[ubuntu-in] Linux Trojan Raises Malware Concerns

Mallikarjun(ಮಲ್ಲಿಕಾರ್ಜುನ್) mallik.v.arjun at gmail.com
Tue Jun 15 18:25:02 BST 2010 

On Mon, Jun 14, 2010 at 7:35 PM, Ramnarayan.K <ramnarayan.k at gmail.com> wrote:
> A limited security concern butit has implications on how we view our
> Linux OS as far as on the net safety is concerned.
>
> Read more below
>
> or visit link to get more details and reader's comments - which are interesting
>
> Seems it yet again boils down to how careful / careless users are with
> respect to security permissions
>
>
> ram
>
>
> Linux Trojan Raises Malware Concerns
> http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html
>
>
> By Tony Bradley, PC World
>
> [Author's Note: The article has been modified to correct the assertion
> that Unreal IRC has any relation to Unreal--the first-person shooter
> developed by Epic Games.]
> People who read this also read:
> People Who Like This Also Like
>
>
>
> I've got good news and bad news for those of the misguided perception
> that Linux is somehow impervious to attack or compromise. The bad news
> is that it turns out a vast collection of Linux systems may, in fact,
> be pwned. The good news, at least for IT administrators and
> organizations that rely on Linux as a server or desktop operating
> system, is that the Trojan is in a download that should have no
> bearing on Linux in a business setting.
>
> Despote the perception that Linux is inherently secure, it is not
> impervious and IT admins need to remain vigilant.An announcement on
> the Unreal IRCd Forums states "This is very embarrassing...We found
> out that the Unreal3.2.8.1.tar.gz file on our mirrors has been
> replaced quite a while ago with a version with a backdoor (trojan) in
> it. This backdoor allows a person to execute ANY command with the
> privileges of he user running the ircd. The backdoor can be executed
> regardless of any user restrictions (so even if you have passworded
> server or hub that doesn't allow any users in)."
>
> The post goes on to say "It appears the replacement of the .tar.gz
> occurred in November 2009 (at least on some mirrors). It seems nobody
> noticed it until now."
>
> Unreal IRC is an Internet relay chat platform. I don't have any
> numbers on the total downloads since November of 2009, but it seems
> safe to assume there are a lot of Linux systems out there compromised
> by a backdoor Trojan.
>
> However, none of those systems should be in a place of business, so
> the risk from a business perspective is not very high. IT
> administrators can learn, though, from the mea culpa at the end of the
> UnrealIRCd Forums post. "We simply did not notice, but should have. We
> did not check the files on all mirrors regularly, but should have. We
> did not sign releases through PGP/GPG, but should have done so."
>
> Basically, because of the false sense of security provided by Linux it
> simply never occurred to anyone to check if the software might be
> compromised. Combining that false sense of security with the security
> by obscurity factor that Linux makes up less than two percent of the
> overall OS market and isn't a target worth pursuing for attackers,
> means that many Linux owners have zero defenses in place.
>
> To be fair, Linux experts are aware that the operating system is not
> bulletproof. You can pick any flavor of Linux, and its accompanying
> tools and applications and find hundreds of vulnerabilities. The
> difference--according to the many lectures I have received in the
> comments of articles I have written on Windows security--is that the
> way the Linux OS is written makes it harder to exploit a
> vulnerability, and that because its open source vulnerabilities are
> fixed in hours rather than months.
>
> The lesson for IT Admins managing Linux is to be more vigilant. Linux
> is not impervious to attack. Hopefully the Linux systems in a business
> environment aren't running Unreal, but it's quite possible that Unreal
> is not the only compromised software available.
>
> Linux does not have the vast array of threats facing it that Windows
> systems do, but there are still threats. Even if those threats aren't
> exploited through a quickly-spreading worm, they are still there and
> represent a potential Achilles heel in your network security if not
> monitored and protected.
>
> Don't make the mistake of simply assuming Linux systems are safe
> because they're Linux systems. Implement similar security controls and
> policies for Linux as you have in place for Windows systems and you
> can prevent being pwned by a backdoor Trojan for months without even
> knowing about it.
>
> You can follow Tony on his Facebook page , or contact him by email at
> tony_bradley at pcworld.com . He also tweets as @Tony_BradleyPCW .
>

Actually the point to be noted is, "most of the times we won't get to
know that we are compromised" until some strong evidence is found...
So I think there should be some file auditing software intelligent
enough to identify whether it is something misbehaving or not...

Also I feel, We mostly get compromised due to vulnerabilities in
Applications rather than Underline OS/Kernel... Most vulnerable apps
are cross platform like Adobe Flash, JDK, Web Browsers, Open Office...
 I don't mean to avoid them, but try to Update regularly...


> --
> ubuntu-in mailing list
> ubuntu-in at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
>

More information about the ubuntu-in mailing list