Results 1 to 9 of 9

Thread: Linux “HoT” bank Trojan: Failed malware

  1. #1
    Join Date
    Nov 2007
    Location
    Hurricane haven NC
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Smile Linux “HoT” bank Trojan: Failed malware

    Oh and Ubuntu is mentioned.

    Initially it looked like the "Hand of Thief" (HoT) Trojan would be the first successful Linux Trojan. However, further investigation by RSA, the Security Division of EMC, reveals that the Hand of Thief is just another in a long line of so-called Linux malware that's more bark than bite.
    http://www.zdnet.com/linux-hot-bank-...re-7000020436/
    A friendly & helpful Linux community who has started a large cursor theme project. If you are sick of tiny cursors, go here and get one.
    http://linuxinternationals.org/forum...orum.php?f=166

  2. #2
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    7,500
    Distro
    Ubuntu Development Release

    Re: Linux “HoT” bank Trojan: Failed malware

    "Blocked from running at all on Ubuntu Linux."

    Is that due to the insistance on sudo? Things will get even better when Click packaging becomes standard for Ubuntu applications. I also think it shows the wisdom of installing Ubuntu Software Centre applications and being very careful about downloading software from web sites.

    Regards.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  3. #3
    Join Date
    Jul 2007
    Location
    UK
    Beans
    16,867
    Distro
    Ubuntu Development Release

    Re: Linux “HoT” bank Trojan: Failed malware

    Quote Originally Posted by grahammechanical View Post
    I also think it shows the wisdom of installing Ubuntu Software Centre applications and being very careful about downloading software from web sites.

    Regards.
    +1. I think the only package I got from the web was ubuntu-tweak. I don't even use that now.

  4. #4
    Join Date
    Nov 2007
    Location
    Hurricane haven NC
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Arrow Re: Linux “HoT” bank Trojan: Failed malware

    Quote Originally Posted by grahammechanical View Post
    Things will get even better when Click packaging becomes standard for Ubuntu applications. I also think it shows the wisdom of installing Ubuntu Software Centre applications and being very careful about downloading software from web sites.

    Regards.
    Yes,unless someone can get sudo, they can't do diddly. I also only get things through the repositories.
    What is click packaging?

    Never even used ubuntu-tweak.
    A friendly & helpful Linux community who has started a large cursor theme project. If you are sick of tiny cursors, go here and get one.
    http://linuxinternationals.org/forum...orum.php?f=166

  5. #5
    Join Date
    Jul 2007
    Location
    UK
    Beans
    16,867
    Distro
    Ubuntu Development Release

    Re: Linux “HoT” bank Trojan: Failed malware

    Quote Originally Posted by Linuxratty View Post
    What is click packaging?
    See this http://ubuntuforums.org/showthread.p...1#post12708517

  6. #6
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    4,755
    Distro
    Ubuntu

    Re: Linux “HoT” bank Trojan: Failed malware

    Quote Originally Posted by grahammechanical View Post
    "Blocked from running at all on Ubuntu Linux."

    Is that due to the insistance on sudo? Things will get even better when Click packaging becomes standard for Ubuntu applications. I also think it shows the wisdom of installing Ubuntu Software Centre applications and being very careful about downloading software from web sites.

    Regards.
    It's even better then that.
    From the RSA blog, they say the tested it on 12.04 and it turns out that ptrace scope is enable by default, making the code unable to attach itself to other processes.
    So not only would you have to install it yourself, but on Ubuntu you'd have to disable ptrace scope as well.
    Not something any noob, or even moderately capable user would do.
    https://blogs.rsa.com/rsa-peeks-into...hand-of-thief/
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  7. #7
    Join Date
    Aug 2013
    Beans
    3

    Re: Linux “HoT” bank Trojan: Failed malware

    unless someone can get sudo, they can't do diddly
    Wrong. You can send emails without sudo, you can make http get requests without sudo, you can connect to another ssh server without sudo, you can add items to your current user startup without sudo, you can scan your local network without sudo, you can access your webbrowser history without sudo, you can run shell scripts without sudo, you can ping without sudo...


    So all the bad guy needs to do is find a way to execute evil code on your machine to do all these things. Is it possible to execute bad code without sudo? Check the Ubuntu USN for more information. Sometimes applications in Ubuntu have security flaws which can be exploited by malicious hackers. There was even a case of the repository servers being hacked. Even these forums have been hacked due to bad security practice and (web) applications which weren't patched correctly.

    Bottom line, it's important to keep all your Ubuntu machines up to date. That will help protect your from the vulnerabilities shown in the page I suggested. But you'll never be 100% safe from new vulnerabilities.

    PS. when a Linux box does get hacked, the hacker doesn't always make it easy to find. Quite often they delete log records, or do things that are hard to notice. For example, do you know exactly which background processes are starting when you log into your ubuntu account? A hacker could add something in there that quietly makes you part of a botnet and you wouldn't even noticed. If you're hosting a web server he could create a sub folder or add something to your apache conf. So don't ever think or say "I've been using Ubuntu for years and I haven't been hacked yet", because the likelyhood is that you don't really know what is going on with your box and it's impossible to keep track of every file on your machine.
    Last edited by John_McCourt; September 12th, 2013 at 08:12 AM.

  8. #8
    Join Date
    Sep 2007
    Location
    The Netherlands
    Beans
    109

    Re: Linux “HoT” bank Trojan: Failed malware

    i think it's pretty easy to trick a user into giving sudo away. just fake an apport bug report like dialogue or some other fake gksu dialogue and people will happily give their sudo to whatever script is running behind it. once you do that, it's not your machine anymore.

    put a delay on the pop-up so people won't relate it to that thing they clicked on that website 45 minutes ago. it all runs in the background, adding users, groups, opening ports, grepping stuff from who knows where...

    granted, the weak spot would still be BKAC, but that's how easy it is.
    It's a GIANT MUSHROOM... MAYBE IT'S FRIENDLY!

  9. #9
    Join Date
    Jan 2011
    Location
    Boonesville Kentucky
    Beans
    46
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux “HoT” bank Trojan: Failed malware

    It's good to see that the good folks at Canonical have our backs, and as always: YAY Linux!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •