Linux Rootkits: Game on..seriously

Discussion in 'all things UNIX' started by Longboard, Sep 6, 2008.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Last edited: Sep 6, 2008
  2. Dogbiscuit

    Dogbiscuit Guest

    Which shibboleths?
     
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I'm asking :)
    It is an ominous devt.
    I am not expert in nay way but reading around there is a thread running through it that means some basic evaluations and 'taken for granteds' might need some adjusting ?? (Still asking)
    Prolly still needs 'root' to install.
    chkrootkit, rkhunter might not see this
    May only be a real risk to servers ??
    Lots of other rk's already itw on linux.
    The Reg might be a bit hyped here but the writer seems genuine and has some cred.

    Some good comments here:
    http://www.dslreports.com/forum/r21063115-Open-source-release-takes-Linux-rootkits-mainstream
     
    Last edited: Sep 7, 2008
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    secuirty issues happern on all OS's
    with linux its genrally fixed faster due to the huge opensourse community
     
  5. tlu

    tlu Guest

    First of all, there have been a couple a rootkits for U|Linux for many years.

    But the question is: How would your machine become infected?

    You need root privileges in order to install it. Thus, if a Linux user gets this rootkit as, e.g., an email attachment and installs it he must be a complete fool.

    The other possibility is downloading and installing an app from some website. But why would you do this if virtually everything you'll ever need is contained in the official repositories?

    In a nutshell: As long as the repositories of your distro are not manipulated you need not worry.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    I is second the above ...
    No different than getting infected ... in general. You execute, you let run ...
    Mrk
     
  7. wat0114

    wat0114 Guest

    Makes sense to me :)
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
  9. tlu

    tlu Guest

    Yes, I had read about that here. That's a serious issue that doesn't nullify what I said above, though. I'm sure that the Linux distributors learn from this intrusion.

    It's at least a warning against blindly including 3rd party repositories (because something is missing in the official repos etc.... blabla.). Who knows how well managed and secured these 3rd party repos are, after all.
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
Loading...
Thread Status:
Not open for further replies.