Slashdot Mirror
ESET Discovers 21 New Linux Malware Families (zdnet.com)
In a report published last week by cyber-security firm ESET, the company detailed 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client. From a report: They are developed as second-stage tools to be deployed in more complex "botnet" schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.
How is it malware, if you have to compromise the server first??
If you manage to compromise a system, then you can just put anything in there. Duh.
Was this written by somebody from generation "i" again?
Or at least can happen, if you set it up.
On Linux, you usually have a package manager. Which keeps the checksums/signatures of every file it installed, so it can do its package managing job. It will complain, when you try to uninstall/reinstall the package, and things have changed behind its back. (Unless it’s a configuration/data file, of course.) /var/db/pkg and compare the info there to the files. There’s certainly a tool for it, that I can't remember right now.)
Want a regular check? Just use your package manager's helper tools in a cron script.
(On Gentoo, you could query
On top of that, you have RBAC systems, that generally disallow even altering such files by anyone, unless authorized. (E.g. the package manager would be authorized.)
But all of this is utterly pointless. Because, as you can read, the whole thing requires that the server is first compromised, before the "trojan" is installed. (Making it not a trojan.)
My current explanation is, that the writer must have been utterly clueless about all things computer.
Unless Linux owners go out of their way to misconfigure their servers, for convenience's sake, they should be safe from most of these attacks.
Politics; n. : A religion whereby man is god.