ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Linux users targeted by mystery drive-by rootkit

(1/3) > >>

Edvard:
The malware is aimed at the 64-bit Debian Squeezy kernel and is distributed to would-be victims via an unusual form of iFrame injection attack

--- End quote ---

https://www.infoworld.com/d/security/linux-users-targeted-mystery-drive-rootkit-207588?source=IFWNLE_nlt_openenterprise_2012-11-21




Article says it looks so far like a work-in-progress, but just a reminder that we Linux users are not and never will be completely immune.
Stumps me why they chose Debian Squeeze, why not Ubuntu for the newb user base?  Why not Red Hat for all the delicious server exploit possibilities?
... And Bronx cheers to Infoworld for getting the distro name wrong (Squeezy? Really? Research much?)

from sumwhar ah ferget
Rootkit Icon by ? http://thethreatvector.wordpress.com/2012/10/12/common-malware-types-cybersecurity-101/

barney:
Stumps me why they chose Debian Squeeze, why not Ubuntu for the newb user base?
-Edvard (November 24, 2012, 12:06 AM)
--- End quote ---

Well, if it was me - it ain't - I'd test on a small sample, see how things work, then adapt and magnify  :huh:.  Even black hats need to test in the real world  :o.

Totally agree with the cheer - reporting should be accurate.

Edvard:
Well, if it was me - it ain't - I'd test on a small sample, see how things work, then adapt and magnify
--- End quote ---
Judging by the details reported on, that may be exactly what's happening.  Debian proper is just generic enough to leave room for adaptation.

barney:
For years, Apple was virus-proof, then it became popular enough to attract attention.  Same scenario is playing out now in the Linux arena.  Actually, I'm surprised that the Red Hat commercial bits have not been attacked before this.  But Ubuntu/Debian has become widespread enough to make it a target.  Kinda like Apple, it's a bigger target now, something that can provide bragging rights.

SeraphimLabs:
If it aims for the Squeeze kernel, it would infect both Debian and Ubuntu as they come from the same sources. Ubuntu just has a faster release cycle.

Also, Squeeze is used in both server and client. Two of my own are Debian Squeeze, although if the infecton vector is an iframe it isn't going to bother them because I don't have GUIs installed on either one and cannot directly surf the internet using them.

Can't have anything nice, someone comes along and writes malware for it.

Navigation

[0] Message Index

[#] Next page

Go to full version