Slashdot Mirror
Researchers Say Kelihos Gang Is Building New Botnet
alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."
The OS in question bears no relevance here: it's a trojan, something a user installs on his or her own, and thus could just as easily apply to Linux, too. Linux isn't some magic bullet that is immune to trojans; as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs, having root access is just a bonus, not a necessity.
Another reason I'm glad I don't use Facebook or Windows.
I don't read your sig. Why are you reading mine?
Relatively low (compared to XP/Win7) and continually declining marketshare would be my guess.
Linux isn't some magic bullet that is immune to trojans
repeat after me, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel
as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs
How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
So yeah, I have yet to see a malicious ELF executable being distributed on Facebook - LOL!
They are running a "Business". You try to maximize your profits. More infections means more money to them. Time Vs Effort. It'll wildly more profitable to go after large targets like windows (and even Mac OSX these days), instead of things like BSD and Linux. They are Already up to 70k Accounts according to the summary, do you even think that there is that many people using Facebook from a linux system?
People running Linux are also more educated.
Isn't the front line of defense in security a vigilant and knowledgeable userbase, not the OS/kernel? Yeah, yeah, I know, it's a free-ponies-for-all pipe dream.
I read TFA and all I got was this lousy cookie
seems prime for that.. with the average smart user there having the i.q. of a 90s aol'er.
How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
And nearly all will run bash, python and perl scripts. A malicious payload doesn't have to be a compiled binary.
We all knew Anonymous would strike again. Why aren't the authorities doing something about these criminals?
Maybe what we need to do is make it so that nobody can access the internet without supplying a sample of their DNA. And then make it so that all communications from the user to the internet are logged in an extremely verbose manner, and have a system of spy networks at the ready to detect subversive behavior. The governments could intentionally put things like porn or questionable books like Fahrenheit 451, 1984, or The Diary of Anne Frank on the internet and then arrest civilians when they try to access them.
I wish I were in a position of power where I could institute a program like that in the United States of America. For too long we have strayed from the Lord's Path, and we need a true leader to bring this country back in the right direction.
apt-get install trojan
E: Unable to locate package trojan
Nope, doesn't work.
Firstly Android while having a Linux kernel does not act like linux, it rose not require a password to install software like you do in Linux this is done by the people implimenting Android because they want it to be easy and in know way intemadating to the users so they make it easy to use at the expense of security. Secondly most of the Android malware are trojan apps that are installed by users trojans are a User security issue not a os security issue. And third Android is based on Java whichever you hear about security problems with all the time. It is a major attack vector for many opperating systems. Also many Android systems are unlatched because updates are left up to the phone companies whichever have little instive update the phones.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Linux isn't some magic bullet that is immune to trojans
Of course it isn't. However, unlike any OS that Microsoft has ever sold, security is part of the basic design, not something that's tacked on later as an afterthought. And, as others have pointed out, Linux isn't a monoculture, the way Windows is. There are only a few versions of Windows out there, all of them, almost without exception, using the same file manager and desktop environment. Most of them use the same email client and office suite, as well as the same web browser. Find a vulnerability in any of them and you've got a way to take over millions of PCs. Not only is each Linux distro different, but you have a number of different Desktop Environments in use, each with a different set of potential security issues, along with several popular browsers, different office/productivity programs and a number of email clients. From the perspective of the people running these botnets, Linux is just more work to hack than it's worth to them.
Good, inexpensive web hosting
I am sick and tired of this MS FUD. ... why do I keep coming here?
Your bias is based on 10 to 15 year old facts on depreciated or nearly depreciated kernels and apis. I think it is a sign of insecurity to blindly follow something when facts are contrary.
Last week a slashdotter said in a straight face that he is waiting for the first ever unix virus as they do not exist and was gloating. I kindly reminded him where did the term root*kit came from? Root sounds like a Linux account if you ask me.
I have seen financial institutions SuSE Enterprise Servers hacked with a rootkit installed running a Russian Phishing scheme. The admins said We use UNIX ITS SECURE bla bla. Sigh.
Back to the topic, Windows 7 supports ASLR, DEP, sandboxing, privilege separation, and other many improvements that I do not see in Linux.
If you know the ram address of a particular .SO in linux you can get it through a buffer overflow. In Windows Vista and higher you can't as the ram address is randomized. Windows has anti virus scanners that actually block malware and shield. Linux does not.
This blind zeolotry reminds me of those who hate evolution so much they make all sorts of crazy theories like people walking with dinosaurs 5,000 years ago and global warming is a hoax etc. This is because they feel threatened their religion and beliefs are somehow under attack by anyone who is not a (R) or evangelical. It is harmful for those in IT who will refuse to take precaution to secure their linux systems.
I have seen malware in ads written in javascript that exploit the flash/java/browser and will run fine under Linux because the exploit is multiplatform. I hope your anti virus is up to date. Oh, thats right Linux which is written in C just like Windows could not possible suffer from buffer overflows, stack smashing, and other things
http://saveie6.com/
so it's not security through obscurity, it's security through diversity.
either variant of linux on it's own is not a large enough target.
this is how wild plants survive better than crops...
I am sick and tired of this MS FUD.
FUD? Are you denying, then, that well over 90% of all the viruses found "in the wild" target MS Windows and that the rest target the Mac OS? Are you claiming that there is, currently, malware out there designed to target Linux? If so, I'd like to know about it because I've never heard of it.
As far as root kits go, you either need to have access to a machine to install one or you need to trick somebody into giving your installer root access, just as you need to get Administrator rights under Windows. Unlike Windows, however, people running Linux aren't in the habit of installing programs they found on random websites; we get our software from distro-specific repositories where everything's been checked out before it's made available.
Windows has anti virus scanners that actually block malware and shield. Linux does not.
That's because Windows needs them. At the present time, Linux doesn't. Some day, probably, it will, and they'll be written, distributed and used. For the time being, however, I don't need to waste disk space or CPU cycles on them.
Good, inexpensive web hosting
Tons of malware target Linux.
SQL injections, *root*kits, and php vulnurabilities all target Linux or the LAMP stack. Linux hosts the servers with the fast pipes and the sensitive credit card data. The Windows PCs serve as the bots to launch the attacks
Rootkit can be installed by an exploit. The whole oh just do not be root and click on shit is 1990s security. All you need to do is exploit php or your sql database and I can get your server to run my code and then install the rootkit to hide it.
Its that out of date attitude I am talking about. Windows Server become popular because of security over Unix believe it or not. Until W2k came and discovered it had the same problems because it was also written in C. The same attitude how those Linux servers were comprimised as the admins never updated their servers as they read slashdot comments saying Linux is a magic bullet and can never be hacked.
Of course I do admit this flaw is 1990s common sense security practice not to click on something and run it so it is the fault of the user regardless of the OS.
Do not click on stuff, keep your pc updated, stop using XP and IE 6/7, and run anti virus software and you are pretty secure.
http://saveie6.com/
Not completely, of course, but I'm comming to think it's an important factor. One of the reasons the Potato Blight devistated Ireland so thoroughly, you know, is that almost all of the farmers were growing the same breed of potato, which happened to be exceptionally suseptable to the disease. It's the same thing with Windows. Since most Windows users use the same programs for their work, they're all wide open to the same malware. Just using Firefox, Thunderbird and/or LiberOffice can make Windows safer simply because whatever security holes they have aren't the ones being targetted.
Good, inexpensive web hosting
Are you claiming that there is, currently, malware out there designed to target Linux? If so, I'd like to know about it because I've never heard of it.
http://www.theregister.co.uk/2011/10/04/linux_repository_res/ , https://en.wikipedia.org/wiki/Linux_malware#Threats , http://www.darknet.org.uk/2011/01/java-based-cross-platform-malware-trojan-maclinuxwindows/ and so on. How about the cross-platform one for OpenOffice, BadBunny or what its name was? And so, you should be able to use Google sufficiently even on your own. Or hell, if you happen to be running SSH or HTTP servers go and take a look at your log files, you'll see plenty of attempts and many of those target Linux-boxes.
As far as root kits go, you either need to have access to a machine to install one or you need to trick somebody into giving your installer root access
It's easy enough to fool people into running stuff they shouldn't, and there are vulnerabilities even on Linux that allow stuff to gain root access. Just look through last year's Slashdot news if you wish, there was several high-profile vulnerabilities reported.
However, unlike any OS that Microsoft has ever sold, security is part of the basic design, not something that's tacked on later as an afterthought.
You've never heard of SELinux, Tomoyo Linux et. al. then.
But I'm not a computer programmer and I want something that Just Works! I pay my hard earned money for my copy of Windows why should I have to sort through thousands of lines of codes just to get my system work properly?
This is why Windows will never truly be a Real OS.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
The OS in question bears no relevance here:
Can you show us any current Linux trojans?
"I've got more toys than Teruhisa Kitahara."
There is a big difference between a virus or trojan that takes advantage of a flaw in the operating system and one that relies on brute forcing the password to a privileged user account or tricking a user into handing over the password directly.
I support networks for a living, and we also deal with lots of small businesses and residential systems.
The single biggest infection vector on any operating system is third party browser plugins such as flash or java.
However, when one of our linux users has a java virus, it only gets access to their user directory. A simple reboot stops the virus, because all of the Home directories have the execute bit disabled.
A quick follow up scan once a week with avg for linux or clamav, and they are no longer infected.
Yes, There are a few nasty rootkits that use privilege escalation, but on linux those are few and far between.
To quote the link YOU posted,
few if any are in the wild, and most have been rendered obsolete by Linux updates
On windows, we have to deal with executable files dropped into 20 different locations, a few hundred ways for a virus to execute at startup, and ways for the virus to easily hid itself behind processes that are supposed to be there.
............... Mac/Windows ..... Linux (desktop) .... Linux (server) ............... YES .......... YES.................... YES ............... YES .......... YES.................... NO .............. YES .......... YES ................... NO ........YES .......... YES.................... YES ...YES .......... NO..................... NO .. YES .......... Maybe.................. NO
(hello svchost.exe, how many viruses did you execute today?
I really wish you people would stop trying to compare apples to elephants, and start looking at things in a more reasonable method.
Here, I'll start by making a nice little table.
Problem:
Stupid users
Java Viruses
Flash Viruses
Brute Force Password
Users install Random crap
Use admin pass frequently
Feel free to add more to this table, but just this much makes my point.
EVERYTHING IS VULNERABLE TO STUPID AND BADLY TRAINED USERS/ADMINS.
In my experience, Linux distros respond faster to discovered threats and mitigate actual compromises better than WIndows or MacOSX.
Linux distros also usually don't train users to do things that are known to be dangerous, such as downloading and executing unknown/untrusted binaries.
NOR does linux require a huge financial investment in order to have code vetted, signed off and added to the repositories.
Interesting. Thank you. Wikipedia mentions that there are about 850 known Linux viruses, mostly obsolete because the vulnerabilities they exploited have been patched. And, I gather, none of them are currently known to be in the wild. How many Windows viruses are there currently known of and active?
What I find most interesting, however, is the cross-platform attacks. Please note, that I never said that Linux malware is completely impossible, I said that it's nowhere near as much of a danger to Linux as it is to Windows. (Or, if I didn't exactly say that, it's what I meant to say.)
Good, inexpensive web hosting
I'm quite familiar with SELinux, TYVM. AIUI, SELinux was developed when it became apparant that the original security scheme was no longer adaquate. And, although it's only supposed to be watching for security threats, most of the alerts I've had to deal with have had to do with real stupid bugs, such as a program trying to walk all of /proc for no good reason.
Good, inexpensive web hosting
Riighterr!!!! Knew so - how's Android (a Linux) doing, security-wise for years now? Torn up!
Actually, no. More of a beat up.
Despite Microsoft attempting to buy scare stories with free phones, malware on Android is rare and generally easily removed.
"Microsoft is offering five Android malware victims a free Windows Phone 7 phone. The catch? You need to share your rage against Android with the Twitterverse."
http://securitywatch.pcmag.com/none/291668-microsoft-offers-free-windows-phones-to-android-malware-victims
"Advanced users are already wary of alarmist declarations from security vendors, and though the malware threat for Android is growing, many consider it overblown, especially when compared to Windows and other desktop operating systems".
http://androidcommunity.com/symantec-backs-off-of-android-malware-claims-after-researchers-cry-foul-20120201/
security firms that warn of Android malware 'charlatans and scammers'
http://www.zdnet.com/blog/hardware/are-security-firms-that-warn-of-android-malware-charlatans-and-scammers/16412
"I've got more toys than Teruhisa Kitahara."
EVERYTHING IS VULNERABLE TO STUPID AND BADLY TRAINED USERS/ADMINS.
That is the whole point I've been making all along: even Linux cannot guard against users doing stupid stuff, or against applications having vulnerabilities. Some people try to paint Linux as being completely invulnerable to anything whatsoever and that is the thing I have an issue with: you should never assume your system is secure just because it is Linux.
I'm going to leave my uid on this so you can't just dismiss it as another troll.
.REG files with the settings ready to be merged, and possibly even simple scripts to implement the changes.
DEAR APK,
I've already had to scroll past this same post twice IN THIS THREAD ALONE.
You have copy/pasted the exact same set of directions to just about every security related article for the past several months.
We've all already seen it, and it's just wasting space.
If you want to inform new people, fine.
Put together your own web site, post all of these directions in a single place where you can keep them up to date, and post a link WHEN IT"S RELEVANT, AS PART OF A POST THAT HAS DIRECT BEARING ON THE DISCUSSION AT HAND.
No one cares who else thinks your idea is nifty, and trying to pat yourself on the back/inflate your ego here on slashdot just irritates those of us with mod points.
You want to get the word out? Great! Here's what you need to do.
1) Write up a step by step paper with these directions, include
2) Get a native english speaker to act as editor for your paper, to avoid the hard to parse portions of your manner of communicating, and then hammer out the exact meaning you want to convey.
3) THEN, send your paper to people who are willing to test this out. Get people in the industry to help you iron out the problems, and then update your web page again.
After you have something more useful than 2 pages of random registry keys people will start talking about your idea. They will find problems (broken programs, headaches, etc.) and then you can fix them.
But again, POSTING THE SAME CRAP TO SLASHDOT 10 TIMES A DAY IS ONLY GOING TO GET YOU IGNORED AS ANOTHER CRACKPOT TRYING TO SELL SOMETHING.
Also, go register an actual slashdot account. Posting AC doesn't help your image.
Good luck.
Feel free to send me a rough draft of your paper if you ever get around to writing it. (consider this your first newsletter subscription)
Eldorel
Because Vista was so shitty that even malware crashed before being able to execute.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It's a simple case of majority-ism. Most facebook users will be on Windows and probably IE, so if you're going to make a trojan, to make your job easy that's who you target.
Security isn't limited to exploits in the scope of a user's OS; it's all about privacy, and messing in their web-identified spaces also counts as a security violation.
~Tim
--
Rushing on down to the circle of the turn
FUD.
"I've got more toys than Teruhisa Kitahara."
(sigh)
Fine, you're awesome, incredible, and one of the most accomplished programmers the world has ever seen.
I don't care, and it doesn't negate anything that I said.
You act like a dick with low self esteem who likes to blow his own horn on other peoples web sites.
No one cares what you have done when we can look at and test the actual information you are presenting, so quit with the self promotion.
I wasn't being condescending, nor was I trying to be insulting.
Instead I was simply pointing out that while you've got a few good ideas, your presentation of it is crap.
You have the exact same information that you've been presenting for over a decade splattered all over the internet in anonymous posts and articles referenced by people who saw the potential in what you're trying to push.
However, you've been resting on your laurels instead of actually becoming an important reference for the industry.
Knowledgeable professionals already know how to lock down UAC.
Most of them do it using GPO's instead of registry edits, and about 90% of what you've been shouting about is referenced in at least 3 of the books I have on the shelf for my techs to reference.
You aren't trying to bring this to the attention of people like me.
You need to reach the MCSE/A+ certified "technicians" out there doing 95% of the day to day maintenance.
Instead you waste your days being a jackass on slashdot.
So, feel free to ignore my advice and continue attacking people who try to tell you things.
I'm not going to waste time of breath shouting at someone who has decided that the entire rest of the world must be wrong.
As for your personal attacks on my experience, have fun.
I don't need random strangers to pat me on the back and puff up my ego.
I get more than enough of that from the customers and other IT professionals who call me when they have a problem they can't solve.
Eldorel
Nutcase FUD.
"I've got more toys than Teruhisa Kitahara."
People running Linux are also more educated.
My grandma is running Linux, I wouldn't call here that educated.
So yes, that would work, if the user:
1) accepts the download of the malicious trojan.
2) manually sets the executable bit of the file
3) doesn't bother to look at the contents of the -readable- script.
4) manually runs the script.
I run Linux and love it, but even though my view is biased even I have to admit that no system is immune to the dancing pigs problem.
Lets say the trojan is a new game on Freshmeat and distributed as an rpm or deb package for Linux and exe install file for Windows. User will happily dpkg the file on their system and that will be the end of that.
You would very easily have a full project on Sourceforge with the code perfectly clean, but have the pre-compiled binaries specially modified. Sure you won't get those people that compiled from source, but will get the majority that just get the binary. Compiling source for Windows is even more rare, since compilers are more rarely present.
Even in your own example of a python script: Do you honestly think that the user goes through every line of the script before he runs it? At most they will open it and give a quick scrollthrough. Make it sufficiently large and convoluted, and I will bet that the user will just give up and run it to see what it does. All of this assumes that he will be suspicious about anything in the first place: He downloaded the trojan in the first place means that he is sold on running it. Really the only time some python script will start ringing alarm bells is if it starts asking for the elevated priveladges. Thus it first needs to be socially engineered to convince the user that it will be installing some helpful application.
Successful troll is successful.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
How comical! How comical! APK has already been annihilated. Hillbilly Mutt 20 agrees, and he's an existentialist Armageddon.
How could you possibly delude yourself to such an extreme degree that you believe that someone like APK, who doesn't use the legendary Gamemaker to solve all of his problems, could beat a Gamemaker advocate such as I? The hilarity of such a mindset is simply astounding!
I know of your true power, APK. I know of it all! I've defeated you time and time again. Don't you dare make me trick into so I can your buttsnap. Don't you dare.
Now fuckin' use Gamemaker instead of your shitty hosts file.
How comical! How comical! They're all 100% incorrect. Gamemaker reigns supreme. If they were True Puter Experts, like me, they'd be using Gamemaker!
Turn to dust and die now!
Sorry let me rephrase that.
You were successfully trolled.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
"Linux != invulnerable"?
I known it's probably a waste of time arguing with AC, but there's one thing I have to point out: I never said that Linux is invulnerable. I didn't because it's not. It is, however, much better at security than Windows and far, far faster at plugging security holes once they're found. If nothing else, not having to wait for Patch Tuesday to distribute things makes it more efficient. And, I might add, the only FUD in this discussion is the straw-men people like you keep coming up with to "prove" me wrong.
Good, inexpensive web hosting
I am one who cannot be defeated by someone like you. You, one who doesn't even use Gamemaker, cannot possibly hope to comprehend my true ferocity!
I'm a buttnude extremist! I have the power! I have the Gamemaker!
You agree with me 100%. That's why you're cowering in the corner and trying to save your public image by saying you're right. But you know otherwise. You know you're 100% wrong.
*Drops baited hook in water, makes popcorn, sits back, enjoys show.
BTW. Copy pasta is great! Needs a little salt
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
A mere clone! Get out of here! You're a mere eyesore!
Gamemaker is the greatest. "Slashdot" and your experts (you) have been utterly annihilated. Now return to Gamemakerdom.
Snff sniff. You are right, I'm sorry. Please accept my humble apology. One day I will learn to not troll forums and copy pasta just like you. Alas I do not think I could ever be as good as you.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
"I am one who cannot be defeated by someone like you. You, one who doesn't even use Gamemaker, cannot possibly hope to comprehend my true ferocity!
I'm a buttnude extremist! I have the power! I have the Gamemaker!
You agree with me 100%. That's why you're cowering in the corner and trying to save your public image by saying you're right. But you know otherwise. You know you're 100% wrong."
Your ad hominem attacks will never defeat my arguments based in logic.