Stealthy Linux Trojan May Have Infected Victims For Years

An anonymous reader writes: Researchers from Moscow-based Kaspersky Labs have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.

Hate being several clicks away from the actual inf

[ledow]

It's an ordinary piece of malware.

It talks home to a hard-coded URL.

It has to have a secret "knock" before it will talk back to you (port-knocking has uses both ways, it seems!).

It contains easily-greppable strings.

Quite what distinguishes this from other malware, I'm not too sure. Just that nobody had seen it before?

Liar

If a user can read a file on a *nix system, and can write to even a *single* location, that user can execute that file.

1) Copy the file to the location where I can write.
2) Set the execute flag on the file.
3) Execute the file.

Permissions will prevent you from accessing data you don't have permission to, but will only prevent you from running an application if you can't even see it.