Researchers Say Kelihos Gang Is Building New Botnet

alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."

Re:How many of those where linux pc's again?

[Gaygirlie]

The OS in question bears no relevance here: it's a trojan, something a user installs on his or her own, and thus could just as easily apply to Linux, too. Linux isn't some magic bullet that is immune to trojans; as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs, having root access is just a bonus, not a necessity.

Why so few Vista clients?

I'm surprised very few infected clients are Vista. Any particular reason for that?

Re:Why so few Vista clients?

[SJHillman]

Relatively low (compared to XP/Win7) and continually declining marketshare would be my guess.

Re:Why so few Vista clients?

[Khyber]

Because Vista was so shitty that even malware crashed before being able to execute.

Two deadly vectors of infection...

[mspohr]

Another reason I'm glad I don't use Facebook or Windows.

Re:Two deadly vectors of infection...

[SJHillman]

As a previous poster pointed out, trojans care not if it's Windows, Linux, Mac OSX or BSD because the user is the weak link, not the OS. All you need is 1) a trojan for that OS and 2) a user that gives the trojan permissions - most infections I've come across on Windows lately do not have administrator permissions unless the user does. Likewise, Facebook isn't so much the weak link as users are because they'll click on anything.

Re:Two deadly vectors of infection...

[Charliemopps]

If thieves only targeted a certain model of car because it was very popular and therefor the parts valuable (which is actually the case) you would still be doing yourself a favor by avoiding that model of car, even if you were diligent about where you parked it and buying a security system for it.

Re:Two deadly vectors of infection...

[mspohr]

So why does this only infect Windows? Are Linux and Mac users smarter? Are all Facebook users incredibly stupid? Do only Linux and Mac users realize that it's stupid to type in your password for some random software? Are only Windows users smart enough to remember their administrator passwords? Does god hate Windows? Do the people who write trojans hold a particularly low opinion of Windows users? Are they trying to educate Windows users? Is that possible? I know a few Windows users and they don't seem that stupid. Some of my best friends use Windows but they don't have a clue about this "administrator" stuff. Should we try to explain it to them our just charge them money to clean up their computers? I think that after that whole thing with the Greeks and Trojans that people should be on to them by now... I mean its been like thousands of years. I really don't want to believe that Windows users are stupid, I'd rather blame Microsoft. Mac and Linux don't seem to have these problems with Greeks and Trojans and stupid users...

Re:Two deadly vectors of infection...

[grcumb]

I have mod points, but tragically there's no +1 troll option.

Re:Two deadly vectors of infection...

[mspohr]

You could try "+1 Funny".

Re:Two deadly vectors of infection...

[grcumb]

You could try "+1 Funny".

I could, but I was trying for a "+1 Funny" myself.

Re:Two deadly vectors of infection...

[dkf]

So why does this only infect Windows? Are Linux and Mac users smarter?

I suspect that there are a few reasons for targeting Windows.

1. Low-intelligence users (who also tend to have reduced spending power) gravitate to cheap available pre-built hardware running the default OS. That points to Windows.
2. Windows was historically bad at security, so blackhats gained a lot of experience there. This has got to be a major factor and it can't be helped now.
3. Windows is much better at security now, but Microsoft hasn't quite got the usability of security right. There are just a few too many security-related confirmation dialogs popping up that users are still not quite careful enough about it.

Overall, it's a bunch of small stuff and things that just happend that way that adds up in combination to a problem.

Are all Facebook users incredibly stupid?

There are lots of Facebook users due to their (FB's) extensive market penetration; enough of the users are incredibly stupid (or at least duped by automated "social" tricks) to make it worthwhile targeting them.

Look, the real problem is that some people are incredibly stupid. For as long as that's true, there will be criminal scum who try to make a living by duping them. It's been happening for thousands of years (there must've been confidence tricksters in ancient Sumeria) and the use of computers and the internet is just the latest manifestation. Since you can't fix stupid (except by removing all the warning labels from things) we're stuck with running after the criminals to stop them.

Re:Two deadly vectors of infection...

[Tom]

As a previous poster pointed out, trojans care not if it's Windows, Linux, Mac OSX or BSD because the user is the weak link, not the OS.

True in theory.

Real life begs to differ, though. Geeks regularily forget about real life. In your head, your password policy grants your users great passwords at a theoretical complexity of 10^18. In real life, the actual complexity is closer to 10^7 due to patterns.

Same with the trojans and other malware. Yes, theoretically some classes of malware could be just as easily targeted on OS X or Linux. In reality, though, OS X has about 15% market share and less than 1% virus share, while Linux has 5% market share and much less than 1% virus share.

Speculations about whether that's for reasons of technology, psychology or ROI may be interesting, but the simple facts are that the number of known malwares for all non-windows OSes combined doesn't even register as a rounding error in the count of windows malware, and does not even remotely resemble the respective market shares.

Re:Two deadly vectors of infection...

You "anything" link doesn't work ! I have clicked it like 10 times, and nothing happens !

Re:How many of those where linux pc's again? None

Linux isn't some magic bullet that is immune to trojans

repeat after me, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel

as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs

How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.

So yeah, I have yet to see a malicious ELF executable being distributed on Facebook - LOL!

Re:How many of those where linux pc's again?

[powerspike]

They are running a "Business". You try to maximize your profits. More infections means more money to them. Time Vs Effort. It'll wildly more profitable to go after large targets like windows (and even Mac OSX these days), instead of things like BSD and Linux. They are Already up to 70k Accounts according to the summary, do you even think that there is that many people using Facebook from a linux system?

Re:How many of those where linux pc's again? None

[Mitchell314]

People running Linux are also more educated.

Isn't the front line of defense in security a vigilant and knowledgeable userbase, not the OS/kernel? Yeah, yeah, I know, it's a free-ponies-for-all pipe dream.

Re:How many of those where linux pc's again?

And Apache is still number 1 and still less infected than IIS

Re:Dear GmExcrement... apk

i 3 u.
let us all secure windows! it is somewhat possible, at least as possible as securing anything else.
seriously, though...people who know about hosts files don't get compromised, or if they do they are cleansed within hours.
most windows infections are a joke! got a rootkit? don't panic, hit it with cheat engine until it crashes then delete it! wow didn't even need to reboot!

How many people actually use linux pc's again?

Riighterr!!!! Knew so - how's Android (a Linux) doing, security-wise for years now? Torn up! Where an OS is used the most, it will be targetted, attacked, & abused most - period. That comparison pretty much proves it with real-world results any idiot knows. The badware makers target the biggest mass with 1 shot they can on that computing platform, be it pc's/servers or smartphones.

Re:How many people actually use linux pc's again?

[lister+king+of+smeg]

Firstly Android while having a Linux kernel does not act like linux, it rose not require a password to install software like you do in Linux this is done by the people implimenting Android because they want it to be easy and in know way intemadating to the users so they make it easy to use at the expense of security. Secondly most of the Android malware are trojan apps that are installed by users trojans are a User security issue not a os security issue. And third Android is based on Java whichever you hear about security problems with all the time. It is a major attack vector for many opperating systems. Also many Android systems are unlatched because updates are left up to the phone companies whichever have little instive update the phones.

Re:How many people actually use linux pc's again?

Android=Linux w/ most users on smartphones proves my point, that the most used OS on a given computing platform becomes *the* major target for malware makers to take pot shots at (and at users monies or personal information etc.). Much of the same per your 'excuses' goes on with Windows (which has the majority usershare on PC's and Servers combined) too but not as badly as it used to because it's been redesigned with UAC accounting for 1 of your excuses regarding passwords or user privelege levels. Lot of excuses versus the results, but the results are the results on either computing platform, which make my point quite clear by real world results. Lastly, it's Dalvik, not Java (strictly speaking) also.

Re:How many people actually use linux pc's again?

[ozmanjusri]

Riighterr!!!! Knew so - how's Android (a Linux) doing, security-wise for years now? Torn up!

Actually, no. More of a beat up.

Despite Microsoft attempting to buy scare stories with free phones, malware on Android is rare and generally easily removed.

"Microsoft is offering five Android malware victims a free Windows Phone 7 phone. The catch? You need to share your rage against Android with the Twitterverse."

http://securitywatch.pcmag.com/none/291668-microsoft-offers-free-windows-phones-to-android-malware-victims

"Advanced users are already wary of alarmist declarations from security vendors, and though the malware threat for Android is growing, many consider it overblown, especially when compared to Windows and other desktop operating systems".

http://androidcommunity.com/symantec-backs-off-of-android-malware-claims-after-researchers-cry-foul-20120201/

security firms that warn of Android malware 'charlatans and scammers'

http://www.zdnet.com/blog/hardware/are-security-firms-that-warn-of-android-malware-charlatans-and-scammers/16412

is facebook the new preferred target for attacks?

seems prime for that.. with the average smart user there having the i.q. of a 90s aol'er.

Re:How many of those where linux pc's again? None

[monkeyhybrid]

How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.

And nearly all will run bash, python and perl scripts. A malicious payload doesn't have to be a compiled binary.

Re:How many of those where linux pc's again?

It's amazing how many times this gets pointed out, only to be dismissed as comparing apples and oranges. On a relative scale, a lot of people deploying apache and IIS are just as clueless as the desktop browser users we're comparing them to. Installing php software willy-nilly with no regard for security, etc.

Re:How many of those where linux pc's again?

Someone needs to teach you about GNU/Linux and how it works. See unlike Mac and Microsoft Windows there is a system to thwart malicious applications from running rampant. Part of this is that the core software is free. No, not no cost. I mean free. The users can actually examine the code. The second and likely just as important part of this is users aren't expected to download random applications or manually apply security updates. This is all automated through something called a repository! Now that you know please stop saying "Linux" isn't a magic bullet. It is a magic bullet in comparison to Apple and Microsoft platforms. And unlike Apple's and Microsoft's cloning attempts there is nothing to deny users the right to install anything they want. However given the average user can follow no more than two or three simple directions it meets a perfect balance of total lock down (Apple) and totally insecure (Microsoft).

Re:is facebook the new preferred target for attack

Facebook users are needy narcissists. They think that if they don't accept/aggree to anything that is offered to them that they won't be liked.

Anonymous

We all knew Anonymous would strike again. Why aren't the authorities doing something about these criminals?

Maybe what we need to do is make it so that nobody can access the internet without supplying a sample of their DNA. And then make it so that all communications from the user to the internet are logged in an extremely verbose manner, and have a system of spy networks at the ready to detect subversive behavior. The governments could intentionally put things like porn or questionable books like Fahrenheit 451, 1984, or The Diary of Anne Frank on the internet and then arrest civilians when they try to access them.

I wish I were in a position of power where I could institute a program like that in the United States of America. For too long we have strayed from the Lord's Path, and we need a true leader to bring this country back in the right direction.

Re:How many of those where linux pc's again?

apt-get install trojan
E: Unable to locate package trojan

Nope, doesn't work.

Re:How many of those where linux pc's again?

[tomhath]

Probably very few, because very few people use a Linux distro for web browsing (less than 2% last I heard).

Yes.. Secure Windows!

[anubi]

let us all secure windows!

Amen!

Just last night, I experienced a "drive-by" download of the "S.M.A.R.T. HDD" virus.

First, Firefox closed all by itself. I thought at the time "Oh well, another hostile JavaScript"...but its required to talk to Business sites. Better shut down and restart Windows to rid myself of it.

When I did, my Windows 7 machine restarted funny, black background, then suddenly all these windows popped up telling me my hard drive was terribly sick. Words like "critical" were flashing in red on several windows. Damn near made me soil my pants. It all looked so legit, especially the way vendors bundle all sorts of software from vendors I have never heard of in machines these days. The "S.M.A.R.T. Check" window then informed me I only had a trial version of their software and offered a payment opportunity if I wanted an immediate upgrade, or I could give it an administrator password to continue. I smelled a rat.

I put the machine to sleep.

I logged onto Google from an uncompromised machine running K-Meleon under WIN95. And verified I had this thing.

To Microsoft's credit, their "system restore points" worked. I was able to restore the system to a point baselined a week ago, and the virus disappeared.

Not satisfied yet, I got a fresh download of "Windows Defender" definitions and ran a quick scan. Nothing found. Later that night, I set the machine to do a "full scan" and it found a backdoor and a password stealer.

I get the idea the backdoor and password stealer were part of the "S.M.A.R.T." package, but needed an admin password to install them, and thats why quickscan did not find them.. Maybe someone else who has seen this beast can enlighten me.

While I am impressed that Microsoft's virus scanner found these ( according to the sources on Google, this is a hard-to-find polymorphic virus ), I have this question:

Why is it we have all this authentication, administrator and user privilege levels, and yet a rogue program can install itself in such a manner - from a restricted user account - so as to survive a reboot?

From an administrator account, yes, administrators need to install permanently residing software... but lowly users? Any software we install should be sandboxed to our own user account, and definitely not survive a reboot!

The fact I could recognize this as rogue software, and that Microsoft provided me with the methods of recognizing and removing it shows we have come a long way, but there is quite a bit left to go - things like what I just experienced should never happen.

If this "echelon" thingie our taxpayer dollars are funding actually works, can it be programmed to also look for virus signatures - so that the emitter of these signatures gets a knock on their door from 3-letter secret government agencies? Dammit, I am paying for this as a taxpayer - put all this snooping to some good use if you are going to snoop in the first place. I want some of that "safety" I have sacrificed my privacy for.

Re:Yes.. Secure Windows!

"Why is it we have all this authentication, administrator and user privilege levels, and yet a rogue program can install itself in such a manner - from a restricted user account - so as to survive a reboot?"

Because Windows has to survive the reboot! :( slashdot ate my less than 3 :( :( :(

captcha : adultery
the real reason any thing bad happens.

oh and I wasn't kidding about Cheat Engine, you can fuck up all kinds of programs with it, even the ones that are designed to fuck you!

Re:Yes.. Secure Windows!

Why is it we have all this authentication, administrator and user privilege levels, and yet a rogue program can install itself in such a manner - from a restricted user account - so as to survive a reboot?

Which part of "Microsoft product" did you not understand?

Re:How many of those where linux pc's again?

[techno-vampire]

Linux isn't some magic bullet that is immune to trojans

Of course it isn't. However, unlike any OS that Microsoft has ever sold, security is part of the basic design, not something that's tacked on later as an afterthought. And, as others have pointed out, Linux isn't a monoculture, the way Windows is. There are only a few versions of Windows out there, all of them, almost without exception, using the same file manager and desktop environment. Most of them use the same email client and office suite, as well as the same web browser. Find a vulnerability in any of them and you've got a way to take over millions of PCs. Not only is each Linux distro different, but you have a number of different Desktop Environments in use, each with a different set of potential security issues, along with several popular browsers, different office/productivity programs and a number of email clients. From the perspective of the people running these botnets, Linux is just more work to hack than it's worth to them.

Linux "'FUD' of the day" b.s. quoted as proof

"However, unlike any OS that Microsoft has ever sold, security is part of the basic design, not something that's tacked on later as an afterthought" - by techno-vampire (666512) on Sunday April 01, @09:34PM (#39545101) Homepage

SeLinux bolted on MAC (mandatory access control), "after the thought" which allows what Windows had LONG before it for security, in ACL (access control lists)...

* Hmmm - guess you didn't know that but stated it anyhow, & I am guessing more out of ignorance of that fact, than "FUD" spreading though... right?

(Must be, because it's the truth).

APK

P.S.=> I don't really have anything personal against you techno-vampire, but I did want to point out the error in your statement with a specific concrete example of fact vs. its falsehood... apk

Windows NT based OS & C2 secure

Windows NT based OS had that security certification before Linux per the "orange book" (look that up if you need to). No OS exists has A levels, afaik @ least from widely used commercial or not mainstream PC/Server Operating Systems, & only HP/UX afaik, has achieved B2 level status.

APK

P.S.=> On C2 ratings? Honestly, I am not even sure Linux has that! However, now? It probably does (with SeLinux @ least, which WAS added onto Linux by the NSA, & only "after-the-thought" - per my last post to techno-vampire here -> http://it.slashdot.org/comments.pl?sid=2759981&cid=39545701 )... apk

Unjustified moddown = best you got?

Plus to troll me after, by AC also?? From the security community for you & others of "your kind" that give me a hard time on hosts files:

"I don't actually get time for many sites such as slashdot anymore, but certainly see my fair share of trolls on the MyWot (Web of Trust (I'm a moderator there, and MyWot includes hpHosts in their "ratings")) and Malwarebytes forums, and you're correct - it's always either users of malicious software/sites, or the owners of such, that are doing it." Mr. Steven Burn - services@it-mate.co.uk -> hpHOSTS/malwarebytes http://hosts-file.net/?s=Download

* So, that "all said & aside"? Do you *think* that others here aren't thinking the same of YOU (or anyone else) that tries to give me a hard time about hosts files usage for added security, speed, & even better "anonymity" vs. tracking online?

Not even a "nice try" troll, & blowing your mod points + trolling me by AC replies afterwards gives your "game" (weak) away as well on how you did it, and the 'why' of it Mr. Burn describes above I strongly suspect as well...

APK

P.S.=> My hosts file updates "automagically" every 15 minutes here via a program I wrote for it to do so, so... no, I don't have to raise a finger to do it (and that program? Mr. Burn of malwarebytes/hpHOSTS says it is 'excellent' & has given me space to host it as well in fact - I'll have it out for anyone to use, gratis, shortly in fact)... apk

Re:Unjustified moddown = best you got?

[eldorel]

I'm going to leave my uid on this so you can't just dismiss it as another troll.


DEAR APK,
I've already had to scroll past this same post twice IN THIS THREAD ALONE.

You have copy/pasted the exact same set of directions to just about every security related article for the past several months.
We've all already seen it, and it's just wasting space.

If you want to inform new people, fine.

Put together your own web site, post all of these directions in a single place where you can keep them up to date, and post a link WHEN IT"S RELEVANT, AS PART OF A POST THAT HAS DIRECT BEARING ON THE DISCUSSION AT HAND.

No one cares who else thinks your idea is nifty, and trying to pat yourself on the back/inflate your ego here on slashdot just irritates those of us with mod points.



You want to get the word out? Great! Here's what you need to do.

1) Write up a step by step paper with these directions, include .REG files with the settings ready to be merged, and possibly even simple scripts to implement the changes.

2) Get a native english speaker to act as editor for your paper, to avoid the hard to parse portions of your manner of communicating, and then hammer out the exact meaning you want to convey.

3) THEN, send your paper to people who are willing to test this out. Get people in the industry to help you iron out the problems, and then update your web page again.


After you have something more useful than 2 pages of random registry keys people will start talking about your idea. They will find problems (broken programs, headaches, etc.) and then you can fix them.


But again, POSTING THE SAME CRAP TO SLASHDOT 10 TIMES A DAY IS ONLY GOING TO GET YOU IGNORED AS ANOTHER CRACKPOT TRYING TO SELL SOMETHING.
Also, go register an actual slashdot account. Posting AC doesn't help your image.

Good luck.



Feel free to send me a rough draft of your paper if you ever get around to writing it. (consider this your first newsletter subscription)

Eldorel

Re:How many of those where linux pc's again?

[Billly+Gates]

I am sick and tired of this MS FUD. ... why do I keep coming here?

Your bias is based on 10 to 15 year old facts on depreciated or nearly depreciated kernels and apis. I think it is a sign of insecurity to blindly follow something when facts are contrary.

Last week a slashdotter said in a straight face that he is waiting for the first ever unix virus as they do not exist and was gloating. I kindly reminded him where did the term root*kit came from? Root sounds like a Linux account if you ask me.

I have seen financial institutions SuSE Enterprise Servers hacked with a rootkit installed running a Russian Phishing scheme. The admins said We use UNIX ITS SECURE bla bla. Sigh.

Back to the topic, Windows 7 supports ASLR, DEP, sandboxing, privilege separation, and other many improvements that I do not see in Linux.

If you know the ram address of a particular .SO in linux you can get it through a buffer overflow. In Windows Vista and higher you can't as the ram address is randomized. Windows has anti virus scanners that actually block malware and shield. Linux does not.

  This blind zeolotry reminds me of those who hate evolution so much they make all sorts of crazy theories like people walking with dinosaurs 5,000 years ago and global warming is a hoax etc. This is because they feel threatened their religion and beliefs are somehow under attack by anyone who is not a (R) or evangelical. It is harmful for those in IT who will refuse to take precaution to secure their linux systems.

I have seen malware in ads written in javascript that exploit the flash/java/browser and will run fine under Linux because the exploit is multiplatform. I hope your anti virus is up to date. Oh, thats right Linux which is written in C just like Windows could not possible suffer from buffer overflows, stack smashing, and other things

Re:How many of those where linux pc's again?

[mug+funky]

so it's not security through obscurity, it's security through diversity.

either variant of linux on it's own is not a large enough target.

this is how wild plants survive better than crops...

Re:How many of those where linux pc's again?

[techno-vampire]

I am sick and tired of this MS FUD.

FUD? Are you denying, then, that well over 90% of all the viruses found "in the wild" target MS Windows and that the rest target the Mac OS? Are you claiming that there is, currently, malware out there designed to target Linux? If so, I'd like to know about it because I've never heard of it.

As far as root kits go, you either need to have access to a machine to install one or you need to trick somebody into giving your installer root access, just as you need to get Administrator rights under Windows. Unlike Windows, however, people running Linux aren't in the habit of installing programs they found on random websites; we get our software from distro-specific repositories where everything's been checked out before it's made available.

Windows has anti virus scanners that actually block malware and shield. Linux does not.

That's because Windows needs them. At the present time, Linux doesn't. Some day, probably, it will, and they'll be written, distributed and used. For the time being, however, I don't need to waste disk space or CPU cycles on them.

Re:How many of those where linux pc's again?

[Billly+Gates]

Tons of malware target Linux.

SQL injections, *root*kits, and php vulnurabilities all target Linux or the LAMP stack. Linux hosts the servers with the fast pipes and the sensitive credit card data. The Windows PCs serve as the bots to launch the attacks

Rootkit can be installed by an exploit. The whole oh just do not be root and click on shit is 1990s security. All you need to do is exploit php or your sql database and I can get your server to run my code and then install the rootkit to hide it.

Its that out of date attitude I am talking about. Windows Server become popular because of security over Unix believe it or not. Until W2k came and discovered it had the same problems because it was also written in C. The same attitude how those Linux servers were comprimised as the admins never updated their servers as they read slashdot comments saying Linux is a magic bullet and can never be hacked.

Of course I do admit this flaw is 1990s common sense security practice not to click on something and run it so it is the fault of the user regardless of the OS.

Do not click on stuff, keep your pc updated, stop using XP and IE 6/7, and run anti virus software and you are pretty secure.

Re:How many of those where linux pc's again?

[techno-vampire]

Not completely, of course, but I'm comming to think it's an important factor. One of the reasons the Potato Blight devistated Ireland so thoroughly, you know, is that almost all of the farmers were growing the same breed of potato, which happened to be exceptionally suseptable to the disease. It's the same thing with Windows. Since most Windows users use the same programs for their work, they're all wide open to the same malware. Just using Firefox, Thunderbird and/or LiberOffice can make Windows safer simply because whatever security holes they have aren't the ones being targetted.

Re:How many of those where linux pc's again?

[Gaygirlie]

Are you claiming that there is, currently, malware out there designed to target Linux? If so, I'd like to know about it because I've never heard of it.

http://www.theregister.co.uk/2011/10/04/linux_repository_res/ , https://en.wikipedia.org/wiki/Linux_malware#Threats , http://www.darknet.org.uk/2011/01/java-based-cross-platform-malware-trojan-maclinuxwindows/ and so on. How about the cross-platform one for OpenOffice, BadBunny or what its name was? And so, you should be able to use Google sufficiently even on your own. Or hell, if you happen to be running SSH or HTTP servers go and take a look at your log files, you'll see plenty of attempts and many of those target Linux-boxes.

As far as root kits go, you either need to have access to a machine to install one or you need to trick somebody into giving your installer root access

It's easy enough to fool people into running stuff they shouldn't, and there are vulnerabilities even on Linux that allow stuff to gain root access. Just look through last year's Slashdot news if you wish, there was several high-profile vulnerabilities reported.

Re:How many of those where linux pc's again?

[Gaygirlie]

However, unlike any OS that Microsoft has ever sold, security is part of the basic design, not something that's tacked on later as an afterthought.

You've never heard of SELinux, Tomoyo Linux et. al. then.

Re:Run as admin (special UAC type) & always cl

[Nikker]

But I'm not a computer programmer and I want something that Just Works! I pay my hard earned money for my copy of Windows why should I have to sort through thousands of lines of codes just to get my system work properly?

This is why Windows will never truly be a Real OS.

Re:How many of those where linux pc's again?

[ozmanjusri]

The OS in question bears no relevance here:

Can you show us any current Linux trojans?

Re:How many of those where linux pc's again?

[eldorel]

OK, screw my mod points. I have to comment on this.

There is a big difference between a virus or trojan that takes advantage of a flaw in the operating system and one that relies on brute forcing the password to a privileged user account or tricking a user into handing over the password directly.


I support networks for a living, and we also deal with lots of small businesses and residential systems.
The single biggest infection vector on any operating system is third party browser plugins such as flash or java.
However, when one of our linux users has a java virus, it only gets access to their user directory. A simple reboot stops the virus, because all of the Home directories have the execute bit disabled.
A quick follow up scan once a week with avg for linux or clamav, and they are no longer infected.

Yes, There are a few nasty rootkits that use privilege escalation, but on linux those are few and far between.
To quote the link YOU posted,

few if any are in the wild, and most have been rendered obsolete by Linux updates

On windows, we have to deal with executable files dropped into 20 different locations, a few hundred ways for a virus to execute at startup, and ways for the virus to easily hid itself behind processes that are supposed to be there.
(hello svchost.exe, how many viruses did you execute today?


I really wish you people would stop trying to compare apples to elephants, and start looking at things in a more reasonable method.

Here, I'll start by making a nice little table.

Problem: ............... Mac/Windows ..... Linux (desktop) .... Linux (server)
Stupid users ............... YES .......... YES.................... YES
Java Viruses ............... YES .......... YES.................... NO
Flash Viruses .............. YES .......... YES ................... NO
Brute Force Password ........YES .......... YES.................... YES
Users install Random crap ...YES .......... NO..................... NO
Use admin pass frequently .. YES .......... Maybe.................. NO

Feel free to add more to this table, but just this much makes my point.
EVERYTHING IS VULNERABLE TO STUPID AND BADLY TRAINED USERS/ADMINS.


In my experience, Linux distros respond faster to discovered threats and mitigate actual compromises better than WIndows or MacOSX.
Linux distros also usually don't train users to do things that are known to be dangerous, such as downloading and executing unknown/untrusted binaries.
NOR does linux require a huge financial investment in order to have code vetted, signed off and added to the repositories.

Re:How many of those where linux pc's again?

[techno-vampire]

Interesting. Thank you. Wikipedia mentions that there are about 850 known Linux viruses, mostly obsolete because the vulnerabilities they exploited have been patched. And, I gather, none of them are currently known to be in the wild. How many Windows viruses are there currently known of and active?

What I find most interesting, however, is the cross-platform attacks. Please note, that I never said that Linux malware is completely impossible, I said that it's nowhere near as much of a danger to Linux as it is to Windows. (Or, if I didn't exactly say that, it's what I meant to say.)

Re:How many of those where linux pc's again?

[techno-vampire]

I'm quite familiar with SELinux, TYVM. AIUI, SELinux was developed when it became apparant that the original security scheme was no longer adaquate. And, although it's only supposed to be watching for security threats, most of the alerts I've had to deal with have had to do with real stupid bugs, such as a program trying to walk all of /proc for no good reason.

Re:How many of those where linux pc's again?

[Gaygirlie]

EVERYTHING IS VULNERABLE TO STUPID AND BADLY TRAINED USERS/ADMINS.

That is the whole point I've been making all along: even Linux cannot guard against users doing stupid stuff, or against applications having vulnerabilities. Some people try to paint Linux as being completely invulnerable to anything whatsoever and that is the thing I have an issue with: you should never assume your system is secure just because it is Linux.

Re:How many of those where linux pc's again? None

[PigleT]

It's a simple case of majority-ism. Most facebook users will be on Windows and probably IE, so if you're going to make a trojan, to make your job easy that's who you target.

Security isn't limited to exploits in the scope of a user's OS; it's all about privacy, and messing in their web-identified spaces also counts as a security violation.

I've got a BETTER multi-part reply for you

Don't LIKE it? Don't read it. It's that simple... I doubt you even understand it, because IT IS on topic (especially about running as an administrator, because of the person I replied to noting that much).

" post a link WHEN IT"S RELEVANT, AS PART OF A POST THAT HAS DIRECT BEARING ON THE DISCUSSION AT HAND." - by eldorel (828471) on Monday April 02, @03:40AM (#39546667)

See above, "rinse, lather, & repeat"...

I.E.-> You can make running as an administrator LIMITED like other users are, to avoid malware installing & that's what those particular settings help for.

(Your reply only tells me you don't realize that much & didn't read the poster's reply before mine...)

---

"No one cares who else thinks your idea is nifty, and trying to pat yourself on the back/inflate your ego here on slashdot just irritates those of us with mod points." - by eldorel (828471) on Monday April 02, @03:40AM (#39546667)

Ok then, I'll let others who used the guide I wrote up, point-by-point, tell you how things worked out for them instead of my stating it:

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

AND, here are some times I was modded up for it around here on /.:

* THE APK SECURITY GUIDE GROUP 18++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

APK SECURITY GUIDE:2009 -> http://it.slashdot.org/comments.pl?sid=1361585&cid=29360367
APK SECURITY GUIDE:2009 ->

Re:I've got a BETTER multi-part reply for you

[eldorel]

(sigh)
Fine, you're awesome, incredible, and one of the most accomplished programmers the world has ever seen.

I don't care, and it doesn't negate anything that I said.

You act like a dick with low self esteem who likes to blow his own horn on other peoples web sites.
No one cares what you have done when we can look at and test the actual information you are presenting, so quit with the self promotion.

I wasn't being condescending, nor was I trying to be insulting.
Instead I was simply pointing out that while you've got a few good ideas, your presentation of it is crap.

You have the exact same information that you've been presenting for over a decade splattered all over the internet in anonymous posts and articles referenced by people who saw the potential in what you're trying to push.

However, you've been resting on your laurels instead of actually becoming an important reference for the industry.

Knowledgeable professionals already know how to lock down UAC.
Most of them do it using GPO's instead of registry edits, and about 90% of what you've been shouting about is referenced in at least 3 of the books I have on the shelf for my techs to reference.

You aren't trying to bring this to the attention of people like me.
You need to reach the MCSE/A+ certified "technicians" out there doing 95% of the day to day maintenance.
Instead you waste your days being a jackass on slashdot.

So, feel free to ignore my advice and continue attacking people who try to tell you things.
I'm not going to waste time of breath shouting at someone who has decided that the entire rest of the world must be wrong.


As for your personal attacks on my experience, have fun.
I don't need random strangers to pat me on the back and puff up my ego.
I get more than enough of that from the customers and other IT professionals who call me when they have a problem they can't solve.

Eldorel

"M$ CON$PIRACY", eh? Here's some links 4U too

"Despite Microsoft attempting to buy scare stories with free phones, malware on Android is rare and generally easily removed." - by ozmanjusri (601766) on Monday April 02, @03:24AM (#39546627)

So is Windows malwares (even rootkits): What was your point? To show that my point, that the MOST USED OS on any given computing platform will be attacked & abused?? Thank you then I suppose for helping me make my point!

* Trying to make it out like some "M$ CON$PIRACY" though, on YOUR PART in "buying stories"? Please... lol! It's a FACT & widely known that ANDROID, a linux variant (because it surely doesn't use Windows or MacOS X @ its core) is being torn up... why?? See my original posts on 'the most used OS on any given computing platform will become the preferred target of malware makers'... period.

APK

P.S.=> Here's some "food 4 thought" on that very account since you like posting links? I can too, by the truckload (from reputable sources including the security community):

3,325% increase in malware targetting ANDROID:

http://blog.webroot.com/2012/02/17/report-3325-increase-in-malware-targeting-the-android-os/

Security firms: Android malware set to skyrocket â The Register

http://www.theregister.co.uk/2011/09/15/android_malware_skyrockets/

Android Malware May Have Infected 5 Million Users - Slashdot

http://yro.slashdot.org/story/12/01/28/0431251/android-malware-may-have-infected-5-million-users

More than $1 million stolen from Android users in 2011, mobile threats to increase in 2012

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/

Android bug lets attackers install malware without warning â The Register

http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/

(Would you like MORE? I have, oh, roughly another 100++)...

... apk

Re:"M$ CON$PIRACY", eh? Here's some links 4U too

[ozmanjusri]

FUD.

Source - Seculert Blog

Kelihos.B is still live and social

Re:How many of those where linux pc's again? None

wrong, some will run busybox with ash (android, TVs, routers and other embedded devices) other will run bash 3, others bash 2..

Re:How many of those where linux pc's again?

this guys is nuts

I am sick and tired of this MS FUD. ... why do I keep coming here?

don't come here then. there are plenty of ms fanboism websites out there where you can make friends that share the same reality distortion field as you.

Last week a slashdotter said in a straight face that he is waiting for the first ever unix virus as they do not exist and was gloating. I kindly reminded him where did the term root*kit came from? Root sounds like a Linux account if you ask me.

A trojan and a rootkit are totally different things, get your facts up and NO, nobody asked you anything.

I have seen financial institutions SuSE Enterprise Servers hacked with a rootkit installed running a Russian Phishing scheme.

I've seen plenty of ms software houses being hacked too, what's your point?

Back to the topic, Windows 7 supports ASLR, DEP, sandboxing, privilege separation, and other many improvements that I do not see in Linux.

WRONG! You clearly know nothing about Linux. So far, it is YOU that is spreading FUD. Is a Google search too hard work for you?

ASLR - http://en.wikipedia.org/wiki/Address_space_layout_randomization#Linux
From wikipedia:
Linux has enabled a weak form of ASLR by default since kernel version 2.6.12 (released June 2005).[6] The PaX and Exec Shield patchsets to the Linux kernel provide more complete implementations. Granted pax is not usually found in desktop boxes (in exception to Fedora installs).

DEP - http://en.wikipedia.org/wiki/NX_bit#Linux
The Linux kernel currently supports the NX bit on x86-64 CPUs and on x86 processors that implement it, such as the current 64-bit CPUs of AMD, Intel, Transmeta and VIA.

sandboxing - http://en.wikipedia.org/wiki/Chroot
ARE YOU KIDDING? Never heard of a chroot Jail?

privilege separation
are you telling me Linux doesn't have privilege separation? Really??? never heard of root accounts and apache accounts etc..?

Dude you are lame as hell! Are you really complaining about people spreading FUD about windows while making the most distorted and bold claims I saw about Linux? Not only that but you are also making yourself a fool by demonstrating a complete lack of knowledge about systems other than microsoft.

A concept Linux took from Windows?

http://it.slashdot.org/comments.pl?sid=2759981&cid=39545701

?

Absolutely & no questions asked, as to WHO achieved C2 security before whom, OS' wise.

* Want more, as to ideas & architectures Windows had before Linux?

Ok:

1.) SMP, & thus, ENTERPRISE READY SERVERS for Linux couldn't happen until things very like Windows NT-based OS' had in completion ports + re-entrant kernelmode code.

2.) True usermode threads (instead of a single 'round robin' to a single kernelmode thread as Linux had due to process fork type structuring in process mgt.)

3.) Lastly but FAR FROM LEAST? What the NSA "bolted on" to Linux via SeLinux, in MAC (mandatory access control) which IS a copy of what Windows NT-based OS had LONG before Linux ever did, in ACL (access control lists) @ the filesystem, & registry levels - I noted that in the 1st link I posted above in fact.

APK

P.S.=> In fact, on C2 security level ratings, per the "orange book"? I am not even SURE if Linux has achieved that rating yet (though I imagine it probably has, per the NSA "bolting on" to Linux what existed for ages beforehand for security in Windows, ACL vs. MAC)... apk

Can YOU show us more Linux users by %?

Show us more users by % of marketshare/usershare on PC's & Servers combined that make Linux worth attacking as much as Windows is by malware makers? No, you cannot (1.2% = Linux marketshare/user mind share, vs. nearly 95% for Windows).

Malware makers target the MOST used OS on any given computing platform, period. Attacking Linux would be a waste of their time & efforts essentially - not enough return by %'s, & they ARE "playing the percentages" on PC's &/or Servers.

* This makes for better "ROI" for them, because they are just like pickpockets who go to crowded places like city streets, malls, train & bus stations to victimize NOT security professionals (too difficult), but rather, ordinary "noob" users who are NOT security-saavy.

So... again: What proves that on smartphones, another computing platform in mainstream use by the masses?

Well, again, you know: ANDROID does!

(It is definitely a Linux variant (because it uses a Linux kernel, unless you can show us it uses Windows or MacOS X's BSD core instead)).

Online malware makers in general today are nothing more than thieves after your monies or personal information, & they behave EXACTLY as they do...

APK

P.S.=> As far as Linux RECENT showings in security AND IN A SERIOUS AREA? Ok:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (very bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins: (lol)

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: (very recent):

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach: (lol)

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site

MORE facts from 2011 then (vs. UR "FUD")

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (very bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins: (lol)

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: (very recent):

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach: (lol)

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811

---

The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed

What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com

---

Phishers/Spammers FAVOR attacking LAMP:

Fabled "'5-9's' uptime" & Fortune 500 data

IF it will all even FIT (might not), but here goes:

367++ TOP FORTUNE 100/500 (or best 100 to work for per CNN Money) COMPANIES, EDUCATIONAL INSTITUTIONS, &/or GOVERNMENT AGENCIES USING WINDOWS (over other solutions like Linux) both in HIGH TPM ENVIRONS, & FROM "TOP 100 COMPANIES TO WORK FOR" (per CNN Money 2011):

---

38 HIGH TPM & 99.999% "uptime" examples:

---

XEROX: Managing 7++ million transactions a day for office devices for its customers using Windows Server 2003 + SQLServer 2005 64-bit with 99.999% uptime!

NASDAQ: The U.S.' LARGEST STOCK EXCHANGE, Since 2005 has had Windows Server 2003 + SQLServer 2005 in failover clusters running the "official trade data dissemination system" for them in 24x7 fabled "5-9's" 99.999% uptime, doing 64,000 transactions PER SECOND (compare London Stock Exchange using Linux @ 3,000 per second)

FUJIFILM GROUP: Tracks data for its imaging, information, & documentation for its products & services using Windows Server 2003 w/ a custom SAP solution on SQLServer 2005, achieving 99.999% uptime.

HILTON HOTELS: Manages 1.4 Billion records a day for customers in 1000's of their hotels worldwide - for 370,000 rooms & catering services forecasts (switching from 6 *NIX systems to 1 Windows Server 2003 + SQLServer 2005 clustered failover system using a data warehouse with 7 million rows & 99.998% uptime).

MEDITERRANEAN SHIPPING COMPANY: Manages & Tracks 7 million containers out of 116 countries daily using Windows Server 2003 + SQLServer 2005 in failover clusters with 99.999% uptime.

SWISS INTERNATIONAL AIRLINES: Serves 70 airport destinations worldwide, with 6,500 employees + 110 branch offices via Windows Server 2003 & Active Directory with 99.95% uptime (all while growing their business 30% per year). THEIR PREVIOUS LINUX SYSTEM COULD ONLY HANDLE 250 concurrent users - the Windows one handles over 500++ users concurrently/simultaneously!

UNILEVER: Global consumer good leader, migrated to mySAP on SQLServer 2005 + Windows Server 2003 & scaled UP their operations by over 200% & yet saved money + have 99.999% uptime!

MOTOROLA: Using System Management Server, Windows Server 2003 & SQLServer 2005 to conduct inventory of 65,000 desktops from a single location (e.g. for system updates corporate & worldwide).

NISSAN: Uses Windows Server 2003 to manage 50,000 employees' email & calendaring (w/ out VPN, & using Exchange Server 2003) for local AND remote + mobile users.

TOYOTA MOTOR SALES: Reduced the # of techs needed per dealership (1,000's worldwide) from 7, to 1 using Windows Server 2003.

SIEMENS: 420,000++ people, 130 business units over 190 countries managed in Windows Active Directory

REUTERS: Managing 3,000 servers worldwide @ customer sites internationally (using only 4 managers to do so, remotely).

DELL COMPUTER: Managing 130,000 servers & 100,000 PC's worldside using Windows Server 2003 + 40 million customers' data worldwide.

LEXIS NEXIS: Searches BILLIONS of documents each second delivering news, legal, & business information.

HSBC: Deploys System Center solutions to 15,000 Servers worldwide & 300,000 desktops using Windows Server 2003.

RAYOVAC: Chose Windows Server 2003 over Linux to manage their infrastructure - saving 1 million dollars estimated in software, staffing, & support costs.

JETTAINER/LUFTHANSA/U.S. AIRWAYS: managing shipping to 3,000 flights to 400 airports every day.

CONTINENTAL AIRLINES: Manages crew communication systems, log on/log off, schedules, & shifts using Windows Server 2008 worldwide.

JET BLUE AIRWAYS: Managing 12 million flights & their data annually + ticketing, finance, & personnel too.

TIMEX: Using Windows + Exchange Server for remote personnel & executives (for their ENTIRE workforce)

Re:Fabled "'5-9's' uptime" & Fortune 500 data

[ozmanjusri]

Nutcase FUD.

Re:How many of those where linux pc's again? None

[mybeat]

People running Linux are also more educated.

My grandma is running Linux, I wouldn't call here that educated.

Re:How many of those where linux pc's again? None

Yes, and we all know every script/file we save on Unix/Linux defaults to have the executable flag set.

Oh wait, no it doesn't.

So yes, that would work, if the user:
1) accepts the download of the malicious trojan.
2) manually sets the executable bit of the file
3) doesn't bother to look at the contents of the -readable- script.
4) manually runs the script.

Compared to windiows where:
1) it just runs.

And once again the astroturfing M$ shills are high

Pro-Microsoft 7 digits IDs who have infested /. are playing apologists once again.

Geez astroturfing shills give us a break: stop feeling so insecure about your insecure Windows. We (desktop Linux users) do not even represent 2% of the desktop market. We're not going to conquer anytime soon your (stupid) user base.

It has been mentioned that the big variety of Linux kernels / distros / browsers was making life much harder to some would be bot-author that would dream of writing a Linux bot.

Then there's also the documented fact that any remote user exploit on any Windows system means remote admin rights (what was the last super SNAFU for MS: any "remote desktop enabled" Windows could be "root'ed" right!? I know, I know, the term "rooting" comes from "root" from the Un*x world, so if the term comes from the Un*x world it means Un*x system are more vulnerable no?!).

The logic and arguments of these M$ shills is saddening.

Thankfully they're fighting the wrong battle: we're moving away from the desktop apps to the browsers apps and they're totally missing that.

They keep hanging to their last delusion: that the desktop will continue to matter.

Good luck M$ shills: you're not fighting desktop Linux or OS X. You're fighting Android and iOS and you're in for a reality check.

Thanks 4 1st thing you said (I didn't say it)

"Fine, you're awesome, incredible, and one of the most accomplished programmers the world has ever seen." - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

See subject-line above: I also omitted this in my notes on things I've done too - since you're about telling me "how great I am"!

(Me? I can "get the job done", & I've stated that many times in fact on /., nothing more)

I have professionally on MANY levels in the art & science of computing (tech, network admin, & programmer/analyst - software engineer) on millions of lines sized systems of Client-Server design for business too (where the "steady eddy" money is)):

Dr. Mark Russinovich of Microsoft/SysInternals fame (former co-contractor/co-worker of mine in the 90's for Sunbelt Software)):

We have also had our disagreements before too! That doesn't mean I don't respect he, even though we had differences over time...

(I.E.-> Over memmgt & what-not where in the end? VISTA had to reduce their cache loading aggressiveness even, proving my point that dedicating "ALL FREE RAM TO CACHE" in Windows, wouldn't work, & where memory optimizers can unfreeze/unhalt exchange servers + more... & I've even earlier, pre that debate @ Windows IT Pro, corrected the design of one of his apps in pagedefrag.exe (hardcodes to both registry hive locations, pagefile.sys location, & more + how/where to overcome that in NT Native API code, beneath the UserMode stuff we generally access, etc./et al)).

He's not perfect, nobody is, but he does DAMN fine work when he does (processexplorer.exe being the "prime example").

---

"I don't care, and it doesn't negate anything that I said." - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

Actually, it does a HELL OF A JOB SHOWING YOU'RE NOT IN ANY POSITION TO CRITICIZE ME AS A PEER IN COMPUTING... period.

---

"You act like a dick with low self esteem who likes to blow his own horn on other peoples web sites. " - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

When attacked? That reply of mine surely shows who the 'talk a lot/done nothing' mere "ne'er-do-wells" are though (guess who I am referring to now?).

In regards to your name tossing? LOL:

You not only ACT like an illogical troll, utilizing the "ULTIMATE FAIL" of ad hominem attack attempts, but you clearly are NOT MY PEER in the computer sciences also (much less my superior in accomplishments in it before you were born I suspect).

---

"No one cares what you have done when we can look at and test the actual information you are presenting, so quit with the self promotion." - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

Oh, really? You SURELY seemed to care enough to issue that "foaming @ the mouth" profanity laden off-topic illogical failing ad hominem attack of yours though, didn't you? Especially since my reply has "SILENCED YOU"... lol!

---

"I wasn't being condescending, nor was I trying to be insulting." - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

Oh, really? What is calling me a 'dick' then??

"Instead I was simply pointing out that while you've got a few good ideas, your presentation of it is crap." - by eldorel (828471) on Monday April 02, @10:27AM (#39548545)

OPINIONS VARY (here's one you can verify):

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done

Illogical off-topic ad hominem attack fail FUD

See subject-line above... it's THAT simple (along w/ my other posts to you & the concrete, visible, & VERIFIABLE information they contain vs. your "FUD").

APK

P.S.=> You're also resorting to the "last resort" of trolls, name tossing... that only tells me you're ALL OUT OF ACES in this game of poker! apk

Ok, a challenge then... apk

You're MORE THAN WELCOME to disprove my points in these posts then (which have clearly 'silenced' the "Pro-*NIX people" easily - OR, reduced them to name tossing profanity laden illogical off-topic ad hominem failing attacks directed MY way (the sure sign of "penguin defeat", lol, every damn time)):

http://it.slashdot.org/comments.pl?sid=2759981&cid=39545701

http://it.slashdot.org/comments.pl?sid=2759981&cid=39545731

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547699

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547783

http://it.slashdot.org/comments.pl?sid=2759981&cid=39544293

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547817

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547885

http://it.slashdot.org/comments.pl?sid=2759981&cid=39544375

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547461

http://it.slashdot.org/comments.pl?sid=2759981&cid=39544093

APK

P.S.=> The "classic" today was watching my 'naysayers' be reduced to illogical off-topic ad hominem attacks directed my way, that failed in the light of facts I posted vs. them:

http://it.slashdot.org/comments.pl?sid=2759981&cid=39548919

and

http://it.slashdot.org/comments.pl?sid=2759981&cid=39548949

Go for it, & good luck - you'll NEED it! apk

Re:And once again the astroturfing M$ shills are h

FFS, give it a rest with the "MS Shills" bullshit.

Read the first +5 Insightful post in this thread. It's a trojan horse, not a virus that infects a machine via an exploitable hole, but something that purports to be something else to the user, and then the *user* elects to install said trojan. This has absolutely *nothing* to do with the underlying OS and has absolutely *everything* to do with the end-users gullibility.

apk wins again

By reducing his naysayers to downmod w/ no technical justifications or disproving facts he posts.

Re:How many of those where linux pc's again?

apt-get install trojan
E: Unable to locate package trojan

Nope, doesn't work.

That's because you didn't try sudo apt-get install trojan.

apk wins yet again, 2 more times?

By reducing his naysayers to downmod w/ no technical justifications or disproving facts he posts twice here now. Poor trolls like gmextremacy. His kind can't win vs. apk.

Re:apk wins yet again, 2 more times?

[GmExtremacy]

How comical! How comical! APK has already been annihilated. Hillbilly Mutt 20 agrees, and he's an existentialist Armageddon.

How could you possibly delude yourself to such an extreme degree that you believe that someone like APK, who doesn't use the legendary Gamemaker to solve all of his problems, could beat a Gamemaker advocate such as I? The hilarity of such a mindset is simply astounding!

Re:How many of those where linux pc's again? None

[Lotana]

So yes, that would work, if the user:
1) accepts the download of the malicious trojan.
2) manually sets the executable bit of the file
3) doesn't bother to look at the contents of the -readable- script.
4) manually runs the script.

I run Linux and love it, but even though my view is biased even I have to admit that no system is immune to the dancing pigs problem.

Lets say the trojan is a new game on Freshmeat and distributed as an rpm or deb package for Linux and exe install file for Windows. User will happily dpkg the file on their system and that will be the end of that.

You would very easily have a full project on Sourceforge with the code perfectly clean, but have the pre-compiled binaries specially modified. Sure you won't get those people that compiled from source, but will get the majority that just get the binary. Compiling source for Windows is even more rare, since compilers are more rarely present.

Even in your own example of a python script: Do you honestly think that the user goes through every line of the script before he runs it? At most they will open it and give a quick scrollthrough. Make it sufficiently large and convoluted, and I will bet that the user will just give up and run it to see what it does. All of this assumes that he will be suspicious about anything in the first place: He downloaded the trojan in the first place means that he is sold on running it. Really the only time some python script will start ringing alarm bells is if it starts asking for the elevated priveladges. Thus it first needs to be socially engineered to convince the user that it will be installing some helpful application.

Re:If Windows != "a REAL OS" then...

[Nikker]

Successful troll is successful.

Re:If Windows != "a REAL OS" then...

Wasn't a "troll" from me: It was just imparting the truth - that Windows is a "real operating system", with proofs.

APK

P.S.=> With a truckload of data to support it from the Fortune 100/500, top-notch educational institutions, best companies to work for etc./et al... apk

A youtube video for GmExcrement (lol)

As to the 'success' (not) of your trolling http://www.youtube.com/watch?v=zVmBAd76kak

Re:A youtube video for GmExcrement (lol)

[GmExtremacy]

I know of your true power, APK. I know of it all! I've defeated you time and time again. Don't you dare make me trick into so I can your buttsnap. Don't you dare.

Now fuckin' use Gamemaker instead of your shitty hosts file.

Re:How many of those where linux pc's again?

How many people use Windows by comparison to Linux? Almost 95% (Windows marketshare on PC's &/or Servers combined) vs. 1.2% (Linux marketshare on PC's &/or Servers combined).

"Badware" makers don't target a small group: They go after the masses to maximize the "ROI" of their time put in creating said badwares.

What proves this, AND, proves "Linux != invulnerable"?

Android... Android = a linux (because it uses a linux core, not Windows or MacOS X BSD etc./et al).

Android shows this on another computing platform: Smartphones.

I.E.-> It's got the most marketshare/usershare there and it is being rampantly attacked because of it, no questions asked, and for the same reasons I noted above? It's why Windows gets attacked the most, no questions asked.

The 'badware maker' of today is after your money or personal information (such as credit card #'s): It's all about the benjamins!

So, just like pickpockets do, they go where the crowds are to victimize them (especially less security-saavy end users/noobs, because they're easier to victimize).

Criminals are criminals, in the real world or 'cyberspace' and they act exactly the same in the same patterns, going where the masses of noobs are to victimize them.

APK

P.S.=> Everyone here tends to "troll me" and it's largely because they *think* "I hate Linux" well, new NEWS/NewsFlash/Clue: I don't & used it almost exclusively all thru May-Sept. 2010 & liked it (while I was in Europe travelling/touring it, & my family members there gave me a laptop I setup KUbuntu 10.10x on) - it did the job.

I just don't like FUD is all, & when I can correct it, with facts to the contrary? I do... that's all! apk

Ur peers @ /. disagree w/ U (54:1++ ratio)

22++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ and http://winhelp2002.mvps.org/hosts.htm FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS

Re:Ur peers @ /. disagree w/ U (54:1++ ratio)

[GmExtremacy]

How comical! How comical! They're all 100% incorrect. Gamemaker reigns supreme. If they were True Puter Experts, like me, they'd be using Gamemaker!

Turn to dust and die now!

Security Community vs. GmExcrement... apk

"I don't actually get time for many sites such as slashdot anymore, but certainly see my fair share of trolls on the MyWot (Web of Trust (I'm a moderator there, and MyWot includes hpHosts in their "ratings")) and Malwarebytes forums, and you're correct - it's always either users of malicious software/sites, or the owners of such, that are doing it." Mr. Steven Burn - services@it-mate.co.uk -> hpHOSTS/malwarebytes http://hosts-file.net/?s=Download

* That's what folks from the security community KNOW about your trolling myself on hosts file usage gmexcrement:

Think anyone else thinks differently of you? No way.

APK

P.S.=> Between THAT, & this post link next below (where I easily "shut down" your b.s. trolling with statements from other security pros, AND, your /. peers on hosts files benefits they received (added speed, more "layered-security"/"defense-in-depth", & even added 'anonymity' to an extent)):

http://it.slashdot.org/comments.pl?sid=2759981&cid=39561485

You FAIL, troll... no questions asked!

... apk

Re:If Windows != "a REAL OS" then...

[Nikker]

Sorry let me rephrase that.

You were successfully trolled.

Vs. this link? LMAO, "NOT"... apk

http://it.slashdot.org/comments.pl?sid=2759981&cid=39547461

APK

P.S.=> It truly "boggles the mind" there are jackasses floating around the web that attempt to deny known facts, but worse, that waste time 'trolling' (harassing) others... trolls like yourself, obviously! Grow up, do something useful with your life instead... apk

Re:Vs. this link? LMAO, "NOT"... apk

[Nikker]

*Drops baited hook in water, makes popcorn, sits back, enjoys show.
BTW. Copy pasta is great! Needs a little salt

Re:How many of those where linux pc's again?

[techno-vampire]

"Linux != invulnerable"?

I known it's probably a waste of time arguing with AC, but there's one thing I have to point out: I never said that Linux is invulnerable. I didn't because it's not. It is, however, much better at security than Windows and far, far faster at plugging security holes once they're found. If nothing else, not having to wait for Patch Tuesday to distribute things makes it more efficient. And, I might add, the only FUD in this discussion is the straw-men people like you keep coming up with to "prove" me wrong.

"Rinse, Lather, & Repeat", troll... lol! apk

http://it.slashdot.org/comments.pl?sid=2759981&cid=39561485

* Says it all... you've been massively 'pwned', and you know it.

APK

P.S.=>

"Turn to dust and die now!" - by GmExtremacy (2579091) on Tuesday April 03, @01:08PM (#39561919)

Why? So I can be just like you, utterly destroyed/dusted by what's in the link I posted above?? No thanks... but, thanks for making ME, look good by the same token there!

Yes - You have been "pwned", royally (you know it, I know it, everyone/anyone reading knows it)...

... apk

Re:"Rinse, Lather, & Repeat", troll... lol! ap

[GmExtremacy]

I am one who cannot be defeated by someone like you. You, one who doesn't even use Gamemaker, cannot possibly hope to comprehend my true ferocity!

I'm a buttnude extremist! I have the power! I have the Gamemaker!

You agree with me 100%. That's why you're cowering in the corner and trying to save your public image by saying you're right. But you know otherwise. You know you're 100% wrong.

Re:"Rinse, Lather, & Repeat", troll... lol! ap

Appears /. and security experts defeated you here http://it.slashdot.org/comments.pl?sid=2759981&cid=39561485

U need widespread usership to expose bugs... apk

Only way bugs get found is if people use a program or OS.

Yes, I know this from nearly 30 yrs. of hands-on programming & design myself - 17++ professionally. Users are the BEST finders of bugs (and even security issues). The power of 'crowdsourcing' really.

By comparison to Windows?

Nobody uses Linux by comparison to Windows on PC's &/or Servers, combined! Thus, you're not even BEGINNING to see what would be truly exposed as security issues, or bugs either, in Linux.

E.G.-> Android's built off Linux foundations - decades of them no less! Not "amateurs" either like it was early on, but also folks from Novell, IBM, & even Microsoft contributing to its core code... & still, it has had issues.

Also? Well - It's finally not "security-by-obscurity" (lack of widespead usage) for Linux now, & we can all see the results:

Even when ANDROID (yes, a Linux, it uses a linux kernel, not Windows, or MacOS X/BSD) had the "allleged excellent security" of Linux (per yourself)?

It's being torn up - this ISN'T A BAD THING (not really, it has a bright-side) either... see my p.s. below...

APK

P.S.=> It's too bad really BUT: It's good too, why? Just because of the 1 GOOD THING hacker/cracker & malware maker types TRULY do - pointing out what needs "shoring up"... apk

That's all you've got? Please, lol... apk

Grow up troll - U FAIL. Especially vs. this -> http://it.slashdot.org/comments.pl?sid=2759981&cid=39547461

* I know it, anyone/everyone reading here KNOWS it, and YOU KNOW IT...

APK

P.S.=> It must be terrible being you - Honestly! LOL, I mean, the very FACT you *think* trolling (harassing) others is 'cool', speaks WORLDS about you (and your kind - useless miserable "ne'er-do-wells" of the world)... apk

Re:That's all you've got? Please, lol... apk

[Nikker]

Snff sniff. You are right, I'm sorry. Please accept my humble apology. One day I will learn to not troll forums and copy pasta just like you. Alas I do not think I could ever be as good as you.

Re:That's all you've got? Please, lol... apk

Disprove his points then. U can't, n' we know it. U R A troll, the scum of the internet.

Re:"Rinse, Lather, & Repeat", troll... lol! ap

[GmExtremacy]

A mere clone! Get out of here! You're a mere eyesore!

Gamemaker is the greatest. "Slashdot" and your experts (you) have been utterly annihilated. Now return to Gamemakerdom.

Modding down posts don't hide 'em (or truth)

See subject-line, & the post I speak of, here -> http://it.slashdot.org/comments.pl?sid=2759981&cid=39547461

Re:"Rinse, Lather, & Repeat", troll... lol! ap

U defeat yourself troll.

Re:"Rinse, Lather, & Repeat", troll... lol! ap

[GmExtremacy]

"I am one who cannot be defeated by someone like you. You, one who doesn't even use Gamemaker, cannot possibly hope to comprehend my true ferocity!

I'm a buttnude extremist! I have the power! I have the Gamemaker!

You agree with me 100%. That's why you're cowering in the corner and trying to save your public image by saying you're right. But you know otherwise. You know you're 100% wrong."

Your ad hominem attacks will never defeat my arguments based in logic.

Re:"Rinse, Lather, & Repeat", troll... lol! ap

http://it.slashdot.org/comments.pl?sid=2759981&cid=39565035

SeLinux "after the thought" + C2 SECURITY RATING

the only FUD in this discussion is the straw-men people like you keep coming up with to "prove" me wrong. by techno-vampire (666512) on Tuesday April 03, @01:39PM (#39562305) Homepage

See here http://it.slashdot.org/comments.pl?sid=2759981&cid=39545701 and here http://it.slashdot.org/comments.pl?sid=2759981&cid=39545731

In those links it becomes rather obvious that the ac posters are wasting their time on you because of your mistakes and omissions of facts pointed out to you in those links posted above.