Don’t PANIC …. yet

I haven’t seen the malware sample yet, but I found online:

Facts:

  • There is a trojan .deb file for ubuntu
  • It was spread on a large homepage for screen savers and bling
  • People got infected
  • It could have done some minor damage to third parties (dos)
  • It got some blog coverage
  • It is simple to write trojans for Linux – if the user helps to get them installed
  • The attack was social engineering
  • There was no financial interest behind that attack
  • This is not the start (“And so it begins“) of any kind of windows-like situation
  • Educating the people who want to be educated helps
  • For the masses there must be a solution in the architecture
  • The malicious package was removed really fast from the server (good job !)
  • It is news. As long as it is new we don’t have to panic.

The reduced admin account (or advanced user account) that is only able to install from official repositories would reduce the infection vector.

Another option-but complicated- would be to restrict .deb files and the contained programs using AppArmor if they are not signed.

One more way would be to black-list packages. If a malicious package is identified, the blacklist will be updated and the package automatically removed from the computers.

Disadvantages:

  • Similar to AntiVirus, not solving the root of the problem, but curing the symptoms
  • For really nasty malware a large blacklist will be needed

This is only for the once-a-month kind of incidents.

Situation on Windows computers:

  • Using a Windows computer without AntiVirus software is suicide
  • Malware is written to make money
  • Programs (“Factories”) on servers in the internet produce new malware automatically in a few seconds (“Server-Polymorph”)
  • The ones writing malware are very persistent to adopt the malware to evade detection technology

If you know more or even have the sample, please tell me !

Some more information here

Advertisements

~ by thorstensick on December 10, 2009.

One Response to “Don’t PANIC …. yet”

  1. Using a Windows computer without AntiVirus software is suicide

    I have to respectfully disagree here. I use a Windows computer without antivirus and am perfectly fine. In fact, my colleagues who do have antivirus are the ones who get infected with malware.

    Antivirus does absolutely nothing to protect your computer.

    If you want to secure Windows, get a limited user account, stop pirating stuff, use Firefox with NoScript, and read up on social engineering. Doing anything else (including relying on “antivirus” software) is suicide.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: