Last edited by prodigy_; March 23rd, 2013 at 11:56 AM.
swap that out with the dd command or rm from from root.... and you'd have supposedly destructive malware according to those anti-virus companies
Moral of the story: always have an external backup.
I agree you should always have backups, you also should never enter your password if it jumps up unexpectedly... for example if the update window pops up... and you click install updates, you know it popped up for what you just did... but if it jumped up for no reason..... never enter the password...
I don't know much about networking and even less cracking, but can't a cracker compromise a given system through the net taking advantage of any vulnerability on a remote machine's services? In this case, I guess they wouldn't even need a root password to infect the machine with some kind of malicious program (or they could probably find the password once they compromise the system). Someone please correct me if I'm wrong
http://lwn.net/Articles/268783/). This is why sandboxing in Chrome and newer Firefox, and stuff like Arkose, is a big deal. We already have a lot of functionality to limit a program to a specific section of the filesystem, but a significant part of this new stuff is to limit a program to a set of system calls, which reduces the attack surface for any malware. In the past we've had seccomp as a thin layer to provide that functionality, and seccomp-bpf does the same with a little more control. Chrome uses a broker process with a very strict policy for what system calls its children can run. When a browser process wants to run a fancier system call, it has to go through the broker.
With that said, sounds like this runs on a Windows host, and I'll bet the goal is to slow down antivirus tools that run from Linux environments. I just felt like clearing up a common misconception :)
Last edited by Mr. Picklesworth; March 24th, 2013 at 06:25 AM.
if i read that correctly (just skimmed through it), the malware runs on a Windows machine, looks for a program called 'mRemote' ( remote connections manager), and tries to extract hostnames and passwords stored by that program. It then uses these to try and ssh to a remote hosts and (in the case of Linux/Unix machines) runs a script that deletes files.
Servers running Samba or NFS that export directories mounted by the Windows clients might be vulnerable to this attack, but only in directories to which the local Windows user has privileges. So it might be possible to log into my server with my username and password and delete my files, except that my Samba passwords bear no resemblance to my Linux passwords.
Last edited by SeijiSensei; March 24th, 2013 at 12:52 AM.