Slashdot Mirror
New Linux Crypto-miner Steals Your Root Password and Disables Your Antivirus (zdnet.com)
Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. ZDNet reports: The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.
This new malware strain doesn't have a distinctive name, yet,
How about:
VeggieCow (roots!)
AVTerminator
NohupForAll (read the article)
MinerMiner209-519er (perhaps too much a stretch).
Actually you really should read through the article, more interesting than I thought it would be from the summary and this little bugger really does a number on a system.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
that have long since been patched.
update your damn systems, people.
This is an example of why local privilege escalations should never be scoffed at. You can blather all you want about permissions etc, but only one slip is required, and you're shit out of luck
The sad thing is that I've had to argue this point for 20 years now
Not one shred of information on /how/ the script got on the system in the first place
I'm calling bullshit on the article.
With such a critical piece of information missing, it's clearly scaremongering and pretty close to fake news.
Seeing the bitcoin prices falling and falling I wonder: "Why would malware creators still create such stuff, isn't there anything more profitable than this?"
Not really.
Did you know that hacked Facebook accounts are worth more than credit card numbers?
That is because Facebook accounts are less likely to be blocked out so they still have their value while credit cards typically are blocked by the time the buyer tries to use them.
Essentially there aren't much you can get your hands on in an automated fashion that has value.
Unless you resort to targeted attacks to get hold on specific information to sell to a specific buyer (Industrial or military espionage.) cryptocurrency is your best bet and is less likely to make powerful people notice you.
As for bitcoins the energy cost of mining them is higher than what you get out of it. It isn't profitable to mine bitcoins if you pay for the electricity yourself.
Instead you either sneak in computers into a server farm where someone else pays for the energy or you use malware to mine on some other persons computer. (Javascript miners hidden in an ad is fairly popular.)
The Summary Wrote:
This script is the first file executed on an infected Linux system.
Let's name it systemd!
-=This sig has nothing to do with my comment. Move along now=-