Russian anti-virus software maker Doctor Web, has identified, “The first Trojan in history to steal Linux and Mac OS X passwords (http://news.drweb.com/show/?i=2679&lng=en&c=14).” BackDoor.Wirenet.1 (http://vms.drweb.com/search/?q=BackDoor.Wirenet.1), is the first Trojan Horse program that works on the Mac OS X and Linux platforms that is, “designed to steal passwords stored by a number of popular Internet applications.” ...

http://www.forbes.com/sites/anthonykosner/2012/08/31/new-trojan-backdoor-malware-targets-mac-os-x-and-linux-steals-passwords-and-keystrokes/

It would have been nice if they'd have said how it can get into a system.

Well, a trojan by definition is a piece of software that gets loaded onto the system by a user. The user downloads a package, probably thinking it is an application, and runs it. People can avoid getting infected by not downloading and running software unless it is vetted.

This looks so much like one of those "Pass around" email virus scares it makes me laugh.
I think there'll soon be a red faced journalist at Forbes...

Russian anti-virus software maker Doctor Web, has identified, “The first Trojan in history to steal Linux and Mac OS X passwords (http://news.drweb.com/show/?i=2679&lng=en&c=14).” BackDoor.Wirenet.1 (http://vms.drweb.com/search/?q=BackDoor.Wirenet.1), is the first Trojan Horse program that works on the Mac OS X and Linux platforms that is, “designed to steal passwords stored by a number of popular Internet applications.” ...

http://www.forbes.com/sites/anthonykosner/2012/08/31/new-trojan-backdoor-malware-targets-mac-os-x-and-linux-steals-passwords-and-keystrokes/

It would have been nice if they'd have said how it can get into a system.

This one has been discussed in this Forum already. Points to note are:-

1. No delivery mechanism for BackDoor.Wirenet.1 has been detected, or even suggested, by Dr Web. This implies that the trojan is in their lab, rather than in the wild;

2. The IP address for the call home function in the code published by Dr Web does not accept connection requests. Very odd for such a trojan.

3. 'Dr Web' appears to be in the business of selling a virus protection product aimed at the linux and Apple markets. Not a functionality that is eagerly sought, nor much needed, by either OS in the opinion of most knowledgeable folk.

Keep calm, don't panic.

rjbl

Thread moved to The Community Cafe.

Not a support request.


404

So... I still have to download and install this...... "virus".... scary stuff... Stick the repo's an you have nothing to worry about

It would have been nice if they'd have said how it can get into a system. Trojans get on your system by pretending to be legitimate software and fooling the user into actually installing the pretend software instead.

Install real software instead of pretend software, and you'll be fine. Nothing scary. Use common sense. Stick to the main repositories. If you have questions about non-standard repositories or packages outside of the repositories, ask here, and people will tell you whether it's trustworthy or not.

Just seen this on "Full Circle" I don't think I will worry too much. :p..

Scary stuff lol. I think this covers what we all have.

The program also grabs
passwords submitted to Opera,
Firefox, Chrome and Chromium
web browsers, and credentials
stored by applications including
email client Thunderbird, web
suite SeaMonkey, and chat app
Pidgin.



Multi-platform virus strains
that infect Windows, Mac OS X
and Linux machines are extremely
rare but not unprecedented. One
example include the recent Crisis
super-worm. Creating a strain of
malware that infects Mac OS X
and Linux machines but not
Windows boxes seems, frankly,
weird given the sizes of each
operating system's userbase -
unless the virus has been
designed for some kind of closely
targeted attack on an
organisation that uses a mix of
the two Unix flavours.



I am not sure what they are getting at here?

More on "Multi-platform virus" that does not even sound possible.