Don’t PANIC …. yet
I haven’t seen the malware sample yet, but I found online:
- There is a trojan .deb file for ubuntu
- It was spread on a large homepage for screen savers and bling
- People got infected
- It could have done some minor damage to third parties (dos)
- It got some blog coverage
- It is simple to write trojans for Linux – if the user helps to get them installed
- The attack was social engineering
- There was no financial interest behind that attack
- This is not the start (“And so it begins“) of any kind of windows-like situation
- Educating the people who want to be educated helps
- For the masses there must be a solution in the architecture
- The malicious package was removed really fast from the server (good job !)
- It is news. As long as it is new we don’t have to panic.
The reduced admin account (or advanced user account) that is only able to install from official repositories would reduce the infection vector.
Another option-but complicated- would be to restrict .deb files and the contained programs using AppArmor if they are not signed.
One more way would be to black-list packages. If a malicious package is identified, the blacklist will be updated and the package automatically removed from the computers.
- Similar to AntiVirus, not solving the root of the problem, but curing the symptoms
- For really nasty malware a large blacklist will be needed
This is only for the once-a-month kind of incidents.
Situation on Windows computers:
- Using a Windows computer without AntiVirus software is suicide
- Malware is written to make money
- Programs (“Factories”) on servers in the internet produce new malware automatically in a few seconds (“Server-Polymorph”)
- The ones writing malware are very persistent to adopt the malware to evade detection technology
If you know more or even have the sample, please tell me !