PS.... I keep piling up security articles and information about Linux at a forum I created kind of as an information bank here, if interested, two sub forums..... take a look
Linux Security Information http://linuxducks.free-forums.org/viewforum.php?f=10 Linux Security Discussion http://linuxducks.free-forums.org/viewforum.php?f=9 --- In [email protected], "LinuxDucks" <g.linuxducks@...> wrote: > > Follow Up..... ( if bored with security just delete this) > > Questions Linger About New Linux 'Hand of Thief' Trojan > Threatpost > http://threatpost.com/questions-linger-about-new-linux-hand-of-thief-trojan > > In reviewing this informative press release it is apparent or really seems > this piece of malware is actually checking security and prosecution involved > in Linux. I say that because being in Windows security going back to the very > first adware infections/infestations - much of that was actually testing the > system. > > Originally, a good portion of adware infection payloads actually included > Uninstall packages with it, whereby you could navigate to the uninstallation > of software (Add/Remove Programs - XP) and uninstall it like other normal > legit softwares. Some even went to court saying they were not breaking laws, > that the user gave permission and etc etc etc. None of that held water. > > This was also the birth of spyware for Windows about year 2001 forward with A > LOT of adware packages proceeding it. Once spyware and antispyware companies > (such as Webroot) and laws were being born. it became quite apparent the > adware was just the clever way of testing the waters to now bombard with > spyware - the actual real threats to personal information (ID Thefts) and > introducing brute force instability into the system and even damage. Of > course it really took a lot of persuading and petitioning and complaints to > get todays modern laws in effect against spyware and in all states in the USA > and most all of the world. One place that sprung up and really evolved into > otherwise was https://www.stopbadware.org/ - originally helping to get laws > passed turned into clearing peoples websites from bad reports in search > engines from Google blah blah blah. > > THIS looks so eerily familiar now with this first-days piece of Linux > malware. I will bet this is nothing more than cyber criminals testing the > waters in Linux, but nevertheless is apparently waiting to become fully > active. > > What I had also posted about Linux having unaccessible areas kind of leaves a > head scratch. With windows some areas were restricted as Hidden Files - the > operating system files etc. However, a simple permissions click allowed > complete access which was extremely necessary to access \system32 in Windows > and the Downloaded Program Files (active x items) to discover malware > infestation. Linux has no access to Root and seems some antivirus can not > scan either. > > So like I said I am far from an Advanced User on Linux but not in windows > malware. That's why I made this post and my opinion about this particular > piece of Linux malware. I think its just an expendable offered dummy load > like a criminal stake out op. ThAT was very prevalent in numbers and growing > numbers in the birth of adware/spyware days on Windows. Perhaps towards the > end of this decade will their be any real concern by virtually all users of > Linux over malware because it will be there. Just opinions. > > Some pieces are like POST Data seems more the server side of things as > improper sanitation areas of data transferred from the desktop and as a Data > Scraping type area function. The absense apparent of their Injection process > claimed as not making it fully functional and more dangerous may possibly be > achieved at a bad infected website running a buffer overflow attack perhaps > to grab the private database contents and even destroy the website > application leaving it in a DOS denial of service state? If they are toying > with researchers. > > All just opinion. > > > gerald philly pa usa > http://bluecollarpc.us/ > > --- In [email protected], "Joe PM" <jpmcsale@> wrote: > > > > goto > > http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/?goback=%2Egde_65688_member_264365271 > > > ------------------------------------ To unsubscribe from this list, please email [email protected] & you will be removed.Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/LINUX_Newbies/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/LINUX_Newbies/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
