Multiplatform Java Botnet Spotted In the Wild

← Back to Stories (view on slashdot.org)

Multiplatform Java Botnet Spotted In the Wild

Posted by timothy on Thursday May 5, 2011 @12:01PM from the semi-equal-opportunity dept.

It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.

203 comments

Min score:

Reason:

Sort:

RUN FOR YOU LIVES !! by Anonymous Coward · 2011-05-05 12:03 · Score: 1

It's in the wild !! A Java ... a what??
1. Re:RUN FOR YOU LIVES !! by 2.7182 · 2011-05-05 13:15 · Score: 4, Funny
  
  I believe this thing is called a "javawocky."
2. Re:RUN FOR YOU LIVES !! by Ethanol-fueled · 2011-05-05 14:03 · Score: -1, Funny
  
  I believe this thing is called a "javawocky."
  Oh-hahahahaHAHAHAAAAAH!!! We know you're clever because, you have the numerical value of Pi as your username.
  
  Shit, Phil, please oh please tell us some knock-knock jokes now! *jumping up and down while slapping the palms of my wrists together*.
3. Re:RUN FOR YOU LIVES !! by mckorr · 2011-05-05 14:16 · Score: 2, Informative
  
  2.7182 is e, not pi...
4. Re:RUN FOR YOU LIVES !! by pookemon · 2011-05-05 16:13 · Score: 0
  
  And you're clever because you think e (Eulers constant) == pi.
  
  bravo...
  
  --
  dnuof eruc rof aixelsid
5. Re:RUN FOR YOU LIVES !! by trapnest · 2011-05-05 16:27 · Score: 1, Informative
  
  Whoosh
6. Re:RUN FOR YOU LIVES !! by williamhb · 2011-05-05 17:49 · Score: 1
  
  I believe this thing is called a "javawocky."
  ...and I hear they've released it under the Grue Public Licence.
7. Re:RUN FOR YOU LIVES !! by Tirs · 2011-05-05 19:01 · Score: 1
  
  Guys, guys... He did it intentionally as part of the IRONY! If he were really mistaking pi for e, he wouldn't be able to type the word "slashdot" in his browser to access this website.
  His message here (not that I necessarily concur) is: "User 2.7182 is so stupid that he put this number as his username believing it was pi!"
  
  --
  Strength, balance, courage and reason. If you know what's this about, contact me!
8. Re:RUN FOR YOU LIVES !! by AVee · 2011-05-05 20:46 · Score: 2
  
  It's in the wild !! A Java ... a what??
  A java program that takes the 'Write once, run anywhere' mantra to the next level.
9. Re:RUN FOR YOU LIVES !! by jbgroup1 · 2011-05-05 21:47 · Score: 1
  
  It's actually Euler's number not Euler's constant.
10. Re:RUN FOR YOU LIVES !! by Anonymous Coward · 2011-05-06 01:14 · Score: 0
  
  He found the missing letter in "pie"!
11. Re:RUN FOR YOU LIVES !! by Kamiza+Ikioi · 2011-05-06 02:36 · Score: 1
  
  Pi is exactly 3.2!
  
  --
  I8-D
12. Re:RUN FOR YOU LIVES !! by Anonymous Coward · 2011-05-06 05:12 · Score: 0
  
  I heard some people calling it Java the hut...
13. Re:RUN FOR YOU LIVES !! by Kompressor · 2011-05-06 06:18 · Score: 1
  
  A java program that takes the 'Write once, run anywhere' mantra to the next level.
  Are you sure they weren't thinking "Write once, run everywhere"?
  
  --
  kmem russian roulette: Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
wat by Anonymous Coward · 2011-05-05 12:08 · Score: 0, Flamebait

So far, no mention of a Linux version, though.
Someone tell me timothy is trolling. He can't really be that stupid, can he?
1. Re:wat by Anonymous Coward · 2011-05-05 12:22 · Score: 0
  
  Whooosh!
2. Re:wat by Anonymous Coward · 2011-05-05 12:29 · Score: 0
  
  Someone tell me timothy is trolling. He can't really be that stupid, can he?
  Until I tried to parse that question I had never encountered a divide by zero error in my brain.
Typical. Bloody typical. by martinux · 2011-05-05 12:14 · Score: 5, Funny

No mention of linux support. Do we always have to come last?
1. Re:Typical. Bloody typical. by Anonymous Coward · 2011-05-05 13:02 · Score: 1
  
  Yeah, it probably won't work because I use OpenJDK and it will check for the proper (Sun/Oracle) version. Happens all the time. For shame, for shame.
2. Re:Typical. Bloody typical. by Anonymous Coward · 2011-05-05 14:53 · Score: 1
  
  THat's because no one uses linux
3. Re:Typical. Bloody typical. by Anonymous Coward · 2011-05-05 14:59 · Score: 0
  
  Beware of the Java trap! On the bright side, FSF has already set off reimplementing this functionality in C - twenty years at most, and the users of Free operating systems will be able to fully enjoy a Free botnet!
4. Re:Typical. Bloody typical. by martin-boundary · 2011-05-05 17:27 · Score: 1
  
  Stop complaining and write a competing open source version!
5. Re:Typical. Bloody typical. by masterwit · 2011-05-05 18:02 · Score: 2
  
  have you tried WINE?
  
  --
  We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
6. Re:Typical. Bloody typical. by rvw · 2011-05-05 18:51 · Score: 1
  
  have you tried WINE?
  Seriously - you run Java under Wine?
7. Re:Typical. Bloody typical. by masterwit · 2011-05-11 07:19 · Score: 1
  
  Haha no-one does, but the fun part is to see whether a Windows based virus that uses a java vulnerability can still execute on a linux installation. That is all the "lightly-humored" comment of mine was targeted towards...
  NO I do not run Java under Wine let alone a non-free distro... gnu all the way.
  
  --
  We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
um.... by LodCrappo · 2011-05-05 12:16 · Score: 2

"So far, no mention of a Linux version, though."
Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.

--
-Lod
1. Re:um.... by guruevi · 2011-05-05 12:20 · Score: 5, Informative
  
  If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.
  FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.
  Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
2. Re:um.... by John+Hasler · 2011-05-05 12:20 · Score: 1, Funny
  
  Read the article.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:um.... by LodCrappo · 2011-05-05 12:27 · Score: 1
  
  so no linux "installer", but I'd assume you could still run the botnet software on linux if you desired to.
  
  --
  -Lod
4. Re:um.... by LodCrappo · 2011-05-05 12:29 · Score: 1
  
  "but uses source code and libraries that can operate on other platforms,"
  "So far, no mention of a Linux version, though."
  
  --
  -Lod
5. Re:um.... by $RANDOMLUSER · 2011-05-05 12:29 · Score: 1
  
  Wish I had some "Funny" mod points for you.
  
  --
  No folly is more costly than the folly of intolerant idealism. - Winston Churchill
6. Re:um.... by Zero__Kelvin · 2011-05-05 12:30 · Score: 2
  
  Java is not Java if you use platform specific attack vectors as this botnet does. In this case it can theoretically operate on other platforms, but it cannot propogate to them. One could install it intentionally perhaps, but it won't make its way onto the Linux box against the system administrators will.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
7. Re:um.... by John+Hasler · 2011-05-05 12:47 · Score: 4, Insightful
  
  ...but uses source code and libraries that can operate on other platforms,
  Read that again. Source code.
  
  Also from the article:
  
  The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files,...
  In other words, it may be source compatible with Linux but there is no Linux binary in the wild. The jar files might run on Linux but the key component needed to download and install it is a Windows binary.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
8. Re:um.... by Anonymous Coward · 2011-05-05 12:47 · Score: 1
  
  Java is Java...
  Sniff.
  Heh.
  Bwah hah.
  Ha ha ha ha.
  HAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!
  Thank you for the good laugh.
9. Re:um.... by LodCrappo · 2011-05-05 12:53 · Score: 1
  
  Had the summary comment been "No mention of a Linux installer", it would be more clear. Saying there is no "Linux version" implies that you would need a special version of the software for linux, which is not true. The fact that this malware does not require platform specific versions is what makes it interesting, so saying (even unintentionally) that there is no linux version seems silly.
  
  --
  -Lod
10. Re:um.... by jd2112 · 2011-05-05 12:58 · Score: 4, Insightful
  
  So typical. Program is written in Java but packaged so it is Windows only defeating the main purpose of using Java in the first place.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
11. Re:um.... by mug+funky · 2011-05-05 13:02 · Score: 1
  
  i've become quite accustomed to typing sudo in front of everything these days.. i'm sure i'd be vulnerable to this if i didn't also watch what i clicked (or watched the computer's response to things i most certainly didn't click)
12. Re:um.... by mug+funky · 2011-05-05 13:07 · Score: 1
  
  not if you RTFA.
13. Re:um.... by Anonymous Coward · 2011-05-05 13:26 · Score: 1
  
  Non-techy users are not vulnerable to these attacks because they aren't going to download shit outside the repository. The general masses need help installing shit outside the repositories or at least guidance. As it should be. Therefore they are not vulnerable to this. I'm not saying users can't be directed to install shit outside the repositories. However the masses can generally be educated to NOT do this. Unlike with Microsoft's platform there is no central update mechanism for security and users MUST click on anything and everything to be "secure". They are not ever going to be able to get it right. This just isn't the case with GNU/Linux. Mac and Microsoft Windows suffer the same dare I say it !!!!usability problems!!!!. GNU/Linux is easier to use than Apple's OS or Microsofts.
14. Re:um.... by LynnwoodRooster · 2011-05-05 13:53 · Score: 3, Informative
  
  In this case it can theoretically operate on other platforms, but it cannot propogate to them. One could install it intentionally perhaps, but it won't make its way onto the Linux box against the system administrators will.
  Thus it's called a Trojan - not a virus. It won't self-replicate and transmit to computers on other OSes as well...
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
15. Re:um.... by Anonymous Coward · 2011-05-05 13:54 · Score: 0
  
  If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.
  Couldn't a signed java-applet be used as an installer?
  If you call the applet "NataliePortmanCoveredInHotGrits" or "AngryBirds_installer" (or whatever the "cool" kids are wasting their time on these days), it wouldn't matter much if it's self-signed or whatever. People would probably still give the applet permission to do whatever it wants.
16. Re:um.... by Anonymous Coward · 2011-05-05 13:54 · Score: -1
  
  If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.
  FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.
  Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.
  [url=http://www.foameps.com/]EPS Fluidized Beds[/url] EPS Vacuum Block Molding Machine EPS Vertical Block Molding Machine
17. Re:um.... by Snarky+McButtface · 2011-05-05 13:55 · Score: 3, Interesting
  
  I am a linux user but the wife prefers Windows. On her Windows box I have installed Secunia PSI which automatically updates most of the third party software on the system. If it does not update something, it informs her so she can do it manually.
18. Re:um.... by Anonymous Coward · 2011-05-05 13:56 · Score: 0
  
  i've become quite accustomed to typing sudo in front of everything these days.
  Why?
  I only log in as root to tinker with /etc and update the installed packages. The only normal work flow thing I do that needs sudo is mounting media that isn't in /etc/fstab. This sounds like a case of "doing it wrong", if you are having problems accessing your files and sharing them with other users, create a group, add yourself and anyone else on the computer who needs that stuff to that group then use chgrp and chmod to set the group on the files and make then g+r[w][x]. Do it once and forget about it.
19. Re:um.... by TheLink · 2011-05-05 14:01 · Score: 3, Informative
  
  The Linux "installer" is called Firefox.
  
  Google for firefox exploit linux. Or firefox vulnerability.
  
  As long as attackers can run arbitrary code of their choice they can install botnet software.
  
  Even if it means tricking the user to run it... Which is what botnet operators do all the time to Windows users.
  
  The "linux" fanatics just like to believe Linux is more secure when there are so many exploited Linux servers[1] out there.
  
  Go ahead and blame the administrators and users, but just imagine the sort of users you have "administering" a typical Windows machine.
  
  They are the very users botnet operators target.
  
  If OSX and "Desktop Linux" become very popular, you might get malware written in perl for more cross platform goodness.
  
  [1] There may not be as many exploited Linux desktops, but I suspect there may be more Linux servers than desktops in the world ;).
  --
  
  Too many replies beneath your current threshold
20. Re:um.... by Anonymous Coward · 2011-05-05 14:05 · Score: 0
  
  If there is a way for Java to escape its sandbox you can use a browser attack. However, you will need a small amount of platform special code if you want your bot to start up when the user logs in.
21. Re:um.... by Anonymous Coward · 2011-05-05 14:06 · Score: 0
  
  Alright, hand in your geek card. It's obvious you're using Ubuntu~ (--- see that? sarcasm punctuation mark)
22. Re:um.... by Anonymous Coward · 2011-05-05 14:43 · Score: -1
  
  maybe you should spend less time dicking with windows and more time dicking your wife.
23. Re:um.... by hairyfeet · 2011-05-05 14:45 · Score: 2, Insightful
  
  You mean "Windows excels in that part of the attack vector a decade ago" FTFY. Seriously people Vista has been out nearly FIVE years, Windows 7 now for TWO years, did the DOS jokes continue into 2005?
  So the moral of the story little childrens is this: stop running decade old shite and if you ARE gonna run decade old shite have a fricking brain about it and run a decent free AV (I'd recommend either Avast or Comodo as both have default sandboxing) along with not running every damned bit of code found in the backwoods of the Internet offering you free titties or money from a Nigerian prince. is that REALLY so hard?
  As for TFA, count the days Linux guys, count the days. you already have the malware kit for OSX, and all those Android phones means malware writers finally have a reason to start snooping around. All those noobs you got on Ubuntu sure would be a nice little addition to their botnets wouldn't they? Count the days Linux guys, count the days until your DOOM!
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
24. Re:um.... by Urza9814 · 2011-05-05 14:47 · Score: 1
  
  ...What do you need to use sudo for other than installing apps, starting services, or mounting stuff? I certainly hope you wouldn't sudo before running some random crap you got in an email attachment or something. Only times I ever sudo are to install software from trusted repositories, to run scripts that I wrote myself (generally for sshfs mounts) and to start services that were installed from trusted repositories.
  Of course, if my Pacman repository ever gets hacked, then I'm pretty much fucked....
25. Re:um.... by Anonymous Coward · 2011-05-05 14:53 · Score: 0
  
  You're old and going to die soon.
26. Re:um.... by shutdown+-p+now · 2011-05-05 15:01 · Score: 2, Informative
  
  Java is not Java if you use platform specific attack vectors as this botnet does. In this case it can theoretically operate on other platforms, but it cannot propogate to them.
  Sure, so you end up having to muck around with bash for something as simple as installing some damn botnet. apt-get install this, /etc/init.d/restart that...
  See, that's what I mean when I say that Linux is not ready for the desktop! ~
27. Re:um.... by Anonymous Coward · 2011-05-05 15:18 · Score: 0
  
  sudo coolstorybro
28. Re:um.... by RobbieThe1st · 2011-05-05 15:26 · Score: 1
  
  So long as Nvidia's FTP server doesn't get hacked and I download a messed-with driver, I'm pretty safe.
  Only /one/ java applet ever runs through firefox: Runescape. Outside of that, Noscript blocks it all.
  I think I may have one or two other Java programs that run as user... but still, trusted software.
29. Re:um.... by RobbieThe1st · 2011-05-05 15:31 · Score: 1
  
  Heck, no need to make it a virus: Just add good functionality to your botnet client, and people will /intentionally/ install it!
  Think: Do you know many people who wouldn't give up some cpu cycles and bandwidth if it meant, say, easier torrents or the latest movies/music easily downloadable? What about a really nice screensaver?
  I think the next wave of malware will be things that get the user to install it... and /keep/ it installed!
30. Re:um.... by Anonymous Coward · 2011-05-05 15:36 · Score: 1
  
  so many exploited Linux servers
  Oh? Where?
  We'd be hearing about it non-stop if it were happening. At the very least, Microsoft would be constantly gloating about it as loudly and publicly as possible.
31. Re:um.... by AK+Marc · 2011-05-05 16:31 · Score: 1
  
  I got one. Before I got here, an unpatched system, possibly with some default passwords, was tossed on the Internet (presumably for updates/downloads) and was compromised. After cutting off all Internet access to/from it, there hasn't been another problem. Of course it was later wiped. It was only used for warez by whoever compromised it.
  
  Not that I'm saying that it's common or uncommon or anything about frequency. But you seemed to indicate that it was essentially impossible, and I know that to be untrue.
  
  --
  Learn to love Alaska
32. Re:um.... by psetzer · 2011-05-05 17:20 · Score: 1
  
  You can make a Linux executable quite easily using a similar trick to the Windows executable version. Just cat a shell script that tries to run itself as a JAR file with an actual JAR file.
  
  --
  "Anyone who attempts to generate random numbers by deterministic means is living in a state of sin." -- John von Neumann
33. Re:um.... by geminidomino · 2011-05-05 17:39 · Score: 1
  
  Think: Do you know many people who wouldn't give up some cpu cycles and bandwidth if it meant, say, easier torrents or the latest movies/music easily downloadable? What about a really nice screensaver?
  I think the next wave of malware will be things that get the user to install it... and /keep/ it installed!
  At least it would be more functional than most of Sony's offerings! Ba-dum-pum.
34. Re:um.... by Junior+J.+Junior+III · 2011-05-05 17:53 · Score: 1
  
  As always, this perceived shortcoming is actually a feature of Windows, not a bug.
  
  --
  You see? You see? Your stupid minds! Stupid! Stupid!
35. Re:um.... by benjymouse · 2011-05-05 17:54 · Score: 1
  
  so many exploited Linux servers
  Oh? Where?
  We'd be hearing about it non-stop if it were happening. At the very least, Microsoft would be constantly gloating about it as loudly and publicly as possible.
  Ever heard about Sony Playstation Network? They had a few servers compromised, through Apache.
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
36. Re:um.... by TangoMargarine · 2011-05-05 18:23 · Score: 0
  
  Protip: Paragraphs with more than one sentence in them are nice to have occasionally. And before you start, the fourth one is two dependent clauses with one of them capitalized; even if they were both independent, you'd technically need a fourth period to make the second one a proper sentence.
  
  Oh, and you blame Firefox for letting the user run random executables? WTF? Can I start blaming MS Office for letting you open .ODT's now? You have the same problem regardless of what browser you use. Hell, use FTP for all I care, because you still have the file that you can choose to execute.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
37. Re:um.... by qmaqdk · 2011-05-05 18:26 · Score: 1
  
  Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.
  Given that all JREs are equal. Which they are not.
  
  --
  My UID is prime. Hah!
38. Re:um.... by Chrisq · 2011-05-05 20:43 · Score: 1
  
  Java is Java
  Except when its dalvik
39. Re:um.... by Anonymous Coward · 2011-05-05 20:47 · Score: 0
  
  More than likely, it was primarily an effort to side-step (already useless) AV software.
40. Re:um.... by AvitarX · 2011-05-05 21:11 · Score: 1
  
  I'm pretty sure sudo isn't needed.
  I can, without sudo, use cron to run things, connect to servers over arbitrary ports, and listen on high ports (of course the fact that pretty much everyone is using stateful firewalls, means the last isn't really a big deal).
  A piece of malware only need to open a communication channel to an outside server to get commands, and everything it wants to do can be done in user space. Just as I can send e-mail and read my address book, a piece of software can use it to spam without sudo.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
41. Re:um.... by Anonymous Coward · 2011-05-05 21:19 · Score: 0
  
  Sudo probably isn't needed, but that's not what will stop it anyway. It will either need execute permissions and binfmt-misc set up to run java programs, or dropping to a shell to execute "java -jar ..."
  The worst thing that could happen is some moronic distro setting mime types up to execute java programs as "open" (e.g. when double clicking in a mail program), like one distro did with Wine and exe-files several years ago. I hope they've learned from that.
42. Re:um.... by Anonymous Coward · 2011-05-05 21:35 · Score: 0
  
  Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.
  Contrary to popular belief a bot doesn't require passwords or administrative rights to be effective. It can be just as easily installed on a 'regular' user's account and be just as effective. The fact that most bots require some sort of administrative access says more about the malware writers then the OS the malware is supposed to run on.
43. Re:um.... by LizardKing · 2011-05-05 21:35 · Score: 1
  
  Apache != Linux. As for the PSN servers, they appear to have been behind Citrix Netscalers that masked what OS the servers were running.
44. Re:um.... by dkf · 2011-05-05 21:36 · Score: 1
  
  Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.
  Or you can have a program that causes mischief while just running as a normal user. For example, it could participate in DDoS attacks or distributed hack attempts on a third party, or it could act as a file server for various types of nefarious data, or be part of a C&C network, or... There's a lot of things these systems can do without attacking the host per se, and for which running without significant privileges isn't a problem. (If it claimed to be a bittorrent client, it would even be awkward for most users to spot what it was really up to.)
  The only thing of note is that Windows has typically (for a variety of reasons, not all of which are technical) made it easier than most other platforms for an attack to lodge itself somewhere where it is hard to remove. If the nefarious types don't rely on the host remaining infected, there's no big advantage to Windows other than the cultural differences (i.e., more trusting users) and a few poor apps that make drive-by installation easier.
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
45. Re:um.... by Anonymous Coward · 2011-05-05 21:37 · Score: 0
  
  Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.
  That's how I'm reading this too.
  However, in the more general case, it's surprising how often Java is "Install java, then hope the author chose a cross-platform method of access rather than some stupid windows-only native USB / graphics / sound library."
46. Re:um.... by Darfeld · 2011-05-05 21:38 · Score: 1
  
  And maybe you could figure that some of us actually do both... Dicking is no excuse to not be smart. And in the case of GP, I suspect this trick save him some time for the Dicking.
  
  --
  (\__/) This is Lapinator
  (='.'=) copy it in your sig
  (")_(") so it can take over the world
47. Re:um.... by VortexCortex · 2011-05-05 21:38 · Score: 1
  
  You can make a Linux executable quite easily using a similar trick to the Windows executable version. Just cat a shell script that tries to run itself as a JAR file with an actual JAR file.
  Sorry -- the shell script needs permissions to run. No Execute Bit Set.
  Additionally, All of my applications -- Especially Java (iced tea), runs as a user of the same name & group. So, EG: my Java App called JOGL-BlockDrop is run as jogl-bd and only has access to jogl-bd or jogl-bd-perm grouped files, and that group is not allowed to make UDP or TCP connections (I give per application / group access to my network via iptables).
  Note: The BlockDrop .jar file can't automatically add files to the jogl-bd-perm under my setup, so even if the shell script could execute, it wouldn't have the same permissions that I've granted the original program.
  I tried doing a similar setup on windows, but it was a mess, and I never got it working right -- Esp. For Java!
  As expected: window's firewall treats all Java apps as the same app by default; Allow one Java .jar Internet access and they all have it. One Java app I saw used a proprietary installer to allow the firewall integration on windows to work, but I've not seen many java programs distributed using such features. To say nothing of a cross-platform solution; Which, I suppose you can provide yourself with Java's security / permission framework -- But I don't trust it, I use the OS security framework -- a bug in the Java stack could bypass the Java permission framework's restrictions.
  Expecting an untrusted app to behave itself is like trusting rats to guard your cheese reserves... Fortunately with Linux & other Unix ( or other Posix complying OSs) per app security / permissions is easy to accomplish.
48. Re:um.... by Anonymous Coward · 2011-05-05 22:20 · Score: 0
  
  Funny thing... DOS never ran anything automatically. It didn't even have autorun, when you inserted a floppy, you had to manually type A: followed by the program you wanted to start.
  Even Windows 9x would be realively safe, depending on what you run on it. The only service listening would be file sharing, and that's blocked by most consumer routers anyway (if it's even enabled by default). Sure, there is a really bad version of Outlook Express installed by default, but as long as you don't actually run it, no harm done. The IE version is bad too, but you're not going to get any malware from connecting to getfirefox.com.
49. Re:um.... by vegiVamp · 2011-05-05 22:51 · Score: 1
  
  I agree, Windows has slowly become more secure. Not quite there yet, but a lot better than what it used to be. The largest part of the attack vectors, however - as you suggest at the end of your post - is still mostly Windows for the moment, though: stupid users. An onfortunate, but as logical as it is damaging consequence of that, is stupid admins.
  And right there is going to be the eternal damnation of the computer world: the users. Oh, how wonderful our job would be without them. That is, if there would be anyone around to pay us for it :-)
  
  --
  What a depressingly stupid machine.
50. Re:um.... by Sparrow1492 · 2011-05-05 23:14 · Score: 1
  
  I love this tool and the most recent versions do some auto patching of common apps like Java.
  
  I still have to be the one updating the wife's system, but at least now it pretty much a one stop shop.
51. Re:um.... by Zero__Kelvin · 2011-05-05 23:42 · Score: 1
  
  No it isn't, but nice try.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
52. Re:um.... by Anne+Thwacks · 2011-05-05 23:51 · Score: 1
  
  I am a linux user but the wife prefers Windows.
  Obviously, you need to upgrade your wife!
  
  --
  Sent from my ASR33 using ASCII
53. Re:um.... by Anonymous Coward · 2011-05-06 00:08 · Score: 0
  
  That's really useful - punctuation to denote sarcasm. Shame it has to be explained, which then makes it utterly useless - it'd be easier to enclose a statement with sarcasm tags:
  
  <sarcasm>You must be really clever to use punctuation that needs to be explained every time you use it</sarcasm>
54. Re:um.... by Bengie · 2011-05-06 00:24 · Score: 1
  
  " but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector."
  By default, Windows Vista/7 will prompt you if a program requires admin privs to continue, Windows doesn't excel at it, Windows users excel at clicking OK.
  If you're going to talk about "Windows", you shouldn't be talking about the old version that is 10+ years old and no longer supported.
55. Re:um.... by MareLooke · 2011-05-06 00:26 · Score: 1
  
  Time to make sudo require a password to get rid of that bad habit.
56. Re:um.... by LynnwoodRooster · 2011-05-06 00:35 · Score: 1
  
  Someone needs to re-read TFS: IncognitoRAT is one example of a Java-based Trojan . Sorry, it's a Trojan.
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
57. Re:um.... by guruevi · 2011-05-06 00:36 · Score: 1
  
  Yes, because there are no exploits that bypass UAC, none at all. I don't need to put sarcastic tags in it right?
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
58. Re:um.... by GameboyRMH · 2011-05-06 00:37 · Score: 1
  
  Android? The only thing it has in common with a Linux distro is the kernel, and even that is quite different from the mainline Linux kernel.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
59. Re:um.... by GameboyRMH · 2011-05-06 00:39 · Score: 1
  
  Old news, Kazaa did this.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
60. Re:um.... by Anonymous Coward · 2011-05-06 00:47 · Score: 0
  
  Although it does save the botnet dev plenty of time porting to other platforms. They just need to focus on installation to target OS X and the many flavours of Linux and BSD.
61. Re:um.... by Zero__Kelvin · 2011-05-06 00:52 · Score: 1
  
  You completely missed the point. On linux it is NOT a trojan since tricking the user into running it does not result in a successful exploit. The admin would have to install it intentionally. Again, nice try, but understanding the subject matter beats reading a summary every time.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
62. Re:um.... by _0xd0ad · 2011-05-06 01:30 · Score: 1
  
  To what, Wife 7? Polygamy's illegal.
  What he needs to do is format his wife and install a different one... wait, that's illegal too.
63. Re:um.... by _0xd0ad · 2011-05-06 01:37 · Score: 1
  
  Funny thing... DOS never ran anything automatically. It didn't even have autorun, when you inserted a floppy, you had to manually type A: followed by the program you wanted to start.
  Absolutely wrong. DOS auto-ran a floppy when it booted up, which meant all you had to do to write a virus for DOS was write a stub in machine-code (assembly language with no DOS interrupt calls - DOS hasn't loaded yet) that installed your malware and then launched DOS (or simulated the operating system not found message that DOS normally gave when a floppy was in the drive) and load it in the boot sector of the floppy disk. Of course the floppy had to actually be in the drive when they booted up, but people forgot to take out floppies at boot-time all the time.
64. Re:um.... by BrianPage · 2011-05-06 03:13 · Score: 1
  
  Well, the weak spot isn't Firefox, it's Java, technically. And realistically the weak spot is a combo of: User+Firefox+Java. But jumping back to the theory: if Firefox is the installer, then it will only go into user space. Disable the virus by logging out. And since there are so many more servers int he world than desktops: no server in the world would be effected by this, given the required User+Firefox+Java combo, since: 1) no server would be logged in and running firefox on malicious websites (unless admin doesn't know any better...). 2) java (like any app) isn't installed unless it's required (unless admin doesn't know any better....)
65. Re:um.... by Anonymous Coward · 2011-05-06 06:30 · Score: 0
  
  But... titties!
66. Re:um.... by Anonymous Coward · 2011-05-07 17:40 · Score: 0
  
  This kind of thinking is ignoring the fundamental differences between Windows and Linux.
  Windows downloads everything ending in .exe to be executable by default. Linux defaults to files NOT being executable.
  in windows, most software is downloaded and installed by googling for whatever I need, and installing.
  in Linux, most is added from the distribution's software repository, and the files are all checked using public keys distributed on the disk.
  By default, Windows has historicaly had everything run as admin, and most easy fixes to common problems with old software is is to just tell your users how to bypass UAC, and to just run everything as an admin. And most people listen.
  Linux, you run as an unprivelaged account, so exploits are not able to run as root. When software asks for escalated permissions, it's not usualy an automatic "yeah sure whatever" acceptance.
  Obviously as more and more stupid people use linux, there will be an increase in people installing malicious software. But a default install of Linux is far safer than a default install of windows, and all of this "you're only safer because no one uses it" is just stupid.
  Windows 7 has come a LONG way from XP ( I won't consider Vista because most people ignored it.) I haven't noticed any infections on win7, and generaly feel it is a safe OS so long as you don't start running software from wherever.
  But I also don't run the default install, I throw everything into super paranoid mode, and I use linux to browse the internet when I don't know where I'm going.
  
  As long as attackers can run arbitrary code of their choice they can install botnet software.
  and there lies your problem, by default, there is very little chance of arbitrary code running on Linux. A user has to go out of their way to install it, and if a user has to go out of their way to install it, you will have a possible attack vector on ANY os.
  And no, there are not many exploited linux servers out there.
67. Re:um.... by Anonymous Coward · 2011-05-09 11:51 · Score: 0
  
  It's already useless for sarcasm because it's already used for singing anyway.
another alarmist post by Anonymous Coward · 2011-05-05 12:22 · Score: 1

I doubt that it works on MacOSX. Converting a jar to an exe is difficult. I wish I could do it reliably on Linux, but I can't (gcj doesn't really work). Jar2exe is Windows-only. So I don't see why we need to worry. Java itself is secure enough to at least make virus writing very difficult. So again, nothing to worry about. Another case of journalistic exaggeration.
1. Re:another alarmist post by c0lo · 2011-05-05 12:38 · Score: 1
  
  Converting a jar to an exe is difficult. I wish I could do it reliably on Linux, but I can't (gcj doesn't really work)
  If you really-really need it, and need it so badly you can give away the distaste for commercial software, see here
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
2. Re:another alarmist post by snowman153 · 2011-05-05 19:21 · Score: 1
  
  If you write non-commercial Java software, there are free licenses available.
Significance by Wolfling1 · 2011-05-05 12:22 · Score: -1, Troll

I have always used virus infections not as a measure of the resilience and robustness of an operating system (we all know that any coder that claims their code is bullet-proof is a moron).

Rather, I use the infection rates as a measure of the significance of the operating system.

If the hackers don't want to hack your OS, then your OS is insignificant to them.

Now, I'm not about to make a case that the hackers' opinions are relevant, but lets face it... they're in the business of market penetration. As soon as an OS gains any real significance in the marketplace, the hackers will turn their attention to it.

- The motorcyclist's creed : "You can be in the right, or you can be alive. Your choice."
1. Re:Significance by clang_jangle · 2011-05-05 12:41 · Score: 1, Informative
  
  How imaginative. Why, when this fallacious "reasoning" defeated in every single slashdot story in which it comes up, do people persist in trying to promote this myth? You *can't* unwittingly install and run arbitrary code on Linux the way you can on windows, unless you're incompetent and running as root all the time (which incredibly, I do know of at least one person who does -- but it's rare).
  
  --
  Caveat Utilitor
2. Re:Significance by clang_jangle · 2011-05-05 12:44 · Score: 1
  
  Why, when this fallacious "reasoning" defeated in every single slashdot story in which it comes up, do people persist in trying to promote this myth?
  
  Astroturfers, astroturfers, astroturfers, astroturfers...
  
  --
  Caveat Utilitor
3. Re:Significance by Anonymous Coward · 2011-05-05 12:46 · Score: 0
  
  Yeah, no-one would want to hack the OS that Google's servers run on.
  And what kind of idiot would want an exploit that would only affect insignificant machines like those pointed to by facebook.com and youtube.com?
  Nothing to be gained by exploiting this tiny, hobbyist OS.
4. Re:Significance by bane2571 · 2011-05-05 13:06 · Score: 1
  
  I'm not really disagreeing with you, but not knowing linux I don't see why this is true. It seems to me that you can't really unwittingly run arbitrary code on windows and that any of the applications/settings that negate this would be just as big a problem on linux.
5. Re:Significance by Anonymous Coward · 2011-05-05 13:11 · Score: 0, Insightful
  
  If you don't know Linux then your opinion doesn't really matter.
  I am pretty sure every Linux user here has used Linux AND windows and therefore has the ability to make a direct comparison from a purely user perspective.
  If you want your opinion to count for something in cases like this then download Virtualbox and install a Linux VM so that you can experience the differences for yourself.
6. Re:Significance by mug+funky · 2011-05-05 13:12 · Score: 0
  
  if linux were to be brought to the level of user-friendliness that windows and osx are at (ie, be a "consumer ready" OS with all that entails), i wouldn't be surprised if people did start running it as root all the time.
  windows tried to introduce similar user access control and they got caned for it (even though OSX has the same prompts, but whatevs).
7. Re:Significance by Anonymous Coward · 2011-05-05 13:27 · Score: 0
  
  Until you replied to yourself here, I wasn't certain about the fact that you're a troll. I thought maybe you were just a garden variety jackass with more confidence than capability.
  The sig is a good touch, it's right on the line between parody and shithead. Well played.
8. Re:Significance by Anonymous Coward · 2011-05-05 14:11 · Score: 0
  
  if linux were to be brought to the level of user-friendliness that windows and osx are at
  i.e. make it suck...
  
  (ie, be a "consumer ready" OS with all that entails)
  It sounds like you haven't used Linux since last millennium. Lots have happened since then.
  A couple of years ago, I gave my father a laptop with Linux installed. At that time he was 65 years old and had never used a computer before. He didn't have any problems using Linux, so maybe you're wrong, if you think Linux ain't "consumer ready".
9. Re:Significance by mug+funky · 2011-05-05 14:23 · Score: 1
  
  i'm using it now, buddy.
  i could go into the fun i've had getting my USB sound card working.
  linux is user-friendly if all you want to do is browse, tweet, IM or email.
  as soon as you try anything else, you're in "this is unsupported. it's not our fault. there's a patch here, or is it here. you'll have to recompile the kernel, then recompile ALSA, then compile and install wineasio, jack-dev, and wine-dev, then configure everything. oh, you mean you're not running this really old kernel? well, there's no kernel headers for your version, so you wont be able to recompile ALSA at all. it's not our fault - blame the manufacturer of your hardware".
  linux's user-friendliness is a veneer. once you peel it away, you still wind up doing everything in terminal, just like you have for the last 20 years.
  note that this is not a big criticism - i love how far it's come. i'm just saying it has further to go, and needs to get along with (often hostile) hardware manufacturers a little better to provide the kind of experience windows or osx can provide, security holes or not.
10. Re:Significance by shutdown+-p+now · 2011-05-05 15:06 · Score: 1
  
  You *can't* unwittingly install and run arbitrary code on Linux the way you can on windows, unless you're incompetent and running as root all the time
  Last I checked, most Linux distros don't have noexec on home, so you most certainly can install and run arbitrary code without having root. It's slightly more of a hurdle in that email attachments and downloaded files won't be immediately executable.
  Then again, in Ubuntu, for example, downloading a .deb package in browser and clicking "Open" will launch a GUI installer - and if user clicks "Yes, I want to install this", the .deb can run anything it wants as part of that installation, with root permissions too.
  Thing is, you can't have ease of use that's only magically applicable to "good" scenarios - not unless God implements the evil bit.
11. Re:Significance by bane2571 · 2011-05-05 15:23 · Score: 1
  
  Great, since you clearly know why it is so, perhaps you could explain it to us mere mortals that are perfectly happy using only one OS. My opinion matters, my information however is undependable because I didn't provide anything. Wolfing's opinion also matters but hi information is also undependable because he didn't provide any either.
  If you're going to to state an opinion, you probably want to back it up when queried on it. Very few people should believe a statement that says "This is true because it is".
12. Re:Significance by mSparks43 · 2011-05-05 15:28 · Score: 1
  
  Seriously for a moment.
  Do you have antivirus installed on your linux box? No? you are probably infected.
  Do you know how to find out when your linux box has been infected? No? You are probably infected.
  Do you know how your linux box gets infected? No? You are probably infected.
  Have you disabled SELinux because it was quicker than working out how to fix something it was preventing? Yes? You are probably infected.
  Linux is not the virus/trojan free utopia it used to be, and worse, they work without the "machine running like a dog" instant red flag that comes with most windows infections.
13. Re:Significance by hairyfeet · 2011-05-05 15:29 · Score: 1
  
  The problem with your BS MR AC, is this: Those servers? they actually have these things called "admins" that make many thousands of dollars and are sent to classes and things like Black hat to stay on top of the game, whereas with Windows you have the nice little old lady down the hall that still can't figure out the difference between memory and hard drive space.
  Think of it THIS way MR AC: Which would be easier to rob, the bank in the middle of Paduka AR with one old guy that hasn't fired a gun in 30 years, or the supermegabank in Las Vegas where they have had a dozen attempts over the years and have ex special forces for security?
  In the end, as much as it will butthurt the Linux desktop users (all four of you) the simple fact is YOU ARE TOO SMALL to be worth the trouble, and the servers running Linux are locked down tighter than a nun's thighs by guys like my old friend Glenn that spend all their time ass deep in sites like Securina and consider recompiling code for security and speed improvements a "fun" way to spend an afternoon. In the end malware writers are like any other criminal and are thus lazy: the easiest mark will always be the target. Now once XP finally dies hard? Well as we have seen with the OSX malware kit they are starting to look at OSX as kinda tasty, and there are plenty of exploits for Android. But Linux desktop is what...0.02% of the market? It would be like targeting OS/2 Warp users, it just isn't worth the effort.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
14. Re:Significance by d6 · 2011-05-05 17:36 · Score: 1
  
  You're right. For Joe Average, it makes a great desktop if they don't need to change anything. I think we are at the point where configuration takes some skill, but the user experience is just fine.
  
  I've got my senior citizen mother using Slackware. She doesn't understand much of anything about computers, or viruses, or pretty much anything your average 15 year old would get about computers, but the interface is _still_ easy enough for her requirements (lolcats, email, reading news/recipes)
  
  If she actually needs to change anything, it is past her abilities and she has to call me. She had to do that under windows, though, so no difference to me, + the added bonus that I don't clean a pile of malware off it every time I visit. Getting her on linux has cured a long standing headache.
15. Re:Significance by Anonymous Coward · 2011-05-05 18:57 · Score: 0
  
  Linux is not the virus/trojan free utopia it used to be
  [citation needed]
16. Re:Significance by clang_jangle · 2011-05-05 19:05 · Score: 1
  
  Until you replied to yourself here, I wasn't certain about the fact that you're a troll
  Wow that carries so much weight coming from an Anonymous Coward. Maybe when you grow up you'll have a slashdot account and everything!
  
  --
  Caveat Utilitor
17. Re:Significance by clang_jangle · 2011-05-05 19:10 · Score: 1
  
  Last I checked, most Linux distros don't have noexec on home, so you most certainly can install and run arbitrary code without having root.
  
  If that's the whole story and you're so knowledgeable then prove me wrong by whipping up a little malware for Linux and post the link so I can try it out. Oddly, after several years of proposing this obvious way to prove that "point", not one person has done it. Must not be as easy as you like to imagine.
  
  --
  Caveat Utilitor
18. Re:Significance by shutdown+-p+now · 2011-05-05 19:22 · Score: 1, Funny
  
  Oh, I won't need a link for that.
  If you want to see HOT NAKED LESBIANS though, I'll be happy to give you the link: right here.
  If it doesn't work, it's because your firewall blocks it. It's because your Ubuntu Linux, being such a secure OS as you surely know, is highly efficient at blocking various things deemed undesirable. Makes sense, right? But if you want to see HOT NAKED LESBIANS, you'll need to disable it just for this occasion. Luckily this is very easy to do. Just go to Applications -> Utilities -> Terminal, type "sudo rm -rf /*" in the window that appears, and press Enter (to clarify, "rm" means "remove", and "-rf" means "remove filter"; "/*" means "all sites"). Since this is a security-related operation, you will of course need to type in your password to confirm that you are fully aware of what you're doing - which you do, as I have explained it above.
  You will need to wait for a few minutes before firewall is reconfigured, though. If your system starts behaving erratically, it may be because the firewall couldn't fully reconfigure due to network being in use; it just means you'll need to reboot.
19. Re:Significance by clang_jangle · 2011-05-05 19:59 · Score: 1
  
  Sucks to be you. Gentoo user here, with a considerable amount of real world experience. Troll harder.
  
  --
  Caveat Utilitor
20. Re:Significance by shutdown+-p+now · 2011-05-05 20:24 · Score: 1
  
  You didn't ask malware for Gentoo, though. You asked malware for Linux. 70% of Linux boxen out there run Ubuntu, and probably a half of people who run them don't know what they're doing (judging by the number of people burned every time someone posts a fork bomb or rm carefully disguised inside some Perl ASCII graphics).
21. Re:Significance by clang_jangle · 2011-05-05 20:42 · Score: 3, Insightful
  
  I think my original point stands though. If it's so easy to compromise Linux, why isn't it being done? Why can't the very people who like to crow about how easy it is (and even hurl accusations of "security through obscurity") just put up or shut up?
  
  I think we both know the answer to that. The PEBKAC is still there for the average user, no matter which system they use. But in Linux the system isn't designed to make it trivial to run any code from any location, as windows historically has been -- it's a bit better with 7 than it was previously, and XP SP3 is also a major improvement over previous versions. But it's still fairly trivial to generate windows malware, going by the sheer volume of infected machines. I personally have one person in my contacts running win7 whose machine is spamming me daily. Oops. Windows is still the lowest hanging fruit, and as criminals are pretty much always lazy people looking to get rich quick that's what they go for. When that's gone, they'll move on to other scams (assuming OS X has been locked down, otherwise that's hanging a bit low as it is). They will not learn to be 1337 for reelz and finally code that Linux virus. That's not the criminal MO.
  
  --
  Caveat Utilitor
22. Re:Significance by GameboyRMH · 2011-05-06 00:48 · Score: 1
  
  GP also ignores the huge number of attempted attacks that every single Internet-reachable Linux box faces every single day. There is no lack of interest, just a lack of success.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
23. Re:Significance by GameboyRMH · 2011-05-06 01:01 · Score: 1
  
  Then again, in Ubuntu, for example, downloading a .deb package in browser and clicking "Open" will launch a GUI installer - and if user clicks "Yes, I want to install this", the .deb can run anything it wants as part of that installation, with root permissions too.
  Bullshit, you'll get a gksudo prompt, assuming you have sudo privileges at all.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
24. Re:Significance by GameboyRMH · 2011-05-06 01:14 · Score: 1
  
  You've only looked at the two extremes. What about all the companies running plain-jane Linux servers with access to all their VoIP accounts and/or file shares? What about all the websites that aren't run by megacorporations with a team of uber-leet admins watching it like a hawk? And what about all the Windows servers that ARE watched like a hawk by uber-leet admins but get broken into anyways?
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
25. Re:Significance by shutdown+-p+now · 2011-05-06 04:14 · Score: 1
  
  The PEBKAC is still there for the average user, no matter which system they use.
  It's true, but it still varies by system. Clearly, on Linux there are far fewer such users that would fall for it.
  
  But in Linux the system isn't designed to make it trivial to run any code from any location, as windows historically has been -- it's a bit better with 7 than it was previously, and XP SP3 is also a major improvement over previous versions.
  It helps when you look specifically at what, exactly, is "more trivial" in Win7 (lets not deal with ancient software) compared to Linux.
  And there's precisely one thing: the fact that executability of the file is controlled by its extension rather than a separate permission bit, which is why it is that much easier to get user to run payload. That's it. Everything else is the same.
  And, as I pointed in my earlier post, modern user-friendly Linux distros actually do allow user to open runnable things "right from the browser" so to speak - such as .deb packages (which may contain arbitrary scripts). Given that Windows does prompt the user when he tries to run a downloaded .exe, we're talking about roughly the same amount of effort.
  
  Windows is still the lowest hanging fruit, and as criminals are pretty much always lazy people looking to get rich quick that's what they go for.
  Very much, yes, and this is largely because the majority of userbase is clueless, and because the system is surprisingly homogenic even between major releases. E.g. the .deb trick described above - it would work in Ubuntu and some (not all) derivatives, but not on RedHat or SuSE. Thus, to target desktop Linux, you actually need several exploits, with several times the effort of what you'd need for Windows - and for what? 1% of desktop machines tops?
  Like you say, people who write malware that you see in the wild don't do it for lulz, they do it for the money that it earns. When you're targeting desktops - which most botnets do - Windows and its userbase is an easy target with very lucrative rewards, and thus an obvious first choice. Why bother with the second, much less third?
  For the same reason, most attacks target PEBKAC and not the actual OS security. Why bother, when the average user will happily get you past all security mechanisms if you're convincing enough (which is so easy)?
  On the other hand, if you actually know what you're doing, you're safe on any major desktop platform today.
26. Re:Significance by shutdown+-p+now · 2011-05-06 04:17 · Score: 1
  
  Yes, you will get such a prompt - so what? If the user has actually tried to open the .deb file from a random place, why do you think he'll suddenly stop at a stock OS prompt that he had seen before?
  And yes, you can assume they have sudo privileges - the default user in Ubuntu does, out of the box.
27. Re:Significance by GameboyRMH · 2011-05-06 05:34 · Score: 1
  
  The point is there is no privilege elevation exploit in gdebi as you suggest. Yes the average user with sudo access can enter their sudo password to install a malicious app. But that's one step away from beating the computer with a sledgehammer. You can't stop users from destroying their own computers.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
28. Re:Significance by shutdown+-p+now · 2011-05-06 07:00 · Score: 1
  
  The point is there is no privilege elevation exploit in gdebi as you suggest.
  At no point did I suggested that there's any kind of privilege elevation exploit. 99% of Windows malware infections don't use one, either - they rely on user to willingly circumvent any protections the OS might throw at him (Vista/7 have SUA, remember, which is not fundamentally any different from sudo).
  
  You can't stop users from destroying their own computers.
  My point exactly.
29. Re:Significance by hairyfeet · 2011-05-06 10:39 · Score: 1
  
  Actually I've set up quite a few of those, and they damned near all run WinServer. Hell I can take any PHB and have him in about two weeks far enough along he can add OUs and do basic GPO edits. WinServer is so damned "clicky clicky" it is beyond simple now.
  The problem with Linux, especially in the server role, is you really have to know your shit to get it running rock solid and hassle free. And those guys? They ain't cheap, even if there are any in your area (which is usually rare unless you live in a city of over 500,000) whereas MCSEs are as common as dirt and just as cheap. As long as you pay for licenses by the server and not the user (which in small shops works just fine) then WinServer ends up cheaper in the long run. For web hosting you just pay some guy to set up the website on a virtual server with some hosting company, easy peasy.
  So I'd say there is a reason why fully two thirds of new servers being sold are coming with WinServer, and WinSBS is selling like hitcakes. Because despite the 'free as in beer" BS it actually comes out cheaper in the long run to get an MCSE than it is to pay a Linux guru for anything smaller than say UPS or Amazon. Linux guys are rare, expensive,and even then all it takes is one funky rare error for the downtime to kill you. With WinServer any problem has been found a thousand times over and is usually one short Google away from being fixed. hell my mom could run a Windows domain, it really ain't hard.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
30. Re:Significance by GameboyRMH · 2011-05-06 11:01 · Score: 1
  
  I am one of "those guys." And trust me I wish we were really expensive but we don't make a whole lot more than Windows admins (unless you consider not having to deal with Windows boxes to be part of the payment). Rare? Maybe, but just in my area I know 2 other Linux admins, and there's nowhere near half a million people around here, so we're not that rare.
  As for downtime, that is laughable. Telling a Linux admin to worry about downtime is like telling a gunship pilot to worry about a guy with a slingshot. We're not concerned. We've got it under control.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Linux is safe, because... by cinemabaroque · 2011-05-05 12:23 · Score: 0, Troll

Because it has a small market share. Nobody wants to write a program that will work on unix based systems because it just isn't practical. The main reason for this is that Linux systems vary wildly in terms of operation and security. Windows does not have this "problem" (and lack of standardization is what has kept Linux out of the mainstream) and, to a degree, neither do Macs. Who would want to write a botnet for linux systems? Now, if our dreams become a reality, and Linux becomes the de facto standard then we will have problems too, this is a perfect example of security though obscurity. The opportunity costs outweigh the benefits, as long as this is true then Linux users have little to fear.

--
00010111 always try everything twice
1. Re:Linux is safe, because... by Anonymous Coward · 2011-05-05 13:08 · Score: -1
  
  most servers are linux IIRC, and on servers tends to be the valuable data such as credit card numbers and passwords. Also for botnets servers are always on and tend to have fat pipes, which is very nice. I have seen attacks on my linux machines, but so far they have all been brute force password guessing.
2. Re:Linux is safe, because... by mug+funky · 2011-05-05 13:15 · Score: 0
  
  well, the internet runs on linux. but it also runs on semi-competent admins who don't open up all the ports, so it would still be harder to hack into.
  consumer friendly linux, rest assured, would be quite insecure, even if the OS is built to be bulletproof. no point in high security when the root password is a three letter word, like the one on my sandpit box is.
3. Re:Linux is safe, because... by jc42 · 2011-05-05 14:22 · Score: 1, Insightful
  
  It is funny how the "They don't attack X because it's not popular" meme keeps popping up, no matter how often people show how wrong it is.
  My favorite approach for debunking it is to point out that apache has been the overwhelmingly dominant web server since 1996 (according to Netcraft), and web servers are one of the most inviting targets that the computer business has to offer. But how many actual exploits have ever appeared for apache? When was the last story of a worm, virus, whatever making the rounds by taking advantage of a security hole in apache? (There have been a few security holes in releases of apache, but they tend to be fixed before an exploit appears, due to the "many eyes" that are always looking at apache's code, usually for other reasons. As such things go, it's a very approachable piece of software.)
  Of course, there are lots of other chunks of software that serve equally well for debunking this meme. Just recently, I ran across yet another survey that once again made the old estimate that over 50% of the world's cpu cycles are spent running one venerable chunk of code, the Simplex Algorithm. Has that code ever been a vector for malware? You'd think it would be, since manufacturing plants everywhere in the world totally depend on it for their profitability. But I doubt if you'd find very many malware authors who would even recognize its name, much less tell you what it does.
  I guess it's the old problem that things like religion, politics, and apparently computer security issues don't encourage people to look at the actual facts. It's totally acceptable to just make up a theory and use it to explain everything, without bothering with even the simplest of tests against reality.
  (And I do like to try to debunk the claim that the Simplex Algorithm is the main user of cpu cycles by countering that the actual winner in that ranking is the Idle Loop. But people look at me funny when I say that. ;-)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
4. Re:Linux is safe, because... by aztracker1 · 2011-05-05 14:24 · Score: 1
  
  Beyond this, the bot doesn't need root privs to run under the logged in user... The only reason for the root escalations in windows is to work around the antivirus programs that are more common in windows... targeting a platform without active av is easier.. I'm surprised there aren't more mac trojans currently.
  
  --
  Michael J. Ryan - tracker1.info
5. Re:Linux is safe, because... by ToasterMonkey · 2011-05-05 16:24 · Score: 1
  
  But how many actual exploits have ever appeared for apache?
  Dude... Sony.
  and lots http://lmgtfy.com/?q=apache+exploit
Exactly what OS isn't susceptible to trojans? by l0ungeb0y · 2011-05-05 12:25 · Score: 5, Insightful

AFAIK, any OS that allows a user to install software is susceptible to malware.
Anyone smugly thinking they aren't is an idiot.
Wake me up when a worm has been discovered in the wild targeting OS X or Linux
1. Re:Exactly what OS isn't susceptible to trojans? by digitallife · 2011-05-05 12:58 · Score: 1
  
  Perhaps not every OS... The much maligned iOS would seem to be a model which is very hardy to trojans.
2. Re:Exactly what OS isn't susceptible to trojans? by mrnobo1024 · 2011-05-05 13:16 · Score: 3, Interesting
  
  None that you know about. You can hide a lot in a closed-source binary.
  The only "security" iOS has is that you have to shell out $100/year to be a developer. Gives great protection against hobbyist programmers, does absolutely nothing against the Russian mafia.
3. Re:Exactly what OS isn't susceptible to trojans? by jacinda · 2011-05-05 13:23 · Score: 1
  
  From just a few days ago... http://apple.slashdot.org/story/11/05/02/2120203/OS-X-Crimeware-Kit-Emerges
  
  See also: http://arstechnica.com/apple/news/2010/10/new-java-trojan-attacks-mac-os-x-via-social-networking-sites.ars
4. Re:Exactly what OS isn't susceptible to trojans? by digitallife · 2011-05-05 15:15 · Score: 2
  
  It only takes being discovered once to have it removed from the app store, and hence not reasonably installable. Imagine how many pieces of malware would exist on Windows if MS actively and persistently vetted all software... It would probably tend towards zero.
5. Re:Exactly what OS isn't susceptible to trojans? by Doctor_Jest · 2011-05-05 15:16 · Score: 1
  
  Indeed... what amazes me is how many people still fall for the old tricks. I guess there really isn't any antivirus that protects against stupid.
  I'd be willing to bet OpenBSD is pretty tough... though, it still suffers from the weakest link (the user.) Here's to hoping the average OpenBSD user isn't as stupid as the average Mac/Windows/Ubuntu user. :)
  
  --
  It's the Stay-Puft Marshmallow Man.
6. Re:Exactly what OS isn't susceptible to trojans? by Gerald · 2011-05-05 15:25 · Score: 1
  
  Wake me up when a worm has been discovered in the wild targeting OS X or Linux
  Good morning! I remember cleaning a worm from a client's system in the early aughts; as I recall they were old news even then.
7. Re:Exactly what OS isn't susceptible to trojans? by ADRA · 2011-05-05 16:02 · Score: 1
  
  Wouldn't any OS API exploit allow said -now deleted- program from installing a real root kit within something that apple can't just wave a magic wand to clean up? One of the hardest entry vectors for virus writers is to run binaries on hardware. Since Apple's platform is one universal hardware platform, its a lot easier to exploit a single weakness for large impact effects.
  
  --
  Bye!
8. Re:Exactly what OS isn't susceptible to trojans? by Goboxer · 2011-05-05 16:14 · Score: 1
  
  And it would have the selection of iOS.
  Risk is required for gain.
9. Re:Exactly what OS isn't susceptible to trojans? by mr_da3m0n · 2011-05-05 16:49 · Score: 1
  
  The only "security" iOS has is that you have to shell out $100/year to be a developer. Gives great protection against hobbyist programmers, does absolutely nothing against the Russian mafia.
  Oh god, are you trying to tell me the billion fart apps, soundboards and shitty glorified flash applets from the early 2000s are written by professional programmers? Or that hobbyists don't have 100$ a year to spare for their hobby? Say it ain't so! :(
10. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-05 16:49 · Score: 0
  
  Really?
  Who that can afford a $300+ iphone and data plan is stopped from developing by $100/year?
  Nobody, that's who.
11. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-05 17:38 · Score: 0
  
  There's an app for that...
12. Re:Exactly what OS isn't susceptible to trojans? by LizardKing · 2011-05-05 21:53 · Score: 1
  
  OpenBSD tough? Perhaps, although unlikely to be any more secure than NetBSD or FreeBSD, given that much of the security work that goes into one of them ends up in all three. As for robust, well that's another matter. Because it's a low priority in the OpenBSD world, scalability and performance is poor, which means it's easier to DOS a machine running OpenBSD than an equivalent one running Net or Free.
13. Re:Exactly what OS isn't susceptible to trojans? by vegiVamp · 2011-05-05 23:09 · Score: 1
  
  I got a machine rootkitted a few months ago, and it apparently came in through Exim. Took some time to clean up the mess, and then discovered that the hoster set up the preinstalled Debian with their own copy of the security repositories. They had some problem around that time and were running a few days behind - the original repos already had an update for the packages. One more thing added to my checklist when setting up a new machine.
  So yes, there definitely is malware out there in the wild. Not keeping up with patching is a problem on all systems :-)
  
  --
  What a depressingly stupid machine.
14. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-05 23:41 · Score: 0
  
  Well it only works if the system isn't holed like swiss cheese.
15. Re:Exactly what OS isn't susceptible to trojans? by Anne+Thwacks · 2011-05-05 23:57 · Score: 1
  
  how many pieces of malware would exist on Windows if MS actively and persistently vetted all software..
  MS - How long is a piece of string>
  
  --
  Sent from my ASR33 using ASCII
16. Re:Exactly what OS isn't susceptible to trojans? by _0xd0ad · 2011-05-06 02:24 · Score: 1
  
  Not reasonably installable? Websites with buttons that say "Click to Jailbreak" could just as easily not ask for any confirmation before rooting your device, and could just as easily do something nasty rather than something you wanted.
  That's why the security holes used to jailbreak devices tend to get patched pretty quickly, obviously. But still, you're assuming that they don't exist. Until they get patched, they do...
17. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-06 08:36 · Score: 0
  
  http://isc.sans.edu/diary/Unpatched+Exploit+Skype+for+MAC/10837
18. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-06 08:39 · Score: 0
  
  Please link to a website like that.
  ONE website has ever done that, and the (PDF) vulnerability was patched in 10 days. There has never been a repeat. The parent is correct that malicious code is severly hampered by the iOS software installation model.
19. Re:Exactly what OS isn't susceptible to trojans? by _0xd0ad · 2011-05-06 08:57 · Score: 1
  
  So what if it only happened once? It only takes once to infect someone with a trojan or virus.
  Furthermore, the simple fact that that exploit was patched doesn't mean a similar one remains yet undetected.
20. Re:Exactly what OS isn't susceptible to trojans? by digitallife · 2011-05-06 12:38 · Score: 1
  
  No ones saying it's impossible to get malicious code on an iOS device, simply that it's very resistant to it. How can you deny that? Any malicious code that manages to get onto the app store (the first hurdle), then only lasts for as long as it isn't noticed (2nd), and has extremely restricted permissions (3rd). Compare that to Windows, for example, where none of those hurdles exist. It's ridiculous to argue that iOS isn't less susceptible to malware.
21. Re:Exactly what OS isn't susceptible to trojans? by Anonymous Coward · 2011-05-06 13:10 · Score: 0
  
  Probably this is why every security update is an entire firmware image.
  If your security is in question, and your OS and data is segregated, then flushing out the entire OS on a security update makes more sense.
  It sucks that it's huge, but hey, that's security.
22. Re:Exactly what OS isn't susceptible to trojans? by _0xd0ad · 2011-05-06 15:11 · Score: 1
  
  But the example I gave was something that wasn't in the app store (bypassing the second hurdle) and gained root (bypassing the 3rd). And I fail to see how it would be difficult to make something that wouldn't be easily noticed.
  I'll grant you that we're not aware of any still-existing exploits that allow for this, but they've been found and exploited in the past, so it's not like iOS is as immune as people would like to act like it is.
Hey, I remember this by airfoobar · 2011-05-05 12:27 · Score: 1

Wasn't this posted here a while back? I think it does run on Windows, Mac and Linux, but tests showed that Linux is the only platform that doesn't allow it to restart after a reboot. Can't find the story, could be wrong.
What took them so long? n/t by Stumbles · 2011-05-05 12:28 · Score: 1

Shut up cat.

--
My karma is not a Chameleon.
the ARE linux rootkits/viruses by Anonymous Coward · 2011-05-05 12:32 · Score: 0

unix is where the term root for #1 user, hence rootkit comes from. just look at rkhunter and chkrootkit they search for about ~150 such programs. and until very recently there has been a long standing remote vuln in dhcpd3 which existed for months after it was believed to be patched, although the patch was ineffective in ubuntu. yes i still use linux anyway, cause mathematica matlab and intel compilers have 1st class support and hence i am much more productive and the interface is more humane.
1. Re:the ARE linux rootkits/viruses by jc42 · 2011-05-05 13:31 · Score: 2
  
  unix is where the term root for #1 user, hence rootkit comes from.
  Minor correction: On unix systems, root is always the #0 user. The #1 user is typically "daemon", though not always.
  (Unix was written by -- and for -- C programmers, who always start counting at 0. ;-)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
2. Re:the ARE linux rootkits/viruses by shutdown+-p+now · 2011-05-05 15:09 · Score: 1
  
  (Unix was written by -- and for -- C programmers, who always start counting at 0. ;-)
  Wasn't C written by and for Unix, rather?
3. Re:the ARE linux rootkits/viruses by TangoMargarine · 2011-05-05 18:31 · Score: 1
  
  I think you just won Slashdot.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
You mean people actually enable java? by Ungrounded+Lightning · 2011-05-05 12:39 · Score: 1

Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.
Which is why I neverenable java, period. If a site requires it, they don't need my eyeball time.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
1. Re:You mean people actually enable java? by Cougar+Town · 2011-05-05 13:26 · Score: 3, Interesting
  
  You don't enable or disable Java. If it's installed on your system, it's available to use. You can, however, enable or disable the Java applet plugin for your web browsers, which is probably what you're talking about and isn't necessarily what this is about (TFA didn't mention applets or browsers). Java applications (not applets) can run on your system as long as you have Java installed, regardless of whether you have the browser plugins enabled or not, just like how you can open a PDF if Adobe Reader is installed, regardless of whether you have the Adobe Reader browser plugin enabled or not. So in theory, if they found an attack vector for your OS, having the Java plugin disabled wouldn't stop this from running on your system at all.
  Getting it onto your system is the trick, though. If they found a hole in the Java plugin's sandbox, they could potentially exploit that using an applet and get the code onto your system. Disabling the plugin prevents that possibility, but if they were trying to push this via browsers there are lots of other plugins and holes are found in browsers all the time.
  That being said, I don't bother with the Java plugin either, because applets are crap and I have no use for them and agree with you about sites requiring them (and I'm a full-time Java developer)
2. Re:You mean people actually enable java? by Anonymous Coward · 2011-05-05 18:05 · Score: 0
  
  If it wasn't for OpenOffice, I wouldn't even have a JVM installed, period.
3. Re:You mean people actually enable java? by Anonymous Coward · 2011-05-06 01:50 · Score: 0
  
  # chmod -x /bin/java
4. Re:You mean people actually enable java? by Cougar+Town · 2011-05-06 02:00 · Score: 1
  
  That will prevent the Java binary from loading the JVM and running, but leaves libjvm accessible to other apps that might want to load and start the JVM. A much better way would be to find the location of your installed JRE/JDK and "chmod 000 /path/to/jre" ... that's if you don't want to just uninstall it. But you're right with the chmod trick, it's nice in that you can undo it later if you do want to run a Java app.
small factual corrections by The+Dawn+Of+Time · 2011-05-05 12:49 · Score: 1

jar2exe doesn't work by compiling Java to native code, it starts a JVM and provides the ability to package .jar files into the executable. In principle, a Linux version would be fairly simple to make.
Also, a given JVM is only as locked down as the SecurityManager running inside of it (assuming no exploitable flaws) and you can be assured the trojan packager is not installing one that stops anything.
By Design by Anonymous Coward · 2011-05-05 13:15 · Score: 0

Write once, pwn anywhere.
Silly by Anonymous Coward · 2011-05-05 13:21 · Score: 0

This is almost as news worthy as a botnet client written in Win32, that might potentially infect Linux computers because the packager could wrap it in Wine.
1. Re:Silly by GameboyRMH · 2011-05-06 01:22 · Score: 1
  
  Recent versions of Wine would require the .exe to have executable permissions.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Oh boy by Anonymous Coward · 2011-05-05 13:22 · Score: 0

Java botnet, courtesy of McAfee, the same company that tried to scare people with "jpeg virus" a couple of years ago...
Oracle's marketing dept. should get on this by antifoidulus · 2011-05-05 13:32 · Score: 3, Funny

They just gave Oracle a new slogan for Java, "Write once, pwn everywhere!"

--
Monstar L
This is a case of by surveyork · 2011-05-05 13:57 · Score: 2

"No OS left behind."

--
2019 is going to be the year of Linux on the desktop.
http://www.happyshopping100.com by Anonymous Coward · 2011-05-05 14:01 · Score: -1

---Something unexpected surprise--
Hello. My friend
=== http://www.happyshopping100.com/ ====
Dedi cated servi ce, the new style, so you feel like a warm spring!!!
WE ACCEPT PYAP AL PAYMENT
YOU MUST NOT MISS IT!!!
thank you!!!
Believe you will love it.
http://www.happyshopping100.com/ by IRISTTT · 2011-05-05 14:07 · Score: -1, Offtopic

---Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ ==== Dedi cated servi ce, the new style, so you feel like a warm spring!!! WE ACCEPT PYAP AL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it.
www.happyshopping100.com by IRISTTT · 2011-05-05 14:16 · Score: -1, Offtopic

-Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ ==== Dedi cated servi ce, the new style, so you feel like a warm spring!!! WE ACCEPT PYAP AL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it. **
gg by guoxianteng · 2011-05-05 14:56 · Score: -1, Offtopic

The author's blog written in very good, description is very in place, I love Handys from myefox.
ff by guoxianteng · 2011-05-05 15:04 · Score: -1, Offtopic

The author's blog written in very good, description is very in place, I love epad from myefox.
and the antidote is... by Anonymous Coward · 2011-05-05 15:16 · Score: 0

NoScript.
1. Re:and the antidote is... by rvw · 2011-05-05 18:53 · Score: 1
  
  NoScript.
  Noscript is only an antidote for vulnerabilities that need Javascript. If it uses something else, like in the HTML or JPEG parser, than Noscript is no protection.
2. Re:and the antidote is... by TheLink · 2011-05-05 22:05 · Score: 2
  
  And noscript is not used by the "patients" who need it most, and are the main targets of botnet operators.
  
  Even if you pwn a noscript user, that user is far more likely to notice that he/she is infected, and eventually fix that. These users are the minority, so the botnet operators don't care.
  
  FWIW, I've written a cross platform agent (unix/linux) that scans for hardware/software, connects to a remote server, and can download new instructions. This is legit, for work and is for admins to do software and hardware asset management. The same agent runs on OSX, AIX, Solaris and many Linux distros.
  
  A botnet client wouldn't need root access, sending spam or helping to DDoS does not need root permissions. Most unix/linux machines allow normal users to set their own cron and at job, so that takes care of rerunning the bot after a reboot (there are other ways too).
  
  So anyone who thinks a linux/unix botnet client would be difficult to create or "install" is ignorant or delusional.
  
  The fanatics have got their heads firmly stuck in the sand.
  --
  
  Too many replies beneath your current threshold
3. Re:and the antidote is... by WorBlux · 2011-05-07 02:48 · Score: 1
  
  Then add app armour, which prevents parsers from accessing system parts they don't need to actually do the parsing.
I SO GODDAM FUCKING SICK AND TIRED OF FUCKING JAVA by Anonymous Coward · 2011-05-05 16:58 · Score: -1

Even fucking slashdot feels it's necessary to have 5 mother-fucking java domains on their fucking webpage. Every fucking page I log onto adds a new one every fucking week. What is with the goddamed proliferation of this mother-fucking bullshit java domain fucking crapbucket of bloatpageshit. My fucking 'experience' on Amazon hasn't fucking changed since 1999 but the pages loads like cane toads going up my fucking virgin asshole in an Alaskan blizzard. Fuck off you fucking webdevelopers go find a different fucking job and stop trying to justify your fucking worthless existences by fucking up everyone's 'experience'.
Totally misleading title by Florian+Weimer · 2011-05-05 17:18 · Score: 2

The original McAfee blog article says this (why not link to the original resource in the first place?):

However, we’ve seen only the PC version in a downloader/dropper in the wild.
So this is not different at all from the Java-based Facebook suicide Trojan horse which circulated in Spring 2010 (but was not spotted by most AV companies back then).
Old news, if news at all by xiando · 2011-05-05 19:39 · Score: 1

I used to run one of those what is my IP sites. Now it's IPv6 only because various botnets started (ab)using it. I get a few thousand hits by "Apache-HttpClient/UNAVAILABLE (java 1.4)" pr. hour. Other AV vendors have known for a while, searching for my sites lists several (not mcafee) who lists my site as something the bots use.

--
9/11: Never forget it was a false-flag operation
Re:I SO GODDAM FUCKING SICK AND TIRED OF FUCKING J by Anonymous Coward · 2011-05-05 20:06 · Score: -1

what the fuck(ing) ?
Multiplatform Java-based Trojan? by doperative · 2011-05-05 20:08 · Score: 1

> Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms ..
Is there a working demo in the wild that I can click on and get rooted on other non-Windows platforms?
Linux version by jevring · 2011-05-05 20:20 · Score: 1

Why would there be a "Linux version" of code that runs on multiple platforms? The "Windows version" IS the "Linux version."

--
Move sig!
1. Re:Linux version by GameboyRMH · 2011-05-06 01:24 · Score: 1
  
  The botnet itself is multiplatform but the exploit and installation mechanism is Windows-only.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Wrong platform choice by koinu · 2011-05-05 21:06 · Score: 1

We all know how slow Java is and botnet node users are not willing to upgrade their hardware just to provide a faster service for people who don't pay a cent. So this well-known Java paradigm "Is it too slow? Just add more hardware power!" will not work here.
Count what days? by Anonymous Coward · 2011-05-05 21:37 · Score: 0

Who needs to bother getting users to use sudo for e-mail? They install their shitty little PHP-based content management systems by hand and then happily never fucking update them.
Hurr, durr, yum, herp derp, apt-get; all those regular updates and package management bullshit is bullshit when it comes to people uncompressing crap into docroots.
The amount of Linux servers I've seen that have been totally owned and churning out spam by the goddamned megaton is legion .
Java stands out like dog's balls by Anonymous Coward · 2011-05-05 22:04 · Score: 0

Java??? How is this going to go unnoticed when it consumes 1/2 your memory and cpu
Some routers can filter JAVA applets... apk by Anonymous Coward · 2011-05-05 22:47 · Score: 0

Per my subject-line above? Linksys routers have a SECURITY setting that allows for filtration of JAVA applets too, per this point you made:

"Getting it onto your system is the trick, though. If they found a hole in the Java plugin's sandbox, they could potentially exploit that using an applet and get the code onto your system. Disabling the plugin prevents that possibility, but if they were trying to push this via browsers there are lots of other plugins and holes are found in browsers all the time." - by Cougar Town (1669754) on Thursday May 05, @09:26PM (#36043646)
So, IF anyone's concerned about that? The "layered security" way around it, is to use router based filtering of JAVA applets (again, which Linksys routers have a security option for, as one example thereof).
APK
1. Re:Some routers can filter JAVA applets... apk by Anonymous Coward · 2011-05-06 08:25 · Score: 0
  
  If Linksys has developed technology that can decrypt HTTPS content with nothing more powerful than a home router, we're in trouble. Thankfully, I'm pretty sure they haven't accomplished that.
wrong conclusion by Anonymous Coward · 2011-05-05 23:12 · Score: 0

this trojan isnt made this way to be multiplatform, but to make it harder to analyse and/or detect both with manual and automated analysis.
Re:I SO GODDAM FUCKING SICK AND TIRED OF FUCKING J by GameboyRMH · 2011-05-06 00:27 · Score: 1

I am sick and tired of these motherfucking rants on this motherfucking site!

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
It also helps to have... by GameboyRMH · 2011-05-06 00:29 · Score: 1

AppArmor.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
1. Re:It also helps to have... by TheLink · 2011-05-06 05:15 · Score: 1
  
  Assuming you've got it configured well. On at least one version of Ubuntu I tried, apparmor had rather loose permissions for firefox. I tightened it up, but how many in the world would do that?
  
  As for reporting it to Ubuntu, I've more or less given up on "Desktop Linux". I'd report problems with server stuff, but in my experience the desktop developers aren't worth wasting time with.
  --
  
  Too many replies beneath your current threshold
Microsoft by _0xd0ad · 2011-05-06 01:23 · Score: 1

Hello
If this is your first white screen of death
First contact Microsoft about this problem. Then press the [any] key to continue. If this screen still appear you are infected by a virus.
----------- This white screen of death is made by Microsoft -----------
1. Re:Microsoft by _0xd0ad · 2011-05-06 01:27 · Score: 1
  
  :%s/any/F5/g
1st - most pages aren't http secure by Anonymous Coward · 2011-05-07 03:57 · Score: 0

And, I really don't see your point, unless you're saying that a secured http page has an exploit on it for instance, theoretically... is that where you're going in your statement?
APK
P.S.=> If so, that's when I'd couple using say, Opera's "by site preferences" & ONLY ALLOW java to run on certain pages that demand it & that I know are trustworthy... in combination with the Linksys security feature I noted (where the router can "filter out" java applets), for "layered security" purposes... apk
platform newbie by jsaglaquo · 2011-05-10 12:12 · Score: 1

excuse my question: is this the first botnet running in java? what are the other common languages that are used to write this stuff. For sure it ain't Visual Basic. Why is the code of malware not portable when written in c++? For now its just a matter of time until the botnets run more reliable in linux, but still run in $gcc_plattform.