Fysbis Linux Backdoor Malware

Discussion in 'all things UNIX' started by SuperSapien, Feb 14, 2016.

  1. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Fysbis is a backdoor (and a pretty crude one). Something else would be used to actually deliver it, probably an exploit kit; which might be contained by properly configured sandbox, barring kernel vulnerabilities etc. You know the drill.

    And re the "work smarter, not harder" bit from the article: how about "hell no." Overreliance on hacked-up signature based solutions is how Windows got where it is now. Microsoft is currently quite busy extricating itself from that trap. I'd prefer Linux didn't get stuck there in the first place.
     
  3. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    237
    Location:
    Neo Tokyo
    First off this is not new malware, it appeared first in 2014 and as always is the case with Linux malwares/backdoors it targets servers and data centers which means the chances for the average joe/jane to "meet" this kind of security threats on his/her Computer are zero to none.
     
    Last edited: Feb 14, 2016
  4. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    What about white listing?
    Well Nanobot people elsewhere are making sound like this backdoor Trojan is a possible threat to the average user because they could steal a lot of personal information from them, but on the other-hand Linux has a much smaller user base then Windows & Mac although Linux is growing in popularity thanks in part to Steam OS and Windows 10. So maybe there is a niche market for personal Linux users. Or maybe not I'm not an expert.:confused:
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    We've been over that here on Wilders at some length. It can help, but is not anywhere near a complete solution. At some point you'll want to "whitelist" what individual programs can do, too; which falls under sandboxing or mandatory access control.

    In any case, Linux is way ahead on that already. Check out AppArmor - you can do stuff like enforcing trusted path execution for a desktop session, or restricting programs to a profile based on a wildcard match vs. their name.
     
  6. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I've heard AppArmor conflicts with Nod32, I wouldn't mind trying to setup AA on my desktop and laptop but I'm afraid if set it up on my desktop which is running Nod32 it would conflict.
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Hmm. If NOD32 has its own LSM, it might provide access control too, so you wouldn't need to mess around with AppArmor.

    (As for the merits of NOD32 on Linux, vs. AppArmor... yeah, I'm going to hold my tongue on that.)
     
Loading...