac OS X - neXus - 09-12-2012

phew. now i like that my android phone is limited Big Grin