Linux ransomware already infected at least tens of users

Discussion in 'malware problems & news' started by Minimalist, Nov 7, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    Yes,
    Who on earth would do this :blink:
     
  3. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Tens of users would :rolleyes:
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    'Tens of users' ... scary, but hardly an epidemic problem.
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    The article did say "tens", not tens of thousands or millions. Pretty low infection rate. A small fraction of a percent of all the Linux systems out there.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    The key.... backup backup backup
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    ^^^ What he said.

    And it was only a matter of time before this happened, IMO. There are a lot of badly configured Linux servers out there.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594

    No brainer!!

    Of course good OPSEC along with it. Its much like reading the encryption forum right here. Folks end up with encrypted disks and they don't have the key to open it. So, use a backup and you are running in a very short time.

    Don't misunderstand me though, this stinks and network admin's need to be proactive with prevention.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    But not a typical auto-backup, which replaces the good files with infected ones. :shifty:
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Any solution requires liberal application of the software between the ears.
     
  13. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Seeing as im middle-aged i sometimes need regular updates in that regard.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047

    Don't we all. Unfortunately it is a large part of computer security.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,049
    Location:
    USA
    I expect that the "tens of users" is rip on the 1% market share it has on the desktop. But as stated by others, backup no matter what you are running.
     
  16. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    This malware has absolutely nothing to do with desktop. And GNU/Linux has a large market share in the server field, if not largest.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
  18. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Don't run any Linux OS as root ...... and then it can't touch you .
     
  19. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,982
    Location:
    Brasil
    Not exactly true. There was a Firefox exploit that allowed the attacker to grab any files in your /home directory. So if you typed your password by accident on the Terminal (happened to me at least 10 times in the last year) it would be registered in .bash_history. This is very dangerous to web servers.

    Not only that, but the Linux Kernel is pretty vulnerable by itself. That's why I use grsecurity. And that's why I run Iceweasel with Firejail, it can only touch the /Downloads folder and it's own little folder in /home/amarildo/.mozilla.
     
  20. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Linux has a lot of advantages over Windows in out of the box security. You just can't copy a random executable file somewhere and run it like you can in Windows. It has better structure and architecture and doesn't have all the undocumented and poorly documented complexity of Windows. That doesn't mean it is invulnerable or that its basic security can't be enhanced. A good OS in the hands of a careless user is less secure than a bad OS in the hands of a careful user as far as I'm concerned. That is why social engineering has always been one of the main tools in a hacker's tool box.

    I appreciate @amarildojr's comments on specific areas where security can be improved. I just read recently that Linux Torvalds tries to keep Linux kernel development focused more on performance than on security. I read up a bit on Grsecurity which certainly has the right approach. It is amazing how computer security always returns to ACLs and privilege. For anything mission critical like a web server, grsecurity looks like the way to go. I'm not ready to put it in a desktop installation yet but I've certainly been impressed by Firejail. A mere 150kb of code that can do so much. It is fast and lean. A bit of a learning curve compared to the Windows equivalent, Sandboxie, but it doesn't have the licensing costs of Sandboxie. Light virtualization sandboxing of browsers is a good idea idea in any OS.
     
  21. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    This is not really true. A properly made static binary can run out of the box on most Linux machines of a given architecture (at least for a while).

    Re GrSecurity, there's no reason you can't have that and mandatory access control.
     
  22. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I should have said as easily.
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    How about the statements in 2007 Linux article? (Underlining is mine)

     
  24. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Pointless, unfortunately.

    e.g. Metasploit will bypass this "feature" by spawning an interpreter process in memory only, and running commands from that. As long as chmod +x is not itself restricted, it doesn't present a serious obstacle.
     
  25. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    So adding the rule

    Code:
    blacklist ${PATH}/chmod
    to Firejail should solve this problem, shouldn't it?
     
Loading...