http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/

It is based on Java and downloads the appropiate malware for each platform.

does it only work on sun java? or is icedtea affected
could have been what that icedtea update was for a couple days ago
edit:
does it assume the current user is root?

Here is the link from the original F-secure site. http://www.f-secure.com/weblog/archives/00002397.html. Not much information on the GNU/Linux case. The real quustion is what if anything does the backend malware do? As for the user being root, the malware could trigger a prompt for the sudo password. Still all of this at this point appears to be very hypothetical in the GNU/Linux case.

I would however be every careful before providing the sudo password in order to view that video that makes Steve Ballmer look like a complete fool :wink:

Here's another article on the malware:

http://www.zdnet.com/cross-platform-trojan-attacks-windows-intel-macs-linux-7000000872/

This article includes the actual code.

http://cdn-static.zdnet.com/i/story/70/00/000872/malwarewinmaclin.png

I too am wondering whether OpenJDK is vulnerable? I had Oracle's Java installed for a short period of time, but the thing is so notoriously vulnerable (and anyway the related apps were so flaky) that I've gone back to OpenJDK. I'm glad LibreOffice doesn't try to install it anymore.

It seems that the malware is installed to the user's home directory under .bin?

http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/

It is based on Java and downloads the appropiate malware for each platform.

This is the same :
http://ubuntuforums.org/showthread.php?t=2023579

This is the same :
http://ubuntuforums.org/showthread.php?t=2023579

Thanks and... well... *that* was interesting.

I noticed that I was running JDK 6. I decided to remove it through the software center and Ubuntu courteously installed JDK 7 without asking. I then had to uninstall 7. We'll see if I really need Java. I don't think I do.

I don't understand how that is supposed to work for a Linux box. Doesn't it need a root password to do damage or is it just going to sit around and mess with whatever a normal user can do?

I don't understand how that is supposed to work for a Linux box. Doesn't it need a root password to do damage or is it just going to sit around and mess with whatever a normal user can do?

This reminds me of an extended argument I had here a year or two ago. The point of a trojan or "malware" in many, if not most cases, is to not draw attention to itself -- that means it's not going "to do damage" or "mess with whatever a normal user can do". The point is to extract valuable information. (Fat good it does to set the house on fire when you're trying to burgle.)

Linux may be relatively immune to viruses. (Viruses, famously, don't always need user participation, only a cooperative OS.) A trojan, on the other hand, commonly requires a duped user. Linux is no safer from trojans than Windows, mainly because the security of both rely on the wits or carelessness of the user.

There are probably few to any trojans for Linux because A.) It still represents such a "small" percentage of users and B.) Because Linux users aren't just passive recipients of the OS. They're a self-selected group. I think, in general, they're much savvier, technologically, and much harder to dupe.

This is the same :
http://ubuntuforums.org/showthread.php?t=2023579

Perhaps, we should merge these two threads?

Somewhat related: Krebs on Security (http://krebsonsecurity.com/2012/07/banking-on-a-live-cd/), in his most recent post, recommends using a LiveCD of Puppy Linux for on-line banking. That won't be news to most. In the comment section, though, someone pointed out the following:


The german magazine c’t created Surfix and Bankix, two specially tailored live-cds based on ubuntu for secure surfing and banking.

Both have a modified Linux-kernel, which is unable to write to harddisks, get live-security updates, Surfix comes with Chrome, Thunderbird, etc. and Bankix includes Hibiscus for HBCI and other *******anking standards.

Surfix (german): http://www.heise.de/ct/projekte/c-t-Surfix-Sicher-im-Web-1380126.html
Bankix (german): http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html

Thought that was interesting.

from the looks of the code, check your ~/bin folder to make sure nothing bad is there