Linux and Mac OS X Password Stealing Trojan

[TheKid7]

The first Trojan in history to steal Linux and Mac OS X passwords:

Quote:

.....Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications. BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.

http://news.drweb.com/?i=2679&c=5&lng=en&p=0

[Hungry Man]

Trojan means it's got to trick me into installing it. Since I get my software through the Software Center I'm not worried.

OSX users are mostly in the same boat, they have an app store where they can get most software from what I understand.

[Dark Shadow]

I doubt it was OS X MT Lion with gatekeeper on,unless it was turned off and installed from an outside source of unkown or unsigned.I am going to upgrade to MT lion as soon as I upgrade my ram.

Hungry Man: "trojan" can mean a lot of things these days, including things that install without user interaction. The Dr. Web people say they don't know how this one spreads... But I'll bet you a dime to a dollar that it uses a Java applet, like every other multiplatform trojan out there.

I'm not really surprised though. Keylogging as a limited user is apparently not too hard under Linux, IMO it was only a matter of time before someone implemented it in a trojan.

[EraserHW]

Quote:

Originally Posted by Gullible Jones

I'm not really surprised though. Keylogging as a limited user is apparently not too hard under Linux, IMO it was only a matter of time before someone implemented it in a trojan.

It's not hard at all indeed

I wonder if it would be possible to implement a more secure keyboard driver under Linux. Or maybe a more secure keyboard protocol? I'm not sure if the insecurity is at the driver layer.

Also, any idea if a trojan like this would work on OpenBSD? The OBSD developers have done some interesting stuff with X and privilege separation.

[Hungry Man]

GJ, Wayland doesn't have the same issues as X in terms of keylogging. When Linux switches to Wayland (Ubuntu 12.10 will include Wayland support but not use it by default) the issue will be dealt with entirely.

Yeah, I know Wayland doesn't suffer from these issues... Alas, I find Wayland's Linux exclusivity and dependency on fast hardware a bit off-putting.

[Hungry Man]

It should outperform X11.

[ComputerSaysNo]

I think Linux malware is more prevalent than people like to admit. Sure it's not huge but it's still out there.

Desktop Linux malware is basically nonexistant. Mostly because Linux users are a) rare and b) usually know enough to avoid it in the first place.

(Linux is more "hardenable" than Windows IMO, but few distros actually bother with wholesale system hardening. Personally I don't think the lack of Linux malware has anything to do with intrinsically better security, at least not right now.)

[lotuseclat79]

Quote:

Originally Posted by Gullible Jones

Desktop Linux malware is basically nonexistant. Mostly because Linux users are a) rare and b) usually know enough to avoid it in the first place.

(Linux is more "hardenable" than Windows IMO, but few distros actually bother with wholesale system hardening. Personally I don't think the lack of Linux malware has anything to do with intrinsically better security, at least not right now.)

With regard to your assertion that desktop Linux malware is basically non-existent, I suggest you read Linux malware.

With regard to hardening Linux, I suggest readers of this post download and read the PDF entitled Hardening the Linux desktop.

-- Tom

[tlu]

Quote:

Originally Posted by lotuseclat79

With regard to your assertion that desktop Linux malware is basically non-existent, I suggest you read Linux malware.

With regard to hardening Linux, I suggest readers of this post download and read the PDF entitled Hardening the Linux desktop.

-- Tom

It's a well-known fact that there is Linux malware - but it's scarcely of any importance in practice if you get your software from the official repositories. This also applies to the mentioned keylogging threat.

Malware via Java vulnerabilities can obviously be a problem - but not a big one if you're using AppArmor (or SELinux).

Quote:

Originally Posted by lotuseclat79

With regard to your assertion that desktop Linux malware is basically non-existent, I suggest you read Linux malware.

How many of those are actually in the wild right now, infecting Linux desktops?

Quote:

Originally Posted by tlu

Malware via Java vulnerabilities can obviously be a problem - but not a big one if you're using AppArmor (or SELinux).

Maybe. Keep in mind that desktop Linux is obscure and highly fragmented right now; so it's not really worth targeting for blackhats.

At this point though, I don't think desktop Linux distros will ever get popular enough to have their security really put to the test. Too much change too fast, in favor of buggy and badly designed software, put too many people off.

[Hungry Man]

Quote:

How many of those are actually in the wild right now, infecting Linux desktops?

All of them are really novelty samples. There has never been a widespread attack on Linux users.

Quote:

Maybe. Keep in mind that desktop Linux is obscure and highly fragmented right now; so it's not really worth targeting for blackhats.

Yes, but Java unifies all operating systems =p

Quote:

At this point though, I don't think desktop Linux distros will ever get popular enough to have their security really put to the test. Too much change too fast, in favor of buggy and badly designed software, put too many people off.

Users distros sure. The kernel has long been put to the test - it is every day.

I'd actually like to see some statistics on Windows Server vs. Linux security. I've heard that Linux servers generally attract a larger portion of attacks, but I have no idea how many of those attacks are successful.

[x942]

Quote:

Originally Posted by Gullible Jones

I'd actually like to see some statistics on Windows Server vs. Linux security. I've heard that Linux servers generally attract a larger portion of attacks, but I have no idea how many of those attacks are successful.

In my experience Windows Servers I manage seem to get infected quicker than the Linux servers (RHEL) even with both being targeted. The attack vector is normally Apache or SQL but windows seems to be more suceptable to these attacks. I decided to test both OS's running the same versions of apache and SQL but isolating them with ACL's on windows and SeLinux + GrSecurity on RHEL. In this case neither OS has been infected/compromised in over a year even with multiple attemps. So when people say it's all personal experience it is very true. Both OS's can be made secure. I will say (at least on the server side) Linux is more secure out of the box but any Sys-Admin can bring windows to par with that.

It really is best to use the OS you are familliar with. If you jump to linux and don't know how to secure it you may as well be letting hackers in the front door. Same with Windows.

Out of curiosity, what Windows version was this? Server 2008R2?

[x942]

Quote:

Originally Posted by Gullible Jones

Out of curiosity, what Windows version was this? Server 2008R2?

It was Windows server 2008R2. RHEL was the latest version at the time.

[kareldjag]

Hi
Cross platform infection vector and then cross platform malware...
That was the case for instance of the funny Bad Bunny worm
http://en.wikipedia.org/wiki/Badbunny

Here again, system hardening is-before any security software-the first line defense...No write permission no malware in most cases...
Plus virtual keyboard, browser hardening...
Sorry for Igor and Eugene, but there is no need to use an Antivirus on Linux...i know network system engineer who works on an European Telecom critical IT and he has never seen any malware on his technical servers.

Well...i have catched this malware...perl is an excellent langage...nothing new under the sun...already seen and sold here and there, but time has a cost and hunger too...
rgds

[chronomatic]

Quote:

Originally Posted by lotuseclat79

With regard to your assertion that desktop Linux malware is basically non-existent, I suggest you read Linux malware.

Almost all of that list is old (1990's) or POC that never made it into the wild. I have heard of about 2 pieces of malware in the wild since I have been using Linux (since about 2002). In both cases it required the user to download and install a malicious package. Stick with your distro's package manager and you have no chance of being "infected."

The biggest threat to the desktop is Java and incorrectly configured services such as VNC or SSH. If you don't need Java, disable it, or at least harden it with SELinux or AppArmor.

Well there was Badbunny, that didn't require user interaction. But it was not particularly insidious or hard to get rid of.