Questions Linger About New Linux 'Hand of Thief' Trojan
Page 1 of 1

Author:  linuxducks [ Fri Aug 16, 2013 6:43 pm ]
Post subject:  Questions Linger About New Linux 'Hand of Thief' Trojan

Questions Linger About New Linux 'Hand of Thief' Trojan
Threatpost ... ief-trojan

LINUX_Newbies · Linux Newbies :mrgreen:

Author:  linuxducks [ Fri Aug 16, 2013 6:45 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan ... sage/31125

Link i got (feeds)... ... f-malware/

On 8/9/2013 4:38 PM, Joe PM wrote:
> goto
> ... _264365271

Author:  linuxducks [ Fri Aug 16, 2013 6:47 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Re: [LINUX_Newbies] New Hand of Thief trojan does Linux but not windows!
Posted By: linuxducks
Sun Aug 11, 2013 4:35 pm

I have been using the following (below link) that workd very well on
several distributions I have tried. It is beyond Clam AV or Klam AV
(AV=antivirus) for Linux because it has Real Time Protection! That means
it blocks malware in real time from even installing on the system. If
you have used Windows then you understand this importance as proactive
protection rather than reactive. Reactive is using antivirus or full
antimalware (antispyware included) that is only a scanner for infections
with ability to remove - but that after the infection has occurred and
any personal data comprimise. Comodo (FREE) for Linux really is
genuinely light on the system as is the premium (pay subscription) ESET
for Linux (best, opinion).

TIP: When downloading either above products, you then go to that
download package in your Files and right click the package and click
Properties. Go to Permissions and click "Allow this to install" or
similar. Otherwise the security of the Linux system just keeps an item
like this as a like Read Only mode so it cannot launch.

Virus Protection - Comodo Antivirus for Linux
Powerful anti-virus and email filtering software for Linux based computers. ... -linux.php

Note: Once you install the program you will need to open a Terminal with
the commands shown in Comodo. This then goes through the License
Agreement (standard) that by using you are not going to decompile and
sell as pirate copies and blah blah blah. You hot scroll all the way
down and then it will automatically install additional driver etc
enabling Real time Protection and the full use of Comodo Linux.

If memory serves, ESET just went automatic, done. Of course have to
first hit Properties and Allow to install.

gerald philly pa usa

Author:  linuxducks [ Fri Aug 16, 2013 6:48 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

yeah, i was just reading up on the threat particulars and equating to
Windows - this is actually a medium to dangerous infection almost, not
quite but almost, equal to the Windows threat known as the infamous
Conficker Worm Botnet. FYI - (for your information)

gerald philly pa usa
HOME (windoze security)
My Web:

Author:  linuxducks [ Fri Aug 16, 2013 6:51 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

On 8/11/2013 9:37 PM, Joe PM wrote:

-I installed Comodo antivirus free, their a good company, it is a good
choice. The free version does not seem to have malware protection. Is
there a good free malware protector for linux? thanks


I dont know about free AVG but had terrible problems with that. I do
know ESET NOD32 for Linux is antimalware - both antivirus + antispyware
- and is paid yearly subscription. I have used that and it is the creme
of the crop as on Windows. This is the company with the most independent
labs awards (VB100) that has almost twice as many as the rest as
Symantec and Sophos (about neck and neck) . This actually showed some
hits that were blocked over the browser here and there (just a couple
over a months time) online that was surprising. ....
ESET NOD32 Antivirus 4 for Linux

Also there is Panda for Linux, antivirus + antispyware, which is also a
well known quality product for Windows...
Panda DesktopSecure for Linux
Simple and complete protection for your Linux computer ... topsecure/

IN ADVANCE.... I would guesstimate perhaps up to 80 percent maybe of
Linux users will be rolling on the floor laughing at someone going to
spend $30-40 (USD us dollars) a year for Linux antimalware. You would
here a list of free stuff out there, free stand alone scanners with no
protection but can remove viruses, and in the same breath saying you
will never need it because Linux is impervious to malware - cant get

I would say we also heard this about Apple/Mac - same speel but no
antivirus products - some millions and millions of infections ago. I do
say now in todays world to NEVER operate ANY computer without a minimum
of an antivirus product installed. I do say to the Linux diehards
against antimalware saying Linux will never get infected that existing
free anti-rootkit scanners are really poor if working at all. Many claim
Linux as the safest in the world which is simply a complete fantasy and
fabrication whether intentional or without knowledge.

Windows Vista is the first operating system that did not allow viruses
to write to the disk (just internet temporary files and erased closing
the browser) and was found that it did not allow ANY rootkits to run on
it. Windows Vista beat ALL anti-rootkit products in the world and this
is imperical data. ....
Vista’s Despised UAC Nails Rootkits, Tests Find Rootkits unable to run
on Windows Vista ! ... ac_nails_r\

After turning off UAC User Account Control, they were only able to even
get four rootkits to attempt to run on Vista. I called it the security
software crown of the decade of all the security industry. Malware was
unable to run on Windows Vista with UAC. THIS is what old diehards say
about Linux which is simply fantasy. Rootkits can run on Linux and
granted very limited other threats. So it is PROVEN Windows Vista was
the safest operating system in the world beating Linux. Vista with UAC
is very much like the safe Linux system already, and I ponder if
Micro$oft didnt steal something, hmmm. ...

Anyhooo... it will become opinion across the board and the www as is
happening as we speak, that Linux is going the way of Apple/Mac with
possible/probable infection. They can rant at windoze all they want but
when it comes to actual experience in handling malware and corporate
level blended threats and Denial of Service Attacks and the great botnet
plague and etc etc etc - it is Windows and Windows Users who have all
the experience. In other words for Apple/Mac and Linux - it is like they
are in their infancy and first days of even discovering malware in their
system as was Windows so many, many years ago. Naturally they are
talented enough to cope as was Microsoft. There will be those first
akward days of real herendous hammering of the system by cybercriminals
when they are overwhelemed but will bounce back quickly patching and
hard coding what is needed. In short, a lot of trial and error type
occurs in the beginning of attacks as unknown attacks, threats etc.

I have been delving into Linux security wise, tinkering for a coule of
years now. It urks me about any system that does not allow you into
areas. We (in security) all know it is simply a matter of time before
crimeware will circumvent areas, but if the user can not access to seek
and discover - well what? How will the user really ever know if there is
for instance a spyware package or other malware as some virus or rootkit
present? Currently tinkering with AppArmor to lock down Firefox. Can not
get it to accept value 1.
But on Windows being in security since 2005 with actually discovery in
the industry (malware RASautodial registry keys) on Linux I have to say
I am only an intermediate user at best. Working though, working towards
becoming an advanced user! Compared to Linux, windows was a piece of
cake to learn security-wise.

BOTTOM LINE... I think $30-40 USD a year is a very, very, very small
price to pay to sit back and relax and enjoy my Linux never worring
about malware. That simple. That cheap. That real. I naturally recommend
ESET for Linux as tops and you can even use it free - fully working -
for 30 days to see if you like it or not.
TIP: If you indeed buy one of these products for Linux, I recommend
making a back up copy of the installer package AND your license number.
If a disaster occurs and you would need to reinstall Linux (meaning like
some mess up other than malware) you will have to have the license
number to reinstall the product or most likely would have to purchase a
new copy. Quite frankly I have would not spend $40 on any Linux distro
except a couple that are actually stable has been my experience. Debian
of course is at the top of the list and worthy of that investment. I am
currently running Xubuntu newly now this month and seems pretty stable.
Windows you can bounce around like a basketball and it will always start
back up fixing itself and especially Vista which introduced the
self-healing technology. I have not found that true with many Linux
distros. Simply lost all and had to reinstall. I caught a lot of flack
in the past but that was first impressions about Linux - way too
unstable and unsophisticated. Windows was the ONLY operating system that
is Unix Certified meaning secure and stable. Linux and Apple/Mac only
achieved Unix-Like Certification as somwhat insecure and somewhat
unstable. Now THAT is imperical data as well. So being informed and
knowledgable - well I back up what I say with proof. I am not making
newbie novice rants and raves and opinions. And I say to that line that
jumps down your throat at the first mention of antivirus for Linux to
simply shut up and stop lying to the public and start being a
contributor to the safe and secure community of computer users with
intelligent knowledgable communications. THAT will earn you respect. I
use to say it is my soap box and I will say what I want on it. Never
nuff said in security.

gerald philly pa usa Happy Hunting!

My Windows Side....
-- SENDER: gerald309
Webmaster: Malware Removal/Amateur Forensics
Free Malware Removal Help / A Community Website Since 2005

Author:  linuxducks [ Fri Aug 16, 2013 6:53 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Dont get me wrong about my opinions and comments expressed in previous
post... I am abbalutely a Linux lover and have been for a few years now
and contribute. What always impresses me about every Linux distro is
that it runs as fast or faster than a brand new windoze pc - which after
time just slows and slower particularly on start up. Linux runs that
fast always from day one no matter what you install extra.

Debian is rock hard solid and stable but Ubuntu with Mark Shuttleworth
seem to have really put Linux on the map so to speak - especially
attracting windows users to add a Linux puter or add a dual boot on
existing pC or simply wipe a PC and install Linux. Some really nice
distros have passed but that is happening now with all time favorite XP
for windows. Nothing lasts forever except the newest system.

By the way Trend Micro was an original that released Linux antivirus I
am sure with antispyware. I do not believe that has remained, but was
discontinued some time ago.

gerald philly pa usa
(Information station, good browse)

Author:  linuxducks [ Fri Aug 16, 2013 7:00 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Re: New Hand of Thief trojan does Linux but not windows! ... sage/31151
Posted By: linuxducks
Fri Aug 16, 2013 4:41 pm |

Follow Up..... ( if bored with security just delete this)

Questions Linger About New Linux 'Hand of Thief' Trojan
Threatpost ... ief-trojan

In reviewing this informative press release it is apparent or really seems this
piece of malware is actually checking security and prosecution involved in
Linux. I say that because being in Windows security going back to the very first
adware infections/infestations - much of that was actually testing the system.

Originally, a good portion of adware infection payloads actually included
Uninstall packages with it, whereby you could navigate to the uninstallation of
software (Add/Remove Programs - XP) and uninstall it like other normal legit
softwares. Some even went to court saying they were not breaking laws, that the
user gave permission and etc etc etc. None of that held water.

This was also the birth of spyware for Windows about year 2001 forward with A
LOT of adware packages proceeding it. Once spyware and antispyware companies
(such as Webroot) and laws were being born. it became quite apparent the adware
was just the clever way of testing the waters to now bombard with spyware - the
actual real threats to personal information (ID Thefts) and introducing brute
force instability into the system and even damage. Of course it really took a
lot of persuading and petitioning and complaints to get todays modern laws in
effect against spyware and in all states in the USA and most all of the world.
One place that sprung up and really evolved into otherwise was - originally helping to get laws passed turned into
clearing peoples websites from bad reports in search engines from Google blah
blah blah.

THIS looks so eerily familiar now with this first-days piece of Linux malware. I
will bet this is nothing more than cyber criminals testing the waters in Linux,
but nevertheless is apparently waiting to become fully active.

What I had also posted about Linux having unaccessible areas kind of leaves a
head scratch. With windows some areas were restricted as Hidden Files - the
operating system files etc. However, a simple permissions click allowed complete
access which was extremely necessary to access \system32 in Windows and the
Downloaded Program Files (active x items) to discover malware infestation. Linux
has no access to Root and seems some antivirus can not scan either.

So like I said I am far from an Advanced User on Linux but not in windows
malware. That's why I made this post and my opinion about this particular piece
of Linux malware. I think its just an expendable offered dummy load like a
criminal stake out op. ThAT was very prevalent in numbers and growing numbers in
the birth of adware/spyware days on Windows. Perhaps towards the end of this
decade will their be any real concern by virtually all users of Linux over
malware because it will be there. Just opinions.

Some pieces are like POST Data seems more the server side of things as improper
sanitation areas of data transferred from the desktop and as a Data Scraping
type area function. The absense apparent of their Injection process claimed as
not making it fully functional and more dangerous may possibly be achieved at a
bad infected website running a buffer overflow attack perhaps to grab the
private database contents and even destroy the website application leaving it in
a DOS denial of service state? If they are toying with researchers.

All just opinion.

gerald philly pa usa

--- In, "Joe PM" <jpmcsale@...> wrote:
> goto
> ... oesnt-do-w\

Author:  linuxducks [ Fri Aug 16, 2013 8:14 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Re: New Hand of Thief trojan does Linux but not windows! ... sage/31153

Posted By: linuxducks
Fri Aug 16, 2013 7:18 pm

One last security mention here and I will back off a does not seem to
grab much interest, responses. Here is an example of what I was
mentioning about inaccessible Root of the Linux system by a user. .....

Fw: US-CERT Current Activity - Linux Root Access Vulnerabilities

The first of these vulnerabilities is due to a flaw in the
implementation of the Reliable Datagram Sockets (RDS) protocol in Linux
kernel versions 2.6.30 through 2.6.36-rc8. By sending a specially
crafted socket function call, an attacker may be able to write
arbitrary values into kernel memory and escalate privileges to

Now in Windows and several years ago I did an Amateur Forensics write up
of an actual Botnet Infection Payload executed on my Windows XP desktop.
I disected about all of it and had reported and kept logs at a forum etc
toi finally just leaving it as a webpage for posterity as a sort of
Anatomy of a Botnet Infection.

What I discovered in this massive, massive malware payload was several
Windows media icon files. In actually they were .DAT files which is data
being stored in media format files. Now this was in Date of Infection
approx December 2008 - before today as when you see a movie file in like
Videos folder they have a thumbnail snapshot from the movie.

So what I discovered were these several .DAT files that were not media
(movies) at all but engineered apparently as Datagrams.....

From ......
JUMP TO.....

Below you will understand the importance. There is incidence of data
files or .DAT translated into media image files to hide by crimeware.

NON SAMPLE DAT file manipulation Reading and writing Isis image
buffers. The objects defined below may be used to read and write images
to and from two-dimensional DAT files. … ... files.html
TWO high qulaity players were unaffected which too legitmately guard
particular .dat files.

REFERENCE (Symantec above) "….Blubster is a peer-to-peer
filesharing client which is based on MP2P – a propietary UDP
transport protocol…."

User Datagram Protocol
<> User Datagram
Protocol (UDP) is one of the core members of the Internet Protocol
Suite, the set of network protocols used for the Internet. With UDP,
computer applications can send messages, in this case referred to as
datagrams, to other hosts on an Internet Protocol (IP) network without
requiring prior communications to set up special transmission channels
or data paths. UDP is sometimes called the Universal Datagram Protocol.
[sidebar - IP Spoofing, piping and PS.. IRCChat Relay is Pergamos -
busted ! See IRC in IRS]
UDP uses a simple transmission model without implicit hand-shaking
dialogues for guaranteeing reliability, ordering, or data integrity.
Thus, UDP provides an unreliable service and datagrams may arrive out of
order, appear duplicated, or go missing without notice. UDP assumes
that error checking and correction is either not necessary or performed
in the application, avoiding the overhead of such processing at the
network interface level. Time-sensitive applications often use UDP
because dropping packets is preferable to waiting for delayed packets,
which may not be an option in a real-time system. If error correction
facilities are needed at the network interface level, an application
may use the Transmission Control Protocol (TCP) or Stream Control
Transmission Protocol (SCTP) which are designed for this purpose.

Now this deals a lot with the BOTNETS and they hijack the computer
spoofing internet connectivity to fool ISP and Law and use it for
storage and sharing of illegal pirated copies of movies and software
etc. You see they installed the P2P (peer to peer file swapping
software) program as part of this massive payload called Blubster and
much more including illicit malware transmission and that nine yards.
(Of course they fell just short of re-connectivity and I had the entire
machine diqagnosed and cleaned and running in about 58 minutes later!)

Blubster uses a protocol called MP2P, which stands for Manolito Peer to
Peer. This is an offshoot of the P2P, or Peer to Peer protocol. MP2P is
based on the User Datagram Protocol, or UDP. Basing MP2P on UDP allows
the Blubster service to remain anonymous. This means that users can
upload or download files anonymously and cannot be tracked down and
prosecuted for copyright infringement.

Now go back up top and see and understand the hole found in Linux and
equals apparently that Linux was fully open to botnet infection which
would have been easily stopped by any real quality antimalware such as
ESET NOD32 now.

THIS is what I mentioned and meant about SECURITY in Linux that there
are parts of Linux the user can not access for inspection as manually
aiding antimalware in manual hunts for infections and really is
disturbing to myself. Linux prides itself as Open Code and booos Windows
for being Micro$oft Closed Code but there is virtually nothing Closed in
Windows except for some crytopgraphic stuff such as Administrator
Password etc etc etc. you just cant walk up and read in the Windows

Oh well, just wanted to clarify my comments with some intelligent
dialouge so that no one walked away with the impression that I was
simply ranting and raving mindlessly, or trolling, or Linux-Bashing at
all. I hope this post hit the mark!

gerald philly pa usa
Owner/Webmaster proudly of the BlueCollarPC.US
(Over 8.5 million Visitors/Users since 2005,
Completely non-commercial Free Community Help Site)

Author:  linuxducks [ Fri Aug 16, 2013 8:31 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Re: New Hand of Thief trojan does Linux but not windows! ... sage/31154
Posted By: linuxducks
Fri Aug 16, 2013 11:39 pm

If you missed, these .Dat engineered media files also contained the infamous
IRChat Relay dialogue between cyber criminal Bot Masters (nics BotLord,
BotHerder etc). These were that hard to crack many times by the Law - Cyber
Agencies internationally - and contained the "chatter".

gerald philly pa usa

Author:  linuxducks [ Sun Aug 18, 2013 12:04 pm ]
Post subject:  Re: Questions Linger About New Linux 'Hand of Thief' Trojan

Hand of Thief malware could be dangerous (if you install it)
TechRepublic (blog)
This past week marked one of the first times I've seen the media actually present a real "warning" to Linux users. That warning was about the new “Hand of Thief” ... ... nstall-it/

SENDER: g.linuxducks / Creator:
LinuxDucks Linux Operating System Club
FORUM: index.php
RSS ... xml?num=15


Page 1 of 1 All times are UTC - 4 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
This site is hosted by - get a forum for free. Get coupon codes.
MultiForums powered by echoPHP phpBB MultiForums