[ubuntu-in] Linux Trojan Raises Malware Concerns
Ramnarayan.K
ramnarayan.k at gmail.com
Mon Jun 14 15:05:49 BST 2010
A limited security concern butit has implications on how we view our
Linux OS as far as on the net safety is concerned.
Read more below
or visit link to get more details and reader's comments - which are interesting
Seems it yet again boils down to how careful / careless users are with
respect to security permissions
ram
Linux Trojan Raises Malware Concerns
http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html
By Tony Bradley, PC World
[Author's Note: The article has been modified to correct the assertion
that Unreal IRC has any relation to Unreal--the first-person shooter
developed by Epic Games.]
People who read this also read:
People Who Like This Also Like
I've got good news and bad news for those of the misguided perception
that Linux is somehow impervious to attack or compromise. The bad news
is that it turns out a vast collection of Linux systems may, in fact,
be pwned. The good news, at least for IT administrators and
organizations that rely on Linux as a server or desktop operating
system, is that the Trojan is in a download that should have no
bearing on Linux in a business setting.
Despote the perception that Linux is inherently secure, it is not
impervious and IT admins need to remain vigilant.An announcement on
the Unreal IRCd Forums states "This is very embarrassing...We found
out that the Unreal3.2.8.1.tar.gz file on our mirrors has been
replaced quite a while ago with a version with a backdoor (trojan) in
it. This backdoor allows a person to execute ANY command with the
privileges of he user running the ircd. The backdoor can be executed
regardless of any user restrictions (so even if you have passworded
server or hub that doesn't allow any users in)."
The post goes on to say "It appears the replacement of the .tar.gz
occurred in November 2009 (at least on some mirrors). It seems nobody
noticed it until now."
Unreal IRC is an Internet relay chat platform. I don't have any
numbers on the total downloads since November of 2009, but it seems
safe to assume there are a lot of Linux systems out there compromised
by a backdoor Trojan.
However, none of those systems should be in a place of business, so
the risk from a business perspective is not very high. IT
administrators can learn, though, from the mea culpa at the end of the
UnrealIRCd Forums post. "We simply did not notice, but should have. We
did not check the files on all mirrors regularly, but should have. We
did not sign releases through PGP/GPG, but should have done so."
Basically, because of the false sense of security provided by Linux it
simply never occurred to anyone to check if the software might be
compromised. Combining that false sense of security with the security
by obscurity factor that Linux makes up less than two percent of the
overall OS market and isn't a target worth pursuing for attackers,
means that many Linux owners have zero defenses in place.
To be fair, Linux experts are aware that the operating system is not
bulletproof. You can pick any flavor of Linux, and its accompanying
tools and applications and find hundreds of vulnerabilities. The
difference--according to the many lectures I have received in the
comments of articles I have written on Windows security--is that the
way the Linux OS is written makes it harder to exploit a
vulnerability, and that because its open source vulnerabilities are
fixed in hours rather than months.
The lesson for IT Admins managing Linux is to be more vigilant. Linux
is not impervious to attack. Hopefully the Linux systems in a business
environment aren't running Unreal, but it's quite possible that Unreal
is not the only compromised software available.
Linux does not have the vast array of threats facing it that Windows
systems do, but there are still threats. Even if those threats aren't
exploited through a quickly-spreading worm, they are still there and
represent a potential Achilles heel in your network security if not
monitored and protected.
Don't make the mistake of simply assuming Linux systems are safe
because they're Linux systems. Implement similar security controls and
policies for Linux as you have in place for Windows systems and you
can prevent being pwned by a backdoor Trojan for months without even
knowing about it.
You can follow Tony on his Facebook page , or contact him by email at
tony_bradley at pcworld.com . He also tweets as @Tony_BradleyPCW .
More information about the ubuntu-in
mailing list