Slash Boxes

SoylentNews is people

posted by cmn32480 on Friday August 12 2016, @04:12AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

Russian security outfit Dr. Web says it's found new malware for Linux.

The firms[sic] says the “Linux.Lady.1” trojan does the following three things:

  • Collect information about an infected computer and transfer it to the command and control server.
  • Download and launch a cryptocurrency mining utility.
  • Attack other computers of the network in order to install its own copy on them.

The good news is that while the Trojan targets Linux systems, it doesn't rely on a Linux flaw to run. The problem is instead between the ears of those who run Redis without requiring a password for connections. If that's you, know that the trojan will use Redis to make a connection and start downloading the parts of itself that do real damage.

Once it worms its way in the trojan phones home to its command and control server and sends information including the flavour of Linux installed, number of CPUs on the infected machine and the number of running processes. The Register imagines that information means whoever runs the malware can make a decent guess at whether it is worth getting down to some mining, as there's little point working with an ancient CPU that's already maxed out.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by Anonymous Coward on Friday August 12 2016, @04:18AM

    by Anonymous Coward on Friday August 12 2016, @04:18AM (#386895)

    I consider adware, nagware, and crippleware to be "malware".
    It's a mostly-useless term.

    Russian security outfit

    I have a real good idea where this is headed.

    worms its way...

    As Anonymous Coward mentions in the 2nd of the comments at El Reg, []

    it requires killing off safe defaults

    ...with Pascal Monett having said before him

    WHAT? There are Linux admins who have actually configured the oh-so-vaunted Linux server to accept external comms without authentication? Count my gast flabbered. Must be ex-Windows admins.


    This is a lot like the stupid shit that Hairyfeeet keeps linking to that has "virus" in the title and is about something that isn't a virus at all.

    In addition, I already have El Reg contributors Darren Pauli and John Leyden on my Don't Bother With These Idiots list.
    It looks like Simon Sharwood is next.

    -- OriginalOwner_ []

    Starting Score:    0  points
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 2, Informative) by Anonymous Coward on Friday August 12 2016, @07:11AM

    by Anonymous Coward on Friday August 12 2016, @07:11AM (#386923)

    Exactly. Malware is a general term covering everything from viruses to software with ads and DRM. Nobody said that couldn't happen on Linux.

    Some categories of malware are harder on Linux, but not all.

    Trojans: Mostly easy. For people who ONLY install from the distro repository, it's hard, but anyone who installs software from random websites, or adds non-official repositories to their package manager is at risk here.

    Viruses: Hard as long as people don't run as root, because the files a virus would infect are read only. The old trick with copying the files to a hidden directory would still work, but only affect that user.

    Email viruses: Hard, Linux email software doesn't run attachments, and doing so manually normally requires setting permissions first. Though one of the big distros (RH or Ubuntu) did at one time ship a default setup that had Wine as the default "open with" for Windows email viruses, allowing that distro to run Windows email viruses, but not Linux email viruses.

    Worms: The original Morris Internet Worm attacked Unix machines. Nuff' said.

    Ad-infested software: As easy as a Trojan, sometimes easier, as some distro maintainers would care more about the functionality than about the ads.

    DRM: Apart from being logically impossible, nobody prevents movie studios from requiring this. If you have Firefox EME or the Chrome equivalence, you already have DRM.

    Exploits: Somewhat hard. Security holes are found all the time, but closed within hours, unlike the months it takes to fix commercial software. But only hard as long as the system is kept up to date.

    Root kits: Cannot be prevented, as by definition these only come into play once you have full access to the system (some root kits do include one or more of the other categories). Could theoretically be prevented on a perfectly locked down system (think Playstation), but then you can forget about the user being in control.