Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealthy Linux Trojan May Have Infected Victims For Years

Posted by Soulskill on from the trojan-penguin dept.

An anonymous reader writes: Researchers from Moscow-based Kaspersky Labs have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.

7 of 129 comments (clear)

  1. systemd hasn't been around that long, has it? by Anonymous Coward · · Score: 5, Funny

    I thought that the systemd infection of Debian was much more recent than that. Like within the past year. But maybe I'm wrong, and it has been longer?

  2. "Running arbitrary commands" is irrelevant by gweihir · · Score: 5, Informative

    The privilege system does not protect commands, it protects data. You can always run any command on any data that belongs to you. But when you want to access data of others or the system, you need elevated privileges and same for attacking to privileged network ports.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:"Running arbitrary commands" is irrelevant by Antique+Geekmeister · · Score: 4, Insightful

      I';m personally aware of thousands of systems on which database data, backups, and system logs are not read protected from local users. They're left this way on the grounds that "if someone has local access, we're screwed anyway". They pass pass commercial security audits because the security companies do a handful of known external attacks, which giver a small set of tasks to fix the issue and do not address such fandamental issues.

      This is particularly aggravated on systems with have password free sudo access for developers, which is very common on development environments, on systems with password free SSH keys casually stored with system wide access, and software systems that store passwords in clear text by default, such as Subversion HTTPS access. It's also compounded when home directories on which such information is stored is NFSv3 mounted and shared with all clients on the network. The concept of "data which belongs to you" breaks down quickly with NFS or CIFS without authentication in most environments. NFSv4 or Kerberized CIFS access can be helpful in restricting this, but I know very few partners or clients who go to the extra steps needed for this.

  3. Hate being several clicks away from the actual inf by ledow · · Score: 4, Interesting

    It's an ordinary piece of malware.

    It talks home to a hard-coded URL.

    It has to have a secret "knock" before it will talk back to you (port-knocking has uses both ways, it seems!).

    It contains easily-greppable strings.

    Quite what distinguishes this from other malware, I'm not too sure. Just that nobody had seen it before?

  4. Re:Security through Obscurity by GameboyRMH · · Score: 5, Insightful

    With closed source there are also no guarantees the bad guys won't see the source either. And it's far better to make the code visible to all then to wait for the exploit to be found in the usual ways while everyone was in the dark about it.

    Security through obscurity is just like peril-sensitive sunglasses. Having the code visible makes you nervous for some reason? Well we'll just keep you from seeing it! Problem solved!

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  5. FUD by s.petry · · Score: 3, Informative

    Reading TFA I see no mention of Linux at all, it mentions Windows and PHP. Perhaps the author is confused and believes that anything with .PHP must exist in Linux, but I'm skeptical. They spend lots of time talking about the various .exe files, "Administrator" privileges, and "Network Shares" which are exclusive terminology to the Windows OS. Nobody can be that ignorant as a technical writer.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  6. Re:give Peace a Chance by ChrisMaple · · Score: 3, Insightful
    There is a class of people, ranging from street thugs to vicious dictators, who choose to use violence or threat of violence to steal and destroy. I have two basic choices when faced with such people:
    1. Submit. The thug prospers, I suffer and probably die early. If nearly all people do this, thugs find it an easy way to live, and the class of thugs expands until it dominates the whole world. The whole world becomes a cesspool like North Korea.
    2. Arm myself to resist the thug, and on a national scale arm to resist thug-states. At the cost of defending myself, I can prosper in relative freedom. One of the worse costs is listening to ignorant tools like you advising me to let my throat be cut.

    There are costs involved in all decisions. I can't drive a car without contributing to the cost of a road. I can't keep warm in a snowstorm without buying shelter. I can't prosper, or even live long, without paying for defense.

    Do not rail against war and its expenses, but rather oppose those who use force to achieve their ends.

    --
    Contribute to civilization: ari.aynrand.org/donate