Linux and Mac OS X Password Stealing Trojan

Discussion in 'malware problems & news' started by TheKid7, Aug 27, 2012.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    The first Trojan in history to steal Linux and Mac OS X passwords:
    http://news.drweb.com/?i=2679&c=5&lng=en&p=0
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Trojan means it's got to trick me into installing it. Since I get my software through the Software Center I'm not worried.

    OSX users are mostly in the same boat, they have an app store where they can get most software from what I understand.
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I doubt it was OS X MT Lion with gatekeeper on,unless it was turned off and installed from an outside source of unkown or unsigned.I am going to upgrade to MT lion as soon as I upgrade my ram.
     
    Last edited: Aug 27, 2012
  4. Hungry Man: "trojan" can mean a lot of things these days, including things that install without user interaction. The Dr. Web people say they don't know how this one spreads... But I'll bet you a dime to a dollar that it uses a Java applet, like every other multiplatform trojan out there.

    I'm not really surprised though. Keylogging as a limited user is apparently not too hard under Linux, IMO it was only a matter of time before someone implemented it in a trojan.
     
  5. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy

    It's not hard at all indeed ;)
     
  6. I wonder if it would be possible to implement a more secure keyboard driver under Linux. Or maybe a more secure keyboard protocol? I'm not sure if the insecurity is at the driver layer.

    Also, any idea if a trojan like this would work on OpenBSD? The OBSD developers have done some interesting stuff with X and privilege separation.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    GJ, Wayland doesn't have the same issues as X in terms of keylogging. When Linux switches to Wayland (Ubuntu 12.10 will include Wayland support but not use it by default) the issue will be dealt with entirely.
     
  8. Yeah, I know Wayland doesn't suffer from these issues... Alas, I find Wayland's Linux exclusivity and dependency on fast hardware a bit off-putting.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It should outperform X11.
     
  10. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423
    I think Linux malware is more prevalent than people like to admit. Sure it's not huge but it's still out there.
     
  11. Desktop Linux malware is basically nonexistant. Mostly because Linux users are a) rare and b) usually know enough to avoid it in the first place.

    (Linux is more "hardenable" than Windows IMO, but few distros actually bother with wholesale system hardening. Personally I don't think the lack of Linux malware has anything to do with intrinsically better security, at least not right now.)
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    With regard to your assertion that desktop Linux malware is basically non-existent, I suggest you read Linux malware.

    With regard to hardening Linux, I suggest readers of this post download and read the PDF entitled Hardening the Linux desktop.

    -- Tom
     
  13. tlu

    tlu Guest

    It's a well-known fact that there is Linux malware - but it's scarcely of any importance in practice if you get your software from the official repositories. This also applies to the mentioned keylogging threat.

    Malware via Java vulnerabilities can obviously be a problem - but not a big one if you're using AppArmor (or SELinux).
     
  14. How many of those are actually in the wild right now, infecting Linux desktops?

    Maybe. Keep in mind that desktop Linux is obscure and highly fragmented right now; so it's not really worth targeting for blackhats.

    At this point though, I don't think desktop Linux distros will ever get popular enough to have their security really put to the test. Too much change too fast, in favor of buggy and badly designed software, put too many people off.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    All of them are really novelty samples. There has never been a widespread attack on Linux users.

    Yes, but Java unifies all operating systems =p

    Users distros sure. The kernel has long been put to the test - it is every day.
     
  16. I'd actually like to see some statistics on Windows Server vs. Linux security. I've heard that Linux servers generally attract a larger portion of attacks, but I have no idea how many of those attacks are successful.
     
  17. x942

    x942 Guest

    In my experience Windows Servers I manage seem to get infected quicker than the Linux servers (RHEL) even with both being targeted. The attack vector is normally Apache or SQL but windows seems to be more suceptable to these attacks. I decided to test both OS's running the same versions of apache and SQL but isolating them with ACL's on windows and SeLinux + GrSecurity on RHEL. In this case neither OS has been infected/compromised in over a year even with multiple attemps. So when people say it's all personal experience it is very true. Both OS's can be made secure. I will say (at least on the server side) Linux is more secure out of the box but any Sys-Admin can bring windows to par with that.

    It really is best to use the OS you are familliar with. If you jump to linux and don't know how to secure it you may as well be letting hackers in the front door. Same with Windows.
     
  18. Out of curiosity, what Windows version was this? Server 2008R2?
     
  19. x942

    x942 Guest

    It was Windows server 2008R2. RHEL was the latest version at the time.
     
  20. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi
    Cross platform infection vector and then cross platform malware...
    That was the case for instance of the funny Bad Bunny worm
    http://en.wikipedia.org/wiki/Badbunny

    Here again, system hardening is-before any security software-the first line defense...No write permission no malware in most cases...
    Plus virtual keyboard, browser hardening...
    Sorry for Igor and Eugene, but there is no need to use an Antivirus on Linux...i know network system engineer who works on an European Telecom critical IT and he has never seen any malware on his technical servers.

    Well...i have catched this malware...perl is an excellent langage...nothing new under the sun...already seen and sold here and there, but time has a cost and hunger too...
    rgds
     
  21. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Almost all of that list is old (1990's) or POC that never made it into the wild. I have heard of about 2 pieces of malware in the wild since I have been using Linux (since about 2002). In both cases it required the user to download and install a malicious package. Stick with your distro's package manager and you have no chance of being "infected."

    The biggest threat to the desktop is Java and incorrectly configured services such as VNC or SSH. If you don't need Java, disable it, or at least harden it with SELinux or AppArmor.
     
  22. Well there was Badbunny, that didn't require user interaction. But it was not particularly insidious or hard to get rid of.
     
Loading...
Thread Status:
Not open for further replies.