"Hand of Thief Trojan targets all common Linux distributions"

John Hupp lubuntu at prpcompany.com
Sat Sep 7 15:50:37 UTC 2013

On 9/6/2013 10:29 PM, Jonathan Marsden wrote:
> On 09/06/2013 11:26 AM, John Hupp wrote:
>> I understand that with a standard Ubuntu/Lubuntu installation not
>> running Wine, it is believed that there are no active threats that would
>> responsibly require resident anti-virus protection.
>> That may still be true today, but perhaps it won't be for too much
>> longer.  See the last 3 paragraphs of this article:
>> http://www.crn.com/news/security/240160712/security-firms-warn-of-potential-banking-trojan-attacks.htm?cid=nl_sec
> Did you read the RSA assessment CRN got their info from?  It includes:
>>> Initial Infection Method Still Primitive
>>> The Linux platform does not have the same type of commercial exploit
>>> packs for use in mass drive-by-download campaigns (the most popular
>>> infection method for the Windows OS). Moreover, Hand of Thief’s
>>> developer did not offer a recommended infection method, other than
>>> sending the Trojan via email and using some social engineering to
>>> have the user launch the malware on their machine.
> MY SUMMARY: Someone is building a new commercial trojan for Linux, which
> doesn't actually work yet, and there is no known way to infect anyone
> with it anyway, except persuading users to run it themselves.
> I'd say Linux remains a long way from needing AV, based on that!
> Jonathan

Agreed, that is the current state of affairs, which the CRN article 
itself notes, but it also notes the developer's plan to add the 
capability for drive-by downloads.  So the question seems to be whether 
he can make good on that.

More information about the Lubuntu-users mailing list