Slashdot Mirror

← Back to Stories (view on slashdot.org)

Looking At The New Linux Trojan

Posted by Hemos on from the peering-under-the-hood dept.

Da Schmiz writes: "Security firm Qualys discovered a new Linux trojan on Saturday ... details can be found on their website.. Vnunet picked up the story earlier today, and then followed up with more details. They're comparing the potential impact to Code Red or worse, since more servers run Linux / Apache than NT / IIS. I don't think it's that bad, since the infection can be easily detected, but it certainly isn't good." Update: 09/08 11:58 AM GMT by H : Of course, as Kurt Siefried pointed out in e-mail: "The trojan has nothing to do with Apache. The virus attaches itself to an executable, which you must run to infect other binaries (i.e. you must run this as root). This means that infection vectors include, but are not limited to email attachments, but you must of course save the binary, then set it executable, and then run it, as root, to do any real damage. Alternatively you must download binary software and run it (again as root to do any real damage). In other words someone must run binaries of unknown origin as root, and if this is common practice then you have larger policy and education problems to deal with." So - comparing it to Code Red is a bit dubious.

5 of 263 comments (clear)

  1. Cute kittens by Graymalkin · · Score: 3, Insightful

    The problem with saying "oh yeah this is easy to detect/fix" is that you're not looking from the standpoint of non-linux geeks. I've never really had a problem with trojans or virii on any of my Windows machines because I know how not to pick them up. They're headaches because most people don't know how to avoid them. The same goes with all the people who picked up a copy of RedHat and run around as root because they don't know any better. Linux is only as secure and efficient as the people using it. Weenie.

    --
    I'm a loner Dottie, a Rebel.
  2. These journalists must be desperate for attention. by hebble · · Score: 5, Insightful

    First: why is Apache mentioned AT ALL? It sounds like this thing only "spreads" (if you can even call it that) when someone is brain-dead enough to READ their EMAIL as a user who can WRITE to IMPORTANT BINARIES! That has nothing whatsoever to do with Apache. Is it just to support the idea that there are a lot of Linux servers?

    As virii go, this is pretty pathetic, and prompts one to question the competence of anyone who thinks it is significant. The email-vector mechanism can't even take advantage of address books, since Unix mail clients are so far from standardized.

  3. It's a Virus not a Worm. by AftanGustur · · Score: 3, Insightful


    Why on earth do people think that this code can infect machines remotely over the Internet ? Does it say so anywhere in the article ?? No !!

    From the article:
    The so-called Remote Shell Trojan spreads through email as well as replicating itself across the infected system.

    It's simply a trojan that you will have to get in mail or on a floppy and execute YOURSELF.

    Then it will infect other executables on your system, but in no case will it be able to infect any other systems without human assistance (i.e. executing a binary on that computer).

    Whoever thought this is even remotely as scary as Code-Red is in need of some serious medication.

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  4. Impact on Linux by Registered+Coward+v2 · · Score: 4, Insightful

    To me , the real issue here is whether this trojan will have much of an impact on Linux boxes, but its impact on people's perceptions of Linux.

    If the popular media picks up a story that "LINUX USERS FACE DEADLY TROJAN (film at 11)", it will help create a perception of vulnerability, and its a small step to go to "and since Linux is freely distributed, who knows what can lurk in that copy you download..." While techies familar with Linux will have a reasonable grasp of the true threat and how to overcome it, what about the deciosn makers who are deciding what to implement at their companies? The ones that set budgets and decide what IT will implement (and IT may not have much of a say in the decision) will remmebr "Linux - oh yeh, that's the system that got hit with that DEADLY TROJAN."

    --
    I'm a consultant - I convert gibberish into cash-flow.
  5. Re:Technical detail: by SilentChris · · Score: 3, Insightful
    "Anyone who fails to have more than one layer of precaution on their system has a bit more to worry about."

    Except if it's a home machine with no personal/financial information on it, is connected to a cable line that can't do any damage sending data up its 128K upstream, and is running a few rudimentary firewall, you don't have much to worry about. Some people take their security WAY too seriously.