Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Crypto-miner Steals Your Root Password and Disables Your Antivirus (zdnet.com)

Posted by msmash on from the security-woes dept.

Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. ZDNet reports: The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.

3 of 110 comments (clear)

  1. Scaremongering much? by Anonymous Coward · · Score: 5, Interesting

    Not one shred of information on /how/ the script got on the system in the first place

    I'm calling bullshit on the article.

    With such a critical piece of information missing, it's clearly scaremongering and pretty close to fake news.

  2. Re:just wondering,.. by Anonymous Coward · · Score: 3, Interesting

    Seeing the bitcoin prices falling and falling I wonder: "Why would malware creators still create such stuff, isn't there anything more profitable than this?"

    Not really.

    Did you know that hacked Facebook accounts are worth more than credit card numbers?
    That is because Facebook accounts are less likely to be blocked out so they still have their value while credit cards typically are blocked by the time the buyer tries to use them.

    Essentially there aren't much you can get your hands on in an automated fashion that has value.
    Unless you resort to targeted attacks to get hold on specific information to sell to a specific buyer (Industrial or military espionage.) cryptocurrency is your best bet and is less likely to make powerful people notice you.

    As for bitcoins the energy cost of mining them is higher than what you get out of it. It isn't profitable to mine bitcoins if you pay for the electricity yourself.
    Instead you either sneak in computers into a server farm where someone else pays for the energy or you use malware to mine on some other persons computer. (Javascript miners hidden in an ad is fairly popular.)

  3. root, why not rename it? by thogard · · Score: 1, Interesting

    Most Unix like systems are happy without a "root" user as long as there is a user 0 called something.

    I still don't agree with the POSIX standard that allows root to write to mode 000 files. If its 000, it was done for a reason and that means even root shouldn't be able to screw with it particularly if it is root:root mode 000.