| linuxducks.free-forums.org http://linuxducks.free-forums.org/ |
|
| Questions Linger About New Linux 'Hand of Thief' Trojan http://linuxducks.free-forums.org/viewtopic.php?f=9&t=1012 |
Page 1 of 1 |
| Author: | linuxducks [ Fri Aug 16, 2013 6:43 pm ] |
| Post subject: | Questions Linger About New Linux 'Hand of Thief' Trojan |
Questions Linger About New Linux 'Hand of Thief' Trojan Threatpost http://threatpost.com/questions-linger- ... ief-trojan GOING TO PICK UP A DISCUSSION ABOUT THIS STARTING FROM AREALLY GOOD GROUP I BELONG TO OVER AT YAHOO GROUPS CALLED .... LINUX_Newbies · Linux Newbies  http://tech.groups.yahoo.com/group/LINUX_Newbies/ |
|
| Author: | linuxducks [ Fri Aug 16, 2013 6:45 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
http://tech.groups.yahoo.com/group/LINU ... sage/31125 Link i got (feeds)... http://haverzine.com/2013/08/09/desktop ... f-malware/ On 8/9/2013 4:38 PM, Joe PM wrote: > goto > http://arstechnica.com/security/2013/08 ... _264365271 |
|
| Author: | linuxducks [ Fri Aug 16, 2013 6:47 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Re: [LINUX_Newbies] New Hand of Thief trojan does Linux but not windows! Posted By: linuxducks Sun Aug 11, 2013 4:35 pm I have been using the following (below link) that workd very well on several distributions I have tried. It is beyond Clam AV or Klam AV (AV=antivirus) for Linux because it has Real Time Protection! That means it blocks malware in real time from even installing on the system. If you have used Windows then you understand this importance as proactive protection rather than reactive. Reactive is using antivirus or full antimalware (antispyware included) that is only a scanner for infections with ability to remove - but that after the infection has occurred and any personal data comprimise. Comodo (FREE) for Linux really is genuinely light on the system as is the premium (pay subscription) ESET for Linux (best, opinion). TIP: When downloading either above products, you then go to that download package in your Files and right click the package and click Properties. Go to Permissions and click "Allow this to install" or similar. Otherwise the security of the Linux system just keeps an item like this as a like Read Only mode so it cannot launch. BOOKMARK Virus Protection - Comodo Antivirus for Linux Powerful anti-virus and email filtering software for Linux based computers. http://www.comodo.com/home/internet-sec ... -linux.php Note: Once you install the program you will need to open a Terminal with the commands shown in Comodo. This then goes through the License Agreement (standard) that by using you are not going to decompile and sell as pirate copies and blah blah blah. You hot scroll all the way down and then it will automatically install additional driver etc enabling Real time Protection and the full use of Comodo Linux. If memory serves, ESET just went automatic, done. Of course have to first hit Properties and Allow to install. gerald philly pa usa http://linuxducks.webs.com/ |
|
| Author: | linuxducks [ Fri Aug 16, 2013 6:48 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
yeah, i was just reading up on the threat particulars and equating to Windows - this is actually a medium to dangerous infection almost, not quite but almost, equal to the Windows threat known as the infamous Conficker Worm Botnet. FYI - (for your information) gerald philly pa usa HOME http://bluecollarpc.us/ (windoze security) My Web: http://linuxducks.webs.com/ |
|
| Author: | linuxducks [ Fri Aug 16, 2013 6:51 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
On 8/11/2013 9:37 PM, Joe PM wrote: -I installed Comodo antivirus free, their a good company, it is a good choice. The free version does not seem to have malware protection. Is there a good free malware protector for linux? thanks ------------- I dont know about free AVG but had terrible problems with that. I do know ESET NOD32 for Linux is antimalware - both antivirus + antispyware - and is paid yearly subscription. I have used that and it is the creme of the crop as on Windows. This is the company with the most independent labs awards (VB100) that has almost twice as many as the rest as Symantec and Sophos (about neck and neck) . This actually showed some hits that were blocked over the browser here and there (just a couple over a months time) online that was surprising. .... ESET NOD32 Antivirus 4 for Linux http://www.eset.com/us/home/products/nod32-for-linux/ Also there is Panda for Linux, antivirus + antispyware, which is also a well known quality product for Windows... Panda DesktopSecure for Linux Simple and complete protection for your Linux computer http://www.pandasecurity.com/japan/home ... topsecure/ IN ADVANCE.... I would guesstimate perhaps up to 80 percent maybe of Linux users will be rolling on the floor laughing at someone going to spend $30-40 (USD us dollars) a year for Linux antimalware. You would here a list of free stuff out there, free stand alone scanners with no protection but can remove viruses, and in the same breath saying you will never need it because Linux is impervious to malware - cant get infected. I would say we also heard this about Apple/Mac - same speel but no antivirus products - some millions and millions of infections ago. I do say now in todays world to NEVER operate ANY computer without a minimum of an antivirus product installed. I do say to the Linux diehards against antimalware saying Linux will never get infected that existing free anti-rootkit scanners are really poor if working at all. Many claim Linux as the safest in the world which is simply a complete fantasy and fabrication whether intentional or without knowledge. Windows Vista is the first operating system that did not allow viruses to write to the disk (just internet temporary files and erased closing the browser) and was found that it did not allow ANY rootkits to run on it. Windows Vista beat ALL anti-rootkit products in the world and this is imperical data. .... Vista’s Despised UAC Nails Rootkits, Tests Find Rootkits unable to run on Windows Vista ! http://www.pcworld.com/businesscenter/a ... ac_nails_r\ ootkits_tests_find.html After turning off UAC User Account Control, they were only able to even get four rootkits to attempt to run on Vista. I called it the security software crown of the decade of all the security industry. Malware was unable to run on Windows Vista with UAC. THIS is what old diehards say about Linux which is simply fantasy. Rootkits can run on Linux and granted very limited other threats. So it is PROVEN Windows Vista was the safest operating system in the world beating Linux. Vista with UAC is very much like the safe Linux system already, and I ponder if Micro$oft didnt steal something, hmmm. ... Anyhooo... it will become opinion across the board and the www as is happening as we speak, that Linux is going the way of Apple/Mac with possible/probable infection. They can rant at windoze all they want but when it comes to actual experience in handling malware and corporate level blended threats and Denial of Service Attacks and the great botnet plague and etc etc etc - it is Windows and Windows Users who have all the experience. In other words for Apple/Mac and Linux - it is like they are in their infancy and first days of even discovering malware in their system as was Windows so many, many years ago. Naturally they are talented enough to cope as was Microsoft. There will be those first akward days of real herendous hammering of the system by cybercriminals when they are overwhelemed but will bounce back quickly patching and hard coding what is needed. In short, a lot of trial and error type occurs in the beginning of attacks as unknown attacks, threats etc. I have been delving into Linux security wise, tinkering for a coule of years now. It urks me about any system that does not allow you into areas. We (in security) all know it is simply a matter of time before crimeware will circumvent areas, but if the user can not access to seek and discover - well what? How will the user really ever know if there is for instance a spyware package or other malware as some virus or rootkit present? Currently tinkering with AppArmor to lock down Firefox. Can not get it to accept value 1. But on Windows being in security since 2005 with actually discovery in the industry (malware RASautodial registry keys) on Linux I have to say I am only an intermediate user at best. Working though, working towards becoming an advanced user! Compared to Linux, windows was a piece of cake to learn security-wise. BOTTOM LINE... I think $30-40 USD a year is a very, very, very small price to pay to sit back and relax and enjoy my Linux never worring about malware. That simple. That cheap. That real. I naturally recommend ESET for Linux as tops and you can even use it free - fully working - for 30 days to see if you like it or not. TIP: If you indeed buy one of these products for Linux, I recommend making a back up copy of the installer package AND your license number. If a disaster occurs and you would need to reinstall Linux (meaning like some mess up other than malware) you will have to have the license number to reinstall the product or most likely would have to purchase a new copy. Quite frankly I have would not spend $40 on any Linux distro except a couple that are actually stable has been my experience. Debian of course is at the top of the list and worthy of that investment. I am currently running Xubuntu newly now this month and seems pretty stable. Windows you can bounce around like a basketball and it will always start back up fixing itself and especially Vista which introduced the self-healing technology. I have not found that true with many Linux distros. Simply lost all and had to reinstall. I caught a lot of flack in the past but that was first impressions about Linux - way too unstable and unsophisticated. Windows was the ONLY operating system that is Unix Certified meaning secure and stable. Linux and Apple/Mac only achieved Unix-Like Certification as somwhat insecure and somewhat unstable. Now THAT is imperical data as well. So being informed and knowledgable - well I back up what I say with proof. I am not making newbie novice rants and raves and opinions. And I say to that line that jumps down your throat at the first mention of antivirus for Linux to simply shut up and stop lying to the public and start being a contributor to the safe and secure community of computer users with intelligent knowledgable communications. THAT will earn you respect. I use to say it is my soap box and I will say what I want on it. Never nuff said in security. gerald philly pa usa Happy Hunting! Home http://linuxducks.webs.com/ My Windows Side.... -- SENDER: gerald309 Webmaster: Malware Removal/Amateur Forensics HOME http://bluecollarpc.us/ Alternate https://sites.google.com/site/pcsecurityhelper/ Free Malware Removal Help / A Community Website Since 2005 ----------------------------------------------------------------------------- |
|
| Author: | linuxducks [ Fri Aug 16, 2013 6:53 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Dont get me wrong about my opinions and comments expressed in previous post... I am abbalutely a Linux lover and have been for a few years now and contribute. What always impresses me about every Linux distro is that it runs as fast or faster than a brand new windoze pc - which after time just slows and slower particularly on start up. Linux runs that fast always from day one no matter what you install extra. Debian is rock hard solid and stable but Ubuntu with Mark Shuttleworth seem to have really put Linux on the map so to speak - especially attracting windows users to add a Linux puter or add a dual boot on existing pC or simply wipe a PC and install Linux. Some really nice distros have passed but that is happening now with all time favorite XP for windows. Nothing lasts forever except the newest system. By the way Trend Micro was an original that released Linux antivirus I am sure with antispyware. I do not believe that has remained, but was discontinued some time ago. gerald philly pa usa index.php (Information station, good browse) |
|
| Author: | linuxducks [ Fri Aug 16, 2013 7:00 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Re: New Hand of Thief trojan does Linux but not windows! http://tech.groups.yahoo.com/group/LINU ... sage/31151 Posted By: linuxducks Fri Aug 16, 2013 4:41 pm | Follow Up..... ( if bored with security just delete this) Questions Linger About New Linux 'Hand of Thief' Trojan Threatpost http://threatpost.com/questions-linger- ... ief-trojan In reviewing this informative press release it is apparent or really seems this piece of malware is actually checking security and prosecution involved in Linux. I say that because being in Windows security going back to the very first adware infections/infestations - much of that was actually testing the system. Originally, a good portion of adware infection payloads actually included Uninstall packages with it, whereby you could navigate to the uninstallation of software (Add/Remove Programs - XP) and uninstall it like other normal legit softwares. Some even went to court saying they were not breaking laws, that the user gave permission and etc etc etc. None of that held water. This was also the birth of spyware for Windows about year 2001 forward with A LOT of adware packages proceeding it. Once spyware and antispyware companies (such as Webroot) and laws were being born. it became quite apparent the adware was just the clever way of testing the waters to now bombard with spyware - the actual real threats to personal information (ID Thefts) and introducing brute force instability into the system and even damage. Of course it really took a lot of persuading and petitioning and complaints to get todays modern laws in effect against spyware and in all states in the USA and most all of the world. One place that sprung up and really evolved into otherwise was https://www.stopbadware.org/ - originally helping to get laws passed turned into clearing peoples websites from bad reports in search engines from Google blah blah blah. THIS looks so eerily familiar now with this first-days piece of Linux malware. I will bet this is nothing more than cyber criminals testing the waters in Linux, but nevertheless is apparently waiting to become fully active. What I had also posted about Linux having unaccessible areas kind of leaves a head scratch. With windows some areas were restricted as Hidden Files - the operating system files etc. However, a simple permissions click allowed complete access which was extremely necessary to access \system32 in Windows and the Downloaded Program Files (active x items) to discover malware infestation. Linux has no access to Root and seems some antivirus can not scan either. So like I said I am far from an Advanced User on Linux but not in windows malware. That's why I made this post and my opinion about this particular piece of Linux malware. I think its just an expendable offered dummy load like a criminal stake out op. ThAT was very prevalent in numbers and growing numbers in the birth of adware/spyware days on Windows. Perhaps towards the end of this decade will their be any real concern by virtually all users of Linux over malware because it will be there. Just opinions. Some pieces are like POST Data seems more the server side of things as improper sanitation areas of data transferred from the desktop and as a Data Scraping type area function. The absense apparent of their Injection process claimed as not making it fully functional and more dangerous may possibly be achieved at a bad infected website running a buffer overflow attack perhaps to grab the private database contents and even destroy the website application leaving it in a DOS denial of service state? If they are toying with researchers. All just opinion. gerald philly pa usa http://bluecollarpc.us/ --- In LINUX_Newbies@yahoogroups.com, "Joe PM" <jpmcsale@...> wrote: > > goto > http://arstechnica.com/security/2013/08 ... oesnt-do-w\ indows-but-it-does-linux/?goback=%2Egde_65688_member_264365271 > |
|
| Author: | linuxducks [ Fri Aug 16, 2013 8:14 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Re: New Hand of Thief trojan does Linux but not windows! http://tech.groups.yahoo.com/group/LINU ... sage/31153 Posted By: linuxducks Fri Aug 16, 2013 7:18 pm One last security mention here and I will back off a does not seem to grab much interest, responses. Here is an example of what I was mentioning about inaccessible Root of the Linux system by a user. ..... Fw: US-CERT Current Activity - Linux Root Access Vulnerabilities IN FULL: viewtopic.php?f=10&t=195 JUMP TO: QUOTED The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in Linux kernel versions 2.6.30 through 2.6.36-rc8. By sending a specially crafted socket function call, an attacker may be able to write arbitrary values into kernel memory and escalate privileges to root. UNQUOTE Now in Windows and several years ago I did an Amateur Forensics write up of an actual Botnet Infection Payload executed on my Windows XP desktop. I disected about all of it and had reported and kept logs at a forum etc toi finally just leaving it as a webpage for posterity as a sort of Anatomy of a Botnet Infection. What I discovered in this massive, massive malware payload was several Windows media icon files. In actually they were .DAT files which is data being stored in media format files. Now this was in Date of Infection approx December 2008 - before today as when you see a movie file in like Videos folder they have a thumbnail snapshot from the movie. So what I discovered were these several .DAT files that were not media (movies) at all but engineered apparently as Datagrams..... From http://bluecollarpc.us/forensics/ ...... JUMP TO..... Below you will understand the importance. There is incidence of data files or .DAT translated into media image files to hide by crimeware. - NON SAMPLE DAT file manipulation Reading and writing Isis image buffers. The objects defined below may be used to read and write images to and from two-dimensional DAT files. … http://web.media.mit.edu/~stefan/isis/s ... files.html <http://web.media.mit.edu/%7Estefan/isis/software/dat-files.html> TWO high qulaity players were unaffected which too legitmately guard particular .dat files. REFERENCE (Symantec above) "….Blubster is a peer-to-peer filesharing client which is based on MP2P – a propietary UDP transport protocol…." User Datagram Protocol http://en.wikipedia.org/wiki/User_Datagram_Protocol <http://en.wikipedia.org/wiki/User_Datagram_Protocol> User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. UDP is sometimes called the Universal Datagram Protocol. [sidebar - IP Spoofing, piping and PS.. IRCChat Relay is Pergamos - busted ! See IRC in IRS] UDP uses a simple transmission model without implicit hand-shaking dialogues for guaranteeing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose. Now this deals a lot with the BOTNETS and they hijack the computer spoofing internet connectivity to fool ISP and Law and use it for storage and sharing of illegal pirated copies of movies and software etc. You see they installed the P2P (peer to peer file swapping software) program as part of this massive payload called Blubster and much more including illicit malware transmission and that nine yards. (Of course they fell just short of re-connectivity and I had the entire machine diqagnosed and cleaned and running in about 58 minutes later!) INFO http://www.ehow.com/about_5031424_blubster.html Technology * Blubster uses a protocol called MP2P, which stands for Manolito Peer to Peer. This is an offshoot of the P2P, or Peer to Peer protocol. MP2P is based on the User Datagram Protocol, or UDP. Basing MP2P on UDP allows the Blubster service to remain anonymous. This means that users can upload or download files anonymously and cannot be tracked down and prosecuted for copyright infringement. Now go back up top and see and understand the hole found in Linux and equals apparently that Linux was fully open to botnet infection which would have been easily stopped by any real quality antimalware such as ESET NOD32 now. THIS is what I mentioned and meant about SECURITY in Linux that there are parts of Linux the user can not access for inspection as manually aiding antimalware in manual hunts for infections and really is disturbing to myself. Linux prides itself as Open Code and booos Windows for being Micro$oft Closed Code but there is virtually nothing Closed in Windows except for some crytopgraphic stuff such as Administrator Password etc etc etc. you just cant walk up and read in the Windows Registry. Oh well, just wanted to clarify my comments with some intelligent dialouge so that no one walked away with the impression that I was simply ranting and raving mindlessly, or trolling, or Linux-Bashing at all. I hope this post hit the mark! gerald philly pa usa Owner/Webmaster proudly of the BlueCollarPC.US http://bluecollarpc.us/ (Over 8.5 million Visitors/Users since 2005, Completely non-commercial Free Community Help Site) |
|
| Author: | linuxducks [ Fri Aug 16, 2013 8:31 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Re: New Hand of Thief trojan does Linux but not windows! http://tech.groups.yahoo.com/group/LINU ... sage/31154 Posted By: linuxducks Fri Aug 16, 2013 11:39 pm If you missed, these .Dat engineered media files also contained the infamous IRChat Relay dialogue between cyber criminal Bot Masters (nics BotLord, BotHerder etc). These were that hard to crack many times by the Law - Cyber Agencies internationally - and contained the "chatter". gerald philly pa usa http://bluecollarpc.us/ http://linuxducks.webs.com |
|
| Author: | linuxducks [ Sun Aug 18, 2013 12:04 pm ] |
| Post subject: | Re: Questions Linger About New Linux 'Hand of Thief' Trojan |
Hand of Thief malware could be dangerous (if you install it) TechRepublic (blog) This past week marked one of the first times I've seen the media actually present a real "warning" to Linux users. That warning was about the new “Hand of Thief” ... http://www.techrepublic.com/blog/linux- ... nstall-it/ -- SENDER: g.linuxducks / Creator: LinuxDucks Linux Operating System Club HOME: http://linuxducks.webs.com/ ALT: https://sites.google.com/site/linuxducks/home FORUM: index.php GROUPS: http://tech.groups.yahoo.com/group/linuxducks/ http://groups.google.com/group/linuxducks RSS https://groups.google.com/forum/feed/li ... xml?num=15 -- |
|
| Page 1 of 1 | All times are UTC - 4 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|