Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

  1. #11
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by ivze View Post
    One of them is an awkward right managing system with only user/group/other file attributes.
    That's so not true. You can use finer and highly more complex access control lists. It's been in the kernel since the mid-90's. And yes, I know places where they use those extended attributes. It's just that you and me as home users most likely don't need it and can live perfectly with the simpler traditional "user/group/other" permissions in 99% of all cases. If you still need it and if you know what you do it's no big deal to implement this on your system. You just need to modify one mount option inside /etc/fstab and you need to have the tools (e.g. "getfacl", and "setfacl" and many others) to deal with those extra permissions, and that's it.

  2. #12
    Join Date
    Jan 2005
    Location
    Sydney (currently)
    Beans
    21
    Distro
    Ubuntu Breezy 5.10

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Excellent input guys.

    One of the keys regarding this discussion is that intended users are likely not highly technical and have minimal tech support resources - but do take security seriously. I am working on a guide that will make it easy to get an initial secure desktop configuration and then by following a few simple rules the user can have a relatively secure system that requires minimal ongoing maintenance.

    The guide will be aimed at those who want a decent level of security, but not the ultra paranoid. As we all know absolute security is very difficult to achieve especially when your adversary has significant resources. The ultra paranoid would need access to more specialist security knowledge - encryption of all data both stored and in transit, anonymous networks like tor and locked down local systems / networks.

    The points regarding malware infection are excellent and are a strong part of the argument for using Ubuntu on the desktop for these types of organisations and users (even though exploitation of user environment is possible, installation of system wide rootkits via exploited application or plugin is much more difficult when compared to windows).

    Recent trends have shown that many targeted malware exploitation vectors (on windows) are third party plugins and applications within the Windows environment. Quicktime, Real Player, Flash, Adobe etc. On a windows desktop this means ensuring all those little apps are kept up to date, while on Ubuntu as long as you stick to the official repositories apt-get upgrade is all it takes.

    Does anyone know of "in the wild" examples where a web based script was able to exploit a Linux users environment sufficiently to grab files or implement a key logger for that user?

  3. #13
    Join Date
    Mar 2008
    Location
    Copenhagen Denmark
    Beans
    722
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Does anyone know of "in the wild" examples where a web based script was able to exploit a Linux users environment sufficiently to grab files or implement a key logger for that user?
    yes. they exist, but as someone said, " to catch a virus in ubuntu, you have to work for it. To catch a virus in Windows, you just have to work on it.
    This is quite funny :=)

    to catch virus in ubuntu, and make it do any harm, you have to manually run it as root.

    I would make a user that has no administrative rights, and i would always use this user, except when you need to install a program.
    and ONLY install programs through the repositories.

    This way, no virus could be installed with the needed rights to perform actual damage... Well... i suppose a keylogger would need root to work right?? someone correct me if i am wrong.

    AAAnd read this if you haven't already. Ubuntu Security It is a great thread written by LaRoza.
    Ubuntu 10.10 Maverick | ASUS A6Rp | Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | 4 GB ram |
    Graphic Card: ATI Technologies inc RC410 [Radeon Xpress 200M]

  4. #14
    Join Date
    Sep 2006
    Location
    Central Europe
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by jakupl View Post
    I would make a user that has no administrative rights, and i would always use this user, except when you need to install a program.
    It's not like you can't do this on Windows, but who really uses his home computer that way? Do you use a restricted user account? I don't and so do many.

    The security design of an OS is worthless, if the user is an idiot. People that open "britney_nude.exe" attachments of emails will be clever enough to do an "sudo sh britney_nude.sh".

  5. #15
    Join Date
    Mar 2008
    Location
    Copenhagen Denmark
    Beans
    722
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by MacUntu View Post
    It's not like you can't do this on Windows, but who really uses his home computer that way? Do you use a restricted user account? I don't and so do many.
    Very true. but Windows is full of vulnerabilities, doing so in Windows doesn't guarantee anything.

    Quote Originally Posted by MacUntu View Post
    The security design of an OS is worthless, if the user is an idiot. People that open "britney_nude.exe" attachments of emails will be clever enough to do an "sudo sh britney_nude.sh".
    This would be why you need an account without sudo abilities=administrative rights.
    Ubuntu 10.10 Maverick | ASUS A6Rp | Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | 4 GB ram |
    Graphic Card: ATI Technologies inc RC410 [Radeon Xpress 200M]

  6. #16
    Join Date
    Nov 2005
    Location
    Nashville, TN
    Beans
    408
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    It would be foolish to assume that Linux has perfect security and that no malware will ever be able to elevate it's privileges. That doesn't mean that it's easy. It'll take a lot of work an research to pull it of but it is in the realm of possibility.

    If the user won't execute it at the privilege level then consider that it is quite possible to crack a linux server. It's happened before and it'll happen again. The cream of the hacking crop would be to compromise a repository and inject your own code into a commonly installed package. Will it be easy... absolutely not. Is it possible, yes as no security system is perfect. The result... every installed Ubuntu machine that updates is then compromised..

    That of course is simply a worst case scenario which is never likely to happen as the number of people capable of doing it can probably be counted on one's hands and then they're probably not the types to do it.

    Then again consider what's been in the news about the Chinese getting into DoD computers. What would happen if Tibet suddenly announced they were going with Ubuntu and then China turning it's eyes on Ubuntu's servers?

    I'm not intending to ruffle any feathers, just tossing out items for thought.
    -Chayak

  7. #17
    Join Date
    Sep 2007
    Beans
    68
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    I just read this post and I have been an Info Sec professional for about quite a few years and i can't resist throwing in my two cents:
    1) Most attacks these days are for profit. If people find they can exploit something in linux (or Mac OS for that matter) that will make them some illegal money (probably by grabbing credit card numbers or passwords), then you can expect to see them. For a great report on these trends see Symantec's report http://www.symantec.com/business/the...d=threatreport -- Just keep a skeptic mind and remember that Symantec themselves make money by selling "security"......)
    2) You don't need to be root to install malware that would be beneficial to the attacker. There are plenty ways to kick off a process when a user logs in (with the user's rights) that would be of use to the attacker. There is no reason a bot needs to run with root privileges and although it has been 15 years since I have programmed in X-Windows, as I recall, getting X to capture key strokes is very straight forward.
    3) The best thing to do is keep yourself patched. This is because to get malware on your machine, the bad guy has to run some code on your machine:

    A) This started out by taking advantage of vulnerable services running on your machine that can be exploited to run code. As several pointed out this is much less of an issue on Ubuntu as it doesn't have many open IP ports (It is incorrect to say that is has no open ports. Hardy has at least 2 open UDP ports on my installations-- avahi and dhclient3. Therefore, I run a firewall, because the benefits (more protection) outweigh the drawbacks (a little processing overhead, installation and configuration time, etc).
    B) As firewalls came into use, the attackers realized the email was a much better vector to get some malicious code running on someone's machine. As was pointed out, it is much easier to get an executable running on Windows than Linux, but if a vulnerability can be found in your email client, then all bets are off.
    C) The latest trend is finding vulnerable legitimate web sites, putting the code on them that takes advantage of known issues in browsers (Internet Explorer, generally, but there have been some ugly issues in FireFox as well) and the browser plug-ins (Flash, Adobe, etc) that install the malware. (See http://www.us-cert.gov/current/index...ous_javascript ) In my opinion, running NoScript in Firefox is the best thing you can do these days to keep yourself safe.
    4) Anti-virus isn't a bad idea, even on Linux. Again the benefits (extra protection) outwiegh the drawbacks (a little processing overhead, a little installation and configuration time, etc)

    In my mind, there is no doubt that a default install of Ubuntu is much more secure that a default installation of any Windows product, both because the default Ubuntu installation is much more secure (for the reasons pointed out in this thread), and the threat is less (as most attackers are targeting windows).

    But having said that, the threats are out there, so I would urge everyone not to feel to smug-- Keep everything up to date (Update Manager is your best friend.....) and add the additional security with a firewall (firestarter), anti-virus (clam-av), and NoScript
    Last edited by stmurray; May 3rd, 2008 at 03:36 PM.
    Sean T Murray

  8. #18
    Join Date
    Mar 2008
    Location
    Copenhagen Denmark
    Beans
    722
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by stmurray View Post
    I just read this post and I have been an Info Sec professional for about quite a few years and i can't resist throwing in my two cents:
    1) Most attacks these days are for profit. If people find they can exploit something in linux (or Mac OS for that matter) that will make them some illegal money (probably by grabbing credit card numbers or passwords), then you can expect to see them. For a great report on these trends see Symantec's report http://www.symantec.com/business/the...d=threatreport -- Just keep a skeptic mind and remember that Symantec themselves make money by selling "security"......)
    2) You don't need to be root to install malware that would be beneficial to the attacker. There are plenty ways to kick off a process when a user logs in (with the user's rights) that would be of use to the attacker. There is no reason a bot needs to run with root privileges and although it has been 15 years since I have programmed in X-Windows, as I recall, getting X to capture key strokes is very straight forward.
    3) The best thing to do is keep yourself patched. This is because to get malware on your machine, the bad guy has to run some code on your machine:

    A) This started out by taking advantage of vulnerable services running on your machine that can be exploited to run code. As several pointed out this is much less of an issue on Ubuntu as it doesn't have many open IP ports (It is incorrect to say that is has no open ports. Hardy has at least 2 open UDP ports on my installations-- avahi and dhclient3. Therefore, I run a firewall, because the benefits (more protection) outweigh the drawbacks (a little processing overhead, installation and configuration time, etc).
    B) As firewalls came into use, the attackers realized the email was a much better vector to get some malicious code running on someone's machine. As was pointed out, it is much easier to get an executable running on Windows than Linux, but if a vulnerability can be found in your email client, then all bets are off.
    C) The latest trend is finding vulnerable legitimate web sites, putting the code on them that takes advantage of known issues in browsers (Internet Explorer, generally, but there have been some ugly issues in FireFox as well) and the browser plug-ins (Flash, Adobe, etc) that install the malware. (See http://www.us-cert.gov/current/index...ous_javascript ) In my opinion, running NoScript in Firefox is the best thing you can do these days to keep yourself safe.
    4) Anti-virus isn't a bad idea, even on Linux. Again the benefits (extra protection) outwiegh the drawbacks (a little processing overhead, a little installation and configuration time, etc)

    In my mind, there is no doubt that a default install of Ubuntu is much more secure that a default installation of any Windows product, both because the default Ubuntu installation is much more secure (for the reasons pointed out in this thread), and the threat is less (as most attackers are targeting windows).

    =D>
    Ubuntu 10.10 Maverick | ASUS A6Rp | Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | 4 GB ram |
    Graphic Card: ATI Technologies inc RC410 [Radeon Xpress 200M]

  9. #19
    Join Date
    Oct 2004
    Location
    Nissa la bella
    Beans
    216
    Distro
    Ubuntu

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    This kind of attack targeting pro-Tibetan organization is a reality. Our association was actually attacked around a month ago (hopefully, at this time the website was partially close because was on beta version).

    In 5 hours up to 12000 http hits were send from an IP address in Italy. This was a kind of robot executing all the time the same script (browsing web site and adding item into the cart) I guess that was a kind of small DoS attack.
    I don't really get the point of such attack against our website which is quite small for the moment.

    Since then no more such attack but i can still notice time to time strange exceptions in the logs caused by malformed requests.


    Now our website is open and i'm thinking to put in place a CAPTCHA system.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •