Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[ALERT] New malware targets Linux and Mac OS X

#1
Oh no! Were doomed.
You guys thought that linux and macs were secure, but they're not.
A new piece of malware targeting Macs and Linux-based systems is causing a world of trouble for those in its path. Wirenet.1 is responsible for stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload.

The outbreak was just recently detected meaning there are still multiple pieces of the puzzle missing. It’s unknown how the malware is being spread but Russian anti-virus company Dr. Web says the malicious code installs itself into the user’s home directory under the name WIFIADAPT.

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected (for a fee, of course). Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.

The malware further highlights a growing trend to target operating systems with a smaller install base – basically anything other than Windows – that were once thought to be more secure. The most popular Trojan to affect a non-Windows system was Flashback, a modified version of the BackDoor.Flashback.30 variant first discovered by Dr. Web in April 2012. This code found its way to more than 600,000 Mac computers.

Source: Techspot, written by Shawn Knight
[Image: steam.gif]











Reply

#2
Good thing I use Konqueror, a browser obscure enough that it doesn't even register as a target for malware authors.

I'm not sure that paying for this anti-virus is going to be a worthwhile thing for Linux users. If a software issue exists which allows this to happen it will be closed very quickly and no doubt in a way to prevent similar exploits.

I wouldn't go so far as to say this is insecure in the big scheme of things. This will be entirely running under a users account so isn't able to take root control and do worse things. In effect, the system remains totally secure, it's just the users account which has been compromised.
I'm at least a reasonably tolerable person to be around - Narcopic
Reply

#3
So that´s the third (IIRC) virus in total which affects Linux systems whereas Windows OSs are attacked by thousands per day. Big Grin

Anyway, thanks for the info. Is this file named WIFIADAPT hidden (which I assume it isn´t since it hasn´t a dot in front of the first character)? Or can it be seen when you just open your home directory?
Reply

#4
Don't use Java, don't use Flash or other Adobe products (Acrobat), don't run binaries that you don't trust, and you'll have the most obvious transmission channels controlled. Virii don't spontaneously appear on your machine, you have to get infected first.


edh: I care more about my $HOME being secure than my system directories. Getting my passwords captured would be a bigger annoyance tbh. I can't see what "worse things" it could do on my single-user machine.
Reply

#5
(09-05-2012, 07:10 AM)Mr. Bougo Wrote: Virii don't spontaneously appear on your machine

I know, i thought that when i read the original post on techspot
[Image: steam.gif]











Reply

Reply

#7
(09-05-2012, 07:17 AM)Maddin Wrote: THIS is interesting: http://linuxforums.org.uk/index.php?topic=10389.0 Read it carefully!

I don't understand. Self-replicating is easy if you can intercept ssh (I know it uses pinentry nowadays, which is designed to capture the keyboard directly to prevent user-level keyloggers to work I think?, but many people reuse passwords so ssh keys can be figured out in some cases). Same thing if you can send mail.

As for executability for email/IM transmitted or otherwise downloaded files, just tar it up with the rigth permissions and call the script/binary inside myholidayphoto.jpg or whatever. It's not too different from Windows viruses that abuse the target's naïveté.
Reply

#8
Just thinking about this some more, there seems to be a lot of attention being given to this being a 'Linux virus'. There is however a lot of barriers being suggested here to why it would not spread successfully. There are just too many unknown variables between systems to allow effective spread. Is it possible however that this is a virus targetted at MacOS X, an environment similar enough between systems that a virus could spread effectively and it just so happens that because it runs in userspace, it will also run on other Unix like systems with appropriate software installed? Linux being the environment that comes to mind to the security company that has done the investigation. If this is true it would also run on BSD, Solaris or anything else Unix like with the required other parameters.
I'm at least a reasonably tolerable person to be around - Narcopic
Reply

#9
welp ... as of 3 months ago ... my root password is longer than 3 letters ...
wha ? that doesn't matter ... oh well ....

although apple will probably use this as fuel for there app-store-only mindset they are sinking into ... (for osx ... not iso)

also ... certain distros are growing quite large (ubuntu) so linux systems beeing too diffrent is not a certianty
Reply

#10
It doesn't target OpenJDK, only Oracle Java, so most GNU/Linux users are safe, as oracle java is no longer in any distro repos and you need to install it manually (which is a whole load of hassle!).
My contributions to Xonotic: talking in the forum, talking some more, talking a bit in the irc, talking in the forum again, XSkie
Reply

#11
(09-06-2012, 05:21 AM)Cyber Killer Wrote: It doesn't target OpenJDK, only Oracle Java, so most GNU/Linux users are safe, as oracle java is no longer in any distro repos and you need to install it manually (which is a whole load of hassle!).

That's one transmission channel. The alleged virus itself isn't dependant on Java AFAIK.
Reply

#12
(09-05-2012, 07:52 AM)Mr. Bougo Wrote: As for executability for email/IM transmitted or otherwise downloaded files, just tar it up with the rigth permissions and call the script/binary inside myholidayphoto.jpg or whatever. It's not too different from Windows viruses that abuse the target's naïveté.

Ubuntu will then warn you about it being an executable text file if it's a script, or will not display the thumbnail if it's an ELF file. Some people will pick up on that. Additionally, if hitting "display" in the alert for an executable text file brings up a bunch of code, shouldn't it ring some bells?
(08-10-2012, 02:37 AM)Mr. Bougo Wrote: Cloud is the new Web 2.0. It makes no damn sense to me.
Reply

#13
(09-06-2012, 03:28 PM)Minkovsky Wrote: Ubuntu will then warn you about it being an executable text file if it's a script, or will not display the thumbnail if it's an ELF file. Some people will pick up on that. Additionally, if hitting "display" in the alert for an executable text file brings up a bunch of code, shouldn't it ring some bells?

Does it warn for perl or python scripts too?
Reply

#14
android = linux => NOOOOOO
[Image: 10253.png]
Reply

#15
(09-07-2012, 03:28 AM)neXus Wrote: android = linux => NOOOOOO

Without knowing more about this malware it's difficult to say if it could infect Android. If so that is a very big target market for malware!
I'm at least a reasonably tolerable person to be around - Narcopic
Reply

#16
Isn't there malware for Android already anyway?
Reply

#17
Yes, i got 3 anti viruses on my xperia.
But if more ppl manage to do malware for linux and macs there will be more antiviruses needed which will slow up the pc and the speed was the main thing i went to linux.

But linux IS growing fast because
1-of the recession so nobody wanna spend 100 bucks on a windows os
2-proof is... http://free.avg.com/us-en/download.prd-alf
http://www.avast.com/linux-home-edition
http://www.clamav.net <-FREE
[Image: steam.gif]











Reply

#18
It seems antiviruses for Android are rather useless, being sandboxed the same way any other app is.
Reply

#19
Real malware for Android is probably going to target rooted phones, and really, if you know how to root your phone, you're probably smart enough to not install weird stuff. "Malware" for non-rooted phones is a) hugely dependent on how uninformed the victim pool is, and b) very limited, and will probably just steal some texts and display ads in the notification area.
(08-10-2012, 02:37 AM)Mr. Bougo Wrote: Cloud is the new Web 2.0. It makes no damn sense to me.
Reply

#20
Or text overpriced numbers, people make money that way.
Reply

#21
(09-08-2012, 04:11 AM)Mr. Bougo Wrote: Or text overpriced numbers, people make money that way.

This has actually just happened in the UK and resulted in a fine for a Russian company:
http://www.bbc.co.uk/news/technology-19463697

As it happens on the phone network rather than the Internet it's much easier to catch them.
I'm at least a reasonably tolerable person to be around - Narcopic
Reply

#22
(09-08-2012, 04:11 AM)Mr. Bougo Wrote: Or text overpriced numbers, people make money that way.

Don't apps need a permission to access "Services that cost you money"?

Wait, yes, but still, if somebody really wants to see special emoticons in their texts, they are likely to give the app the permission. So really, malware for Android is pretty much scamware and not much else. Unless somebody found a hole in Dalvik sandbox. (Good thing that implementation is clean room as opposed to Oracle, though.)
(08-10-2012, 02:37 AM)Mr. Bougo Wrote: Cloud is the new Web 2.0. It makes no damn sense to me.
Reply

#23
phew. now i like that my android phone is limited Big Grin
[Image: 10253.png]
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
  Need recommendatons for best wireless PC gaming mice and keyboards for Linux CyberGhost 5 1,552 01-29-2023, 07:45 PM
Last Post: [CISN] Neigdoig
  malware link with Xonotic as bait Ogger73 0 3,071 05-29-2015, 07:11 PM
Last Post: Ogger73
  Surround Headset for Linux - experiences? Halogene 2 9,791 05-10-2014, 08:32 AM
Last Post: Lee_Stricklin
  Linux/FOSS game awards voting open now poVoq 3 7,013 12-03-2013, 11:52 AM
Last Post: poVoq
  Linux Mint to overtake Ubuntu? satuim 21 27,116 09-06-2013, 01:28 PM
Last Post: edh
  Vote for GOG to add Linux versions of games they sell FutureSuture 5 8,258 08-30-2013, 08:41 AM
Last Post: FutureSuture
  Xoreos: Bringing the Aurora Engine to Linux FutureSuture 0 4,445 08-22-2013, 01:25 PM
Last Post: FutureSuture
  PROJECT: Dota 2 for Linux Exitium 7 13,257 07-10-2013, 01:18 AM
Last Post: Loafers
Wink Steam Officially on Linux Squigger 1 5,471 02-14-2013, 08:41 PM
Last Post: end user
  Thanks to the devs, merry christmas (late) and Happy New Year! Taximus 1 4,748 01-01-2013, 12:56 PM
Last Post: chooksta

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-