Results 1 to 6 of 6

Thread: Preventative Maintenance for 'Xnote' Linux Trojan

  1. #1
    Join Date
    Oct 2007
    Beans
    182

    Preventative Maintenance for 'Xnote' Linux Trojan

    Any suggestions on precautions I can take?

    http://www.techworm.net/2015/02/xnot...s-botnets.html
    CPU:AMD Turion(tm) 64 X2 Mobile Technology TL-52*slot: Socket S1,1600MHz*RAM: DIMM DDR2 667 MHz X 2 1GB*HDISK: Western Digital ATA Disk (320GB)*video: nVidia Geforce Go 6150 clock: 66MHz*wifi: Broadcom Corporation BCM4311
    eth0: nVidia MCP51

  2. #2
    Join Date
    Apr 2009
    Location
    Argyll and Bute
    Beans
    3,092
    Distro
    Ubuntu 24.04 Noble Numbat

    Re: Preventative Maintenance for 'Xnote' Linux Trojan

    Don't run as root
    The malware will only be installed in a system if it has been launched with superuser (root) -
    Ubuntu 18.04

  3. #3
    Join Date
    Oct 2007
    Beans
    182

    Re: Preventative Maintenance for 'Xnote' Linux Trojan

    Quote Originally Posted by carl4926 View Post
    Don't run as root
    So I'd have to run this malware 'manually' as su? It won't run as root by itself?
    CPU:AMD Turion(tm) 64 X2 Mobile Technology TL-52*slot: Socket S1,1600MHz*RAM: DIMM DDR2 667 MHz X 2 1GB*HDISK: Western Digital ATA Disk (320GB)*video: nVidia Geforce Go 6150 clock: 66MHz*wifi: Broadcom Corporation BCM4311
    eth0: nVidia MCP51

  4. #4
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    872
    Distro
    Ubuntu

    Re: Preventative Maintenance for 'Xnote' Linux Trojan

    Quote Originally Posted by chiques View Post
    So I'd have to run this malware 'manually' as su? It won't run as root by itself?
    You wouldn't run it. Attackers have brute forced internet-facing password, like on ssh. Once they get root access the bad guys run it themselves. So disable password auth on ssh and only use keys. If you don't have any services running open to the internet then you're not the target of the campaign they're talking about in the link.
    Knock knock.
    Race condition.
    Who's there?

  5. #5
    Join Date
    Jun 2006
    Location
    California
    Beans
    638

    Re: Preventative Maintenance for 'Xnote' Linux Trojan

    Unless you are running something like a website, you don't have to do anything. Your desktop computer or laptop is safe.
    Ubuntu 16.04 x64, Core i7 4770k, 8Gb RAM, Nvidia Gtx 650, Sandisk Extreme 120 SSD.

    https://reddingcomputer.wordpress.com/

  6. #6
    Join Date
    Feb 2008
    Location
    Land of fire and drought
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Preventative Maintenance for 'Xnote' Linux Trojan

    This:

    The malware will only be installed in a system if it has been launched with superuser (root) privileges.
    This:

    The only saving grace for Linux users it that it will not launch itself if it doesnt have the root privileges in the target PC.
    ... and this:

    “The only saving grace for Linux users it that it will not launch itself if it doesnt have the root privileges in the target PC.”

    Which is why you don’t log in as ‘root’ and instead ‘sudo’ whenever you need root privileges.
    You need to boot your machine and log in as root to open the backdoor. No-one does, and if they do, not advisable.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •