Slash Boxes

SoylentNews is people

posted by cmn32480 on Friday August 12 2016, @04:12AM   Printer-friendly

Arthur T Knackerbracket has found the following story:

Russian security outfit Dr. Web says it's found new malware for Linux.

The firms[sic] says the “Linux.Lady.1” trojan does the following three things:

  • Collect information about an infected computer and transfer it to the command and control server.
  • Download and launch a cryptocurrency mining utility.
  • Attack other computers of the network in order to install its own copy on them.

The good news is that while the Trojan targets Linux systems, it doesn't rely on a Linux flaw to run. The problem is instead between the ears of those who run Redis without requiring a password for connections. If that's you, know that the trojan will use Redis to make a connection and start downloading the parts of itself that do real damage.

Once it worms its way in the trojan phones home to its command and control server and sends information including the flavour of Linux installed, number of CPUs on the infected machine and the number of running processes. The Register imagines that information means whoever runs the malware can make a decent guess at whether it is worth getting down to some mining, as there's little point working with an ancient CPU that's already maxed out.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by PizzaRollPlinkett on Friday August 12 2016, @11:22AM

    by PizzaRollPlinkett (4512) on Friday August 12 2016, @11:22AM (#386968)

    This flaw is in software that happens to run on Linux (that I've never heard of) which is poorly secured, but nothing stops the technology press from running wall-to-wall LINUX!!! MALWARE!!! scare headlines. Reminds me of all the scare headlines for poorly configured PHP bulletin board packages that run on Linux. It's like no one has found any real security issues, so they have to resort to using stuff like this to generate Linux headlines.

    (E-mail me if you want a pizza roll!)
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Friday August 12 2016, @01:33PM

    by Anonymous Coward on Friday August 12 2016, @01:33PM (#387003)

    yes, it's pitiful, but in fairness, this makes me realize how much the same thing has been done to windows, though MS deserves all the BS they get. The writers that want to smear GNU+Linux know that people who don't know anything but brands won't know the difference. they know all they have to do is get headlines out there that sound negative that have the brand name in there and ignorant people will say, "see, leenoox has viruses too! so, i might well stay on windows"

    • (Score: 1, Interesting) by Anonymous Coward on Friday August 12 2016, @04:31PM

      by Anonymous Coward on Friday August 12 2016, @04:31PM (#387079)

      When a Windoze-only app has a vulnerability being actively exploited, I don't tend to see the name of the OS in the title of the article; I see the name of the app.

      The reason for the presence of a significant number of items in the Patch Tuesday list is because of stupid choices[1] made by the payware OS vendor in the design of their product.

      2 such examples that spring immediately to mind are font rendering in Ring 0 and M$Orifice macro execution in Ring 0. [] (orig) []

      Programs that run in Ring 0 can do anything with the system, you NEVER expose the most privileged layer to user-supplied input--unless you're a MICROS~1 executive who is specifying an OS[1].

      [1] This is what you get with a company run by salesmen and not technologists.

      -- OriginalOwner_ []