Hi everyone, I found this interesting article and decided to repost it here:
http://www.geekzone.co.nz/foobar/6229 Follow up: http://www.geekzone.co.nz/foobar/6236 Summary: This 'malware' exploited a vulnerabily in GNOME/KDE desktop environment, they execute .desktop file (on desktop of course) even if the execute bit is not set, and they don't even ask the use to "read/cancel/run" it. So the author decided to "trick" the user by sending a .desktop file and let them click it, the malware will then run execute a python script placed on another server. They can't touch root of course, but some one pointed out that they could replace a shortcut in system menu with a malicious script that will prompt user for root password (for example synaptic shortcut). While this isn't hard to fix, it is still notable, because we should start focusing on making linux 'ignorant proof', just like my favorite quote from the article: "Do not underestimate user ignorance ? even on Linux". One another interesting fact that someone pointed out is that this has been known for a while, but GNOME/KDE developers don't want to fix it. Ph??ng -- :(){ :|:& };:
