Neutrino Exploit Kit Has a New Way To Detect Security Researchers

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.

Headline

[Livius]

For a second I thought sub-atomic particles were turning the tables on physicists.

(Seriously, we need more original names for these things.)

Re:This is not the year.

[JustAnotherOldGuy]

Until we get proper malware support there can be no year of the linux desktop.

I know- as someone who's in the process of switching to Linux Mint, I'm having trouble finding replacements for stuff like Zeus, Conficker, Koobface, Rustock, and Cutwail.

If someone could point me towards some quality malware to infect my Linux box with, I'd be grateful.

Re:So spoof packets and find safety?

[klui]

The second link states passive OS fingerprinting, p0f, was developed by Michal Zalewski. http://lcamtuf.coredump.cx/p0f... shows your connection's fingerprint. It may be as easy as using a proxy such as Squid to perform the "spoofing."