Slashdot Mirror

← Back to Stories (view on slashdot.org)

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com)

Posted by timothy on from the embedded-evil dept.

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.

20 of 43 comments (clear)

  1. This is not the year. by Anonymous Coward · · Score: 2, Funny

    Until we get proper malware support there can be no year of the linux desktop.

    1. Re:This is not the year. by JustAnotherOldGuy · · Score: 4, Funny

      Until we get proper malware support there can be no year of the linux desktop.

      I know- as someone who's in the process of switching to Linux Mint, I'm having trouble finding replacements for stuff like Zeus, Conficker, Koobface, Rustock, and Cutwail.

      If someone could point me towards some quality malware to infect my Linux box with, I'd be grateful.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    2. Re:This is not the year. by Anonymous Coward · · Score: 1

      https://www.winehq.org/ You're welcome

    3. Re:This is not the year. by NotInHere · · Score: 1

      On desktop linux, even the viruses are open source!

    4. Re:This is not the year. by dimko · · Score: 1

      Not good enough. Remove wine and mentioned above won't work.

    5. Re:This is not the year. by Ol+Olsoc · · Score: 1

      If someone could point me towards some quality malware to infect my Linux box with, I'd be grateful.

      Dual boot with Windows - that should do it.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    6. Re:This is not the year. by ArmoredDragon · · Score: 1

      I think "virus opens you" is applicable to any platform. Allusion to Russian jokes notwithstanding.

    7. Re: This is not the year. by Anonymous Coward · · Score: 1

      With Linux, you are the infection.

    8. Re:This is not the year. by hankwang · · Score: 1

      "point me towards some quality malware to infect my Linux box with, I'd be grateful."

      Set a password 'root' for the root user, let sshd listen to the internet from the default port, and wait a few days.

      --
      Avantslash: low-bandwidth mobile slashdot.
    9. Re:This is not the year. by JustAnotherOldGuy · · Score: 1

      Set a password 'root' for the root user, let sshd listen to the internet from the default port, and wait a few days.

      I'm probably not technically proficient enough to figure out how to do that, so for the time being I guess I'll have to search the repositories for some highly-rated malware. Sadly there doesn't appear to be a version of Macafee Anti-Virus for Linux yet.

      I did find something called "mkfs.ext4 /dev/sda1" which looks promising; I'll try it and let you know how it wo*J^$ - @~_![[^8(fx4| 5n är föd#&

      --
      Just cruising through this digital world at 33 1/3 rpm...
  2. Headline by Livius · · Score: 5, Insightful

    For a second I thought sub-atomic particles were turning the tables on physicists.

    (Seriously, we need more original names for these things.)

  3. So spoof packets and find safety? by 140Mandak262Jamuna · · Score: 1

    So a windows wanting to avoid infection from neutrino should spoof the TCP packets and pretend to be Linux?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:So spoof packets and find safety? by klui · · Score: 3, Informative

      The second link states passive OS fingerprinting, p0f, was developed by Michal Zalewski. http://lcamtuf.coredump.cx/p0f... shows your connection's fingerprint. It may be as easy as using a proxy such as Squid to perform the "spoofing."

  4. Linux fails again by shawn2772 · · Score: 1

    Yet again, Linux fails to be properly interoperable with the Windows ecosystem. Heck, I'll bet you can't even get properly detected and infected by Neutrino when running WINE.

    Sigh.

  5. Wait, what? by iwaybandit · · Score: 1

    Malware devs are protecting malware researchers? Hey, thanks!

  6. Fatal flaw? by Anonymous Coward · · Score: 1

    If the exploit kit won't talk to malware detectors, it's possible to spoof all computers so they look like malware detectors, and the exploit is rendered harmless.

    1. Re:Fatal flaw? by silentcoder · · Score: 1

      In this case it sounds like that's basically exactly what happens for Linux users, we'll be basically immune to Neutrino since the server will refuse packets from us.

      --
      Unicode killed the ASCII-art *
  7. well by rossdee · · Score: 1

    your tinfoil hat certainly won't stop neutrinos

    oh, we are not talking about the massless subatomic particle?

  8. Re:But you ARE a webmaster right? by JustAnotherOldGuy · · Score: 1

    Yes, I run several sites. What's your point?

    --
    Just cruising through this digital world at 33 1/3 rpm...
  9. Re:Which sites & do you get paid by ads on the by JustAnotherOldGuy · · Score: 1

    Which sites & do you get paid by ads on them? Finish the answer & point them out so I can verify this...

    Lol, like I would tell a scumbag like you specifically what sites I run. Thanks, but I don't need some shitbag like you trying to DDOS me or hack my sites.

    To answer your second question, some some make money from ads, some some sell products.

    --
    Just cruising through this digital world at 33 1/3 rpm...