Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Multiplatform Java Botnet Spotted In the Wild

timothy posted more than 3 years ago | from the semi-equal-opportunity dept.

Botnet 203

It's fun sometimes to be smug because you are ("one is") using an operating system less susceptible to malware, or at least less targeted by malware creators, than is Microsoft Windows. Now, reader Orome1 writes with word of a Java-based, equal-opportunity botnet Trojan, excerpting from Help Net Security's report: "'IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms,' explains McAfee's Carlos Castillo." So far, no mention of a Linux version, though.

cancel ×

203 comments

Sorry! There are no comments related to the filter you selected.

RUN FOR YOU LIVES !! (1)

Anonymous Coward | more than 3 years ago | (#36042986)

It's in the wild !! A Java ... a what??

Re:RUN FOR YOU LIVES !! (4, Funny)

2.7182 (819680) | more than 3 years ago | (#36043572)

I believe this thing is called a "javawocky."

Re:RUN FOR YOU LIVES !! (1, Funny)

Ethanol-fueled (1125189) | more than 3 years ago | (#36043824)

I believe this thing is called a "javawocky."

Oh-hahahahaHAHAHAAAAAH!!! We know you're clever because, you have the numerical value of Pi as your username.

Shit, Phil, please oh please tell us some knock-knock jokes now! *jumping up and down while slapping the palms of my wrists together*.

Re:RUN FOR YOU LIVES !! (2, Informative)

mckorr (1274964) | more than 3 years ago | (#36043884)

2.7182 is e, not pi...

Re:RUN FOR YOU LIVES !! (1, Informative)

trapnest (1608791) | more than 3 years ago | (#36044428)

Whoosh

Re:RUN FOR YOU LIVES !! (0)

pookemon (909195) | more than 3 years ago | (#36044382)

And you're clever because you think e (Eulers constant) == pi.

bravo...

wat (0, Flamebait)

Anonymous Coward | more than 3 years ago | (#36043036)

So far, no mention of a Linux version, though.

Someone tell me timothy is trolling. He can't really be that stupid, can he?

Re:wat (0)

Anonymous Coward | more than 3 years ago | (#36043180)

Whooosh!

Re:wat (0)

Anonymous Coward | more than 3 years ago | (#36043236)

Someone tell me timothy is trolling. He can't really be that stupid, can he?

Until I tried to parse that question I had never encountered a divide by zero error in my brain.

Typical. Bloody typical. (5, Funny)

martinux (1742570) | more than 3 years ago | (#36043088)

No mention of linux support. Do we always have to come last?

Re:Typical. Bloody typical. (1)

Anonymous Coward | more than 3 years ago | (#36043492)

Yeah, it probably won't work because I use OpenJDK and it will check for the proper (Sun/Oracle) version. Happens all the time. For shame, for shame.

Re:Typical. Bloody typical. (1)

Anonymous Coward | more than 3 years ago | (#36044042)

THat's because no one uses linux

Re:Typical. Bloody typical. (0)

Anonymous Coward | more than 3 years ago | (#36044068)

Beware of the Java trap! On the bright side, FSF has already set off reimplementing this functionality in C - twenty years at most, and the users of Free operating systems will be able to fully enjoy a Free botnet!

I SO GODDAM FUCKING SICK AND TIRED OF FUCKING JAVA (-1)

Anonymous Coward | more than 3 years ago | (#36044548)

Even fucking slashdot feels it's necessary to have 5 mother-fucking java domains on their fucking webpage. Every fucking page I log onto adds a new one every fucking week. What is with the goddamed proliferation of this mother-fucking bullshit java domain fucking crapbucket of bloatpageshit. My fucking 'experience' on Amazon hasn't fucking changed since 1999 but the pages loads like cane toads going up my fucking virgin asshole in an Alaskan blizzard. Fuck off you fucking webdevelopers go find a different fucking job and stop trying to justify your fucking worthless existences by fucking up everyone's 'experience'.

um.... (2)

LodCrappo (705968) | more than 3 years ago | (#36043120)

"So far, no mention of a Linux version, though."

Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.

Re:um.... (5, Informative)

guruevi (827432) | more than 3 years ago | (#36043150)

If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.

FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.

Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.

Re:um.... (1)

LodCrappo (705968) | more than 3 years ago | (#36043212)

so no linux "installer", but I'd assume you could still run the botnet software on linux if you desired to.

Re:um.... (3, Informative)

TheLink (130905) | more than 3 years ago | (#36043806)

The Linux "installer" is called Firefox.

Google for firefox exploit linux. Or firefox vulnerability.

As long as attackers can run arbitrary code of their choice they can install botnet software.

Even if it means tricking the user to run it... Which is what botnet operators do all the time to Windows users.

The "linux" fanatics just like to believe Linux is more secure when there are so many exploited Linux servers[1] out there.

Go ahead and blame the administrators and users, but just imagine the sort of users you have "administering" a typical Windows machine.

They are the very users botnet operators target.

If OSX and "Desktop Linux" become very popular, you might get malware written in perl for more cross platform goodness.

[1] There may not be as many exploited Linux desktops, but I suspect there may be more Linux servers than desktops in the world ;).

and the antidote is... (0)

Anonymous Coward | more than 3 years ago | (#36044144)

NoScript.

Re:um.... (1)

Anonymous Coward | more than 3 years ago | (#36044228)

so many exploited Linux servers

Oh? Where?
We'd be hearing about it non-stop if it were happening. At the very least, Microsoft would be constantly gloating about it as loudly and publicly as possible.

Re:um.... (1)

AK Marc (707885) | more than 3 years ago | (#36044446)

I got one. Before I got here, an unpatched system, possibly with some default passwords, was tossed on the Internet (presumably for updates/downloads) and was compromised. After cutting off all Internet access to/from it, there hasn't been another problem. Of course it was later wiped. It was only used for warez by whoever compromised it.

Not that I'm saying that it's common or uncommon or anything about frequency. But you seemed to indicate that it was essentially impossible, and I know that to be untrue.

Re:um.... (1)

mug funky (910186) | more than 3 years ago | (#36043490)

i've become quite accustomed to typing sudo in front of everything these days.. i'm sure i'd be vulnerable to this if i didn't also watch what i clicked (or watched the computer's response to things i most certainly didn't click)

Re:um.... (1)

Anonymous Coward | more than 3 years ago | (#36043652)

Non-techy users are not vulnerable to these attacks because they aren't going to download shit outside the repository. The general masses need help installing shit outside the repositories or at least guidance. As it should be. Therefore they are not vulnerable to this. I'm not saying users can't be directed to install shit outside the repositories. However the masses can generally be educated to NOT do this. Unlike with Microsoft's platform there is no central update mechanism for security and users MUST click on anything and everything to be "secure". They are not ever going to be able to get it right. This just isn't the case with GNU/Linux. Mac and Microsoft Windows suffer the same dare I say it !!!!usability problems!!!!. GNU/Linux is easier to use than Apple's OS or Microsofts.

Re:um.... (3, Interesting)

Snarky McButtface (1542357) | more than 3 years ago | (#36043784)

I am a linux user but the wife prefers Windows. On her Windows box I have installed Secunia PSI [secunia.com] which automatically updates most of the third party software on the system. If it does not update something, it informs her so she can do it manually.

Re:um.... (-1)

Anonymous Coward | more than 3 years ago | (#36043990)

maybe you should spend less time dicking with windows and more time dicking your wife.

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36043790)

i've become quite accustomed to typing sudo in front of everything these days.

Why?
I only log in as root to tinker with /etc and update the installed packages. The only normal work flow thing I do that needs sudo is mounting media that isn't in /etc/fstab. This sounds like a case of "doing it wrong", if you are having problems accessing your files and sharing them with other users, create a group, add yourself and anyone else on the computer who needs that stuff to that group then use chgrp and chmod to set the group on the files and make then g+r[w][x]. Do it once and forget about it.

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36043834)

Alright, hand in your geek card. It's obvious you're using Ubuntu~ (--- see that? sarcasm punctuation mark)

Re:um.... (1)

Urza9814 (883915) | more than 3 years ago | (#36044006)

...What do you need to use sudo for other than installing apps, starting services, or mounting stuff? I certainly hope you wouldn't sudo before running some random crap you got in an email attachment or something. Only times I ever sudo are to install software from trusted repositories, to run scripts that I wrote myself (generally for sshfs mounts) and to start services that were installed from trusted repositories.

Of course, if my Pacman repository ever gets hacked, then I'm pretty much fucked....

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36044154)

sudo coolstorybro

Re:um.... (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36044192)

So long as Nvidia's FTP server doesn't get hacked and I download a messed-with driver, I'm pretty safe.
Only /one/ java applet ever runs through firefox: Runescape. Outside of that, Noscript blocks it all.
I think I may have one or two other Java programs that run as user... but still, trusted software.

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36043774)

If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.

Couldn't a signed java-applet be used as an installer?

If you call the applet "NataliePortmanCoveredInHotGrits" or "AngryBirds_installer" (or whatever the "cool" kids are wasting their time on these days), it wouldn't matter much if it's self-signed or whatever. People would probably still give the applet permission to do whatever it wants.

Re:um.... (-1)

Anonymous Coward | more than 3 years ago | (#36043776)

If you rtfa, the software (trojan) has to be installed somehow. The payload has to get on a computer and be executed.

FTFA: The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs...However, we’ve seen only the PC version in a downloader/dropper in the wild.

Yes, I can run a Java-based botnet client (it may be one of the first) but I have to get it to run on a computer without user interaction or demands for passwords or administrative rights - Windows excels in that part of the attack vector.

[url=http://www.foameps.com/]EPS Fluidized Beds[/url] EPS Vacuum Block Molding Machine EPS Vertical Block Molding Machine

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36043830)

If there is a way for Java to escape its sandbox you can use a browser attack. However, you will need a small amount of platform special code if you want your bot to start up when the user logs in.

Re:um.... (2, Insightful)

hairyfeet (841228) | more than 3 years ago | (#36043996)

You mean "Windows excels in that part of the attack vector a decade ago" FTFY. Seriously people Vista has been out nearly FIVE years, Windows 7 now for TWO years, did the DOS jokes continue into 2005?

So the moral of the story little childrens is this: stop running decade old shite and if you ARE gonna run decade old shite have a fricking brain about it and run a decent free AV (I'd recommend either Avast or Comodo as both have default sandboxing) along with not running every damned bit of code found in the backwoods of the Internet offering you free titties or money from a Nigerian prince. is that REALLY so hard?

As for TFA, count the days Linux guys, count the days. you already have the malware kit for OSX, and all those Android phones means malware writers finally have a reason to start snooping around. All those noobs you got on Ubuntu sure would be a nice little addition to their botnets wouldn't they? Count the days Linux guys, count the days until your DOOM!

Re:um.... (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36044220)

Heck, no need to make it a virus: Just add good functionality to your botnet client, and people will /intentionally/ install it!
Think: Do you know many people who wouldn't give up some cpu cycles and bandwidth if it meant, say, easier torrents or the latest movies/music easily downloadable? What about a really nice screensaver?
I think the next wave of malware will be things that get the user to install it... and /keep/ it installed!

Re:um.... (1, Funny)

John Hasler (414242) | more than 3 years ago | (#36043160)

Read the article.

Re:um.... (1)

LodCrappo (705968) | more than 3 years ago | (#36043232)

"but uses source code and libraries that can operate on other platforms,"

"So far, no mention of a Linux version, though."

Re:um.... (4, Insightful)

John Hasler (414242) | more than 3 years ago | (#36043378)

...but uses source code and libraries that can operate on other platforms,

Read that again. Source code.

Also from the article:

The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files,...

In other words, it may be source compatible with Linux but there is no Linux binary in the wild. The jar files might run on Linux but the key component needed to download and install it is a Windows binary.

Re:um.... (1)

LodCrappo (705968) | more than 3 years ago | (#36043420)

Had the summary comment been "No mention of a Linux installer", it would be more clear. Saying there is no "Linux version" implies that you would need a special version of the software for linux, which is not true. The fact that this malware does not require platform specific versions is what makes it interesting, so saying (even unintentionally) that there is no linux version seems silly.

Re:um.... (1)

mug funky (910186) | more than 3 years ago | (#36043526)

not if you RTFA.

Re:um.... (4, Insightful)

jd2112 (1535857) | more than 3 years ago | (#36043470)

So typical. Program is written in Java but packaged so it is Windows only defeating the main purpose of using Java in the first place.

Re:um.... (1)

psetzer (714543) | more than 3 years ago | (#36044600)

You can make a Linux executable quite easily using a similar trick to the Windows executable version. Just cat a shell script that tries to run itself as a JAR file with an actual JAR file.

Re:um.... (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#36043244)

Wish I had some "Funny" mod points for you.

Re:um.... (2)

Zero__Kelvin (151819) | more than 3 years ago | (#36043250)

Java is not Java if you use platform specific attack vectors as this botnet does. In this case it can theoretically operate on other platforms, but it cannot propogate to them. One could install it intentionally perhaps, but it won't make its way onto the Linux box against the system administrators will.

Re:um.... (3, Informative)

LynnwoodRooster (966895) | more than 3 years ago | (#36043770)

In this case it can theoretically operate on other platforms, but it cannot propogate to them. One could install it intentionally perhaps, but it won't make its way onto the Linux box against the system administrators will.

Thus it's called a Trojan - not a virus. It won't self-replicate and transmit to computers on other OSes as well...

Re:um.... (2, Informative)

shutdown -p now (807394) | more than 3 years ago | (#36044074)

Java is not Java if you use platform specific attack vectors as this botnet does. In this case it can theoretically operate on other platforms, but it cannot propogate to them.

Sure, so you end up having to muck around with bash for something as simple as installing some damn botnet. apt-get install this, /etc/init.d/restart that...

See, that's what I mean when I say that Linux is not ready for the desktop! ~

You mean people actually enable java? (1)

Ungrounded Lightning (62228) | more than 3 years ago | (#36043294)

Java is Java.. there generally would not be a "linux version", or any platform specific version.. sort of the whole point of this.

Which is why I neverenable java, period. If a site requires it, they don't need my eyeball time.

Re:You mean people actually enable java? (3, Interesting)

Cougar Town (1669754) | more than 3 years ago | (#36043646)

You don't enable or disable Java. If it's installed on your system, it's available to use. You can, however, enable or disable the Java applet plugin for your web browsers, which is probably what you're talking about and isn't necessarily what this is about (TFA didn't mention applets or browsers). Java applications (not applets) can run on your system as long as you have Java installed, regardless of whether you have the browser plugins enabled or not, just like how you can open a PDF if Adobe Reader is installed, regardless of whether you have the Adobe Reader browser plugin enabled or not. So in theory, if they found an attack vector for your OS, having the Java plugin disabled wouldn't stop this from running on your system at all.

Getting it onto your system is the trick, though. If they found a hole in the Java plugin's sandbox, they could potentially exploit that using an applet and get the code onto your system. Disabling the plugin prevents that possibility, but if they were trying to push this via browsers there are lots of other plugins and holes are found in browsers all the time.

That being said, I don't bother with the Java plugin either, because applets are crap and I have no use for them and agree with you about sites requiring them (and I'm a full-time Java developer)

Re:um.... (1)

Anonymous Coward | more than 3 years ago | (#36043382)

Java is Java...

Sniff.
Heh.
Bwah hah.
Ha ha ha ha.
HAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

Thank you for the good laugh.

Re:um.... (0)

Anonymous Coward | more than 3 years ago | (#36044040)

You're old and going to die soon.

another alarmist post (1)

Anonymous Coward | more than 3 years ago | (#36043184)

I doubt that it works on MacOSX. Converting a jar to an exe is difficult. I wish I could do it reliably on Linux, but I can't (gcj doesn't really work). Jar2exe is Windows-only. So I don't see why we need to worry. Java itself is secure enough to at least make virus writing very difficult. So again, nothing to worry about. Another case of journalistic exaggeration.

Re:another alarmist post (1)

c0lo (1497653) | more than 3 years ago | (#36043286)

Converting a jar to an exe is difficult. I wish I could do it reliably on Linux, but I can't (gcj doesn't really work)

If you really-really need it, and need it so badly you can give away the distaste for commercial software, see here [excelsior-usa.com]

small factual corrections (1)

The Dawn Of Time (2115350) | more than 3 years ago | (#36043384)

jar2exe doesn't work by compiling Java to native code, it starts a JVM and provides the ability to package .jar files into the executable. In principle, a Linux version would be fairly simple to make.

Also, a given JVM is only as locked down as the SecurityManager running inside of it (assuming no exploitable flaws) and you can be assured the trojan packager is not installing one that stops anything.

Significance (-1, Troll)

Wolfling1 (1808594) | more than 3 years ago | (#36043186)

I have always used virus infections not as a measure of the resilience and robustness of an operating system (we all know that any coder that claims their code is bullet-proof is a moron).

Rather, I use the infection rates as a measure of the significance of the operating system.

If the hackers don't want to hack your OS, then your OS is insignificant to them.

Now, I'm not about to make a case that the hackers' opinions are relevant, but lets face it... they're in the business of market penetration. As soon as an OS gains any real significance in the marketplace, the hackers will turn their attention to it.

- The motorcyclist's creed : "You can be in the right, or you can be alive. Your choice."

Re:Significance (1, Informative)

clang_jangle (975789) | more than 3 years ago | (#36043320)

How imaginative. Why, when this fallacious "reasoning" defeated in every single slashdot story in which it comes up, do people persist in trying to promote this myth? You *can't* unwittingly install and run arbitrary code on Linux the way you can on windows, unless you're incompetent and running as root all the time (which incredibly, I do know of at least one person who does -- but it's rare).

Re:Significance (1)

clang_jangle (975789) | more than 3 years ago | (#36043340)

Why, when this fallacious "reasoning" defeated in every single slashdot story in which it comes up, do people persist in trying to promote this myth?

Astroturfers, astroturfers, astroturfers, astroturfers...

Re:Significance (0)

Anonymous Coward | more than 3 years ago | (#36043654)

Until you replied to yourself here, I wasn't certain about the fact that you're a troll. I thought maybe you were just a garden variety jackass with more confidence than capability.

The sig is a good touch, it's right on the line between parody and shithead. Well played.

Re:Significance (1)

bane2571 (1024309) | more than 3 years ago | (#36043524)

I'm not really disagreeing with you, but not knowing linux I don't see why this is true. It seems to me that you can't really unwittingly run arbitrary code on windows and that any of the applications/settings that negate this would be just as big a problem on linux.

Re:Significance (0, Insightful)

Anonymous Coward | more than 3 years ago | (#36043548)

If you don't know Linux then your opinion doesn't really matter.

I am pretty sure every Linux user here has used Linux AND windows and therefore has the ability to make a direct comparison from a purely user perspective.

If you want your opinion to count for something in cases like this then download Virtualbox and install a Linux VM so that you can experience the differences for yourself.

Re:Significance (1)

bane2571 (1024309) | more than 3 years ago | (#36044176)

Great, since you clearly know why it is so, perhaps you could explain it to us mere mortals that are perfectly happy using only one OS. My opinion matters, my information however is undependable because I didn't provide anything. Wolfing's opinion also matters but hi information is also undependable because he didn't provide any either.
If you're going to to state an opinion, you probably want to back it up when queried on it. Very few people should believe a statement that says "This is true because it is".

Re:Significance (1)

mSparks43 (757109) | more than 3 years ago | (#36044204)

Seriously for a moment.

Do you have antivirus installed on your linux box? No? you are probably infected.

Do you know how to find out when your linux box has been infected? No? You are probably infected.

Do you know how your linux box gets infected? No? You are probably infected.

Have you disabled SELinux because it was quicker than working out how to fix something it was preventing? Yes? You are probably infected.

Linux is not the virus/trojan free utopia it used to be, and worse, they work without the "machine running like a dog" instant red flag that comes with most windows infections.

Re:Significance (0)

mug funky (910186) | more than 3 years ago | (#36043556)

if linux were to be brought to the level of user-friendliness that windows and osx are at (ie, be a "consumer ready" OS with all that entails), i wouldn't be surprised if people did start running it as root all the time.

windows tried to introduce similar user access control and they got caned for it (even though OSX has the same prompts, but whatevs).

Re:Significance (0)

Anonymous Coward | more than 3 years ago | (#36043864)

if linux were to be brought to the level of user-friendliness that windows and osx are at

i.e. make it suck...

(ie, be a "consumer ready" OS with all that entails)

It sounds like you haven't used Linux since last millennium. Lots have happened since then.

A couple of years ago, I gave my father a laptop with Linux installed. At that time he was 65 years old and had never used a computer before. He didn't have any problems using Linux, so maybe you're wrong, if you think Linux ain't "consumer ready".

Re:Significance (1)

mug funky (910186) | more than 3 years ago | (#36043904)

i'm using it now, buddy.

i could go into the fun i've had getting my USB sound card working.

linux is user-friendly if all you want to do is browse, tweet, IM or email.

as soon as you try anything else, you're in "this is unsupported. it's not our fault. there's a patch here, or is it here. you'll have to recompile the kernel, then recompile ALSA, then compile and install wineasio, jack-dev, and wine-dev, then configure everything. oh, you mean you're not running this really old kernel? well, there's no kernel headers for your version, so you wont be able to recompile ALSA at all. it's not our fault - blame the manufacturer of your hardware".

linux's user-friendliness is a veneer. once you peel it away, you still wind up doing everything in terminal, just like you have for the last 20 years.

note that this is not a big criticism - i love how far it's come. i'm just saying it has further to go, and needs to get along with (often hostile) hardware manufacturers a little better to provide the kind of experience windows or osx can provide, security holes or not.

Re:Significance (1)

shutdown -p now (807394) | more than 3 years ago | (#36044090)

You *can't* unwittingly install and run arbitrary code on Linux the way you can on windows, unless you're incompetent and running as root all the time

Last I checked, most Linux distros don't have noexec on home, so you most certainly can install and run arbitrary code without having root. It's slightly more of a hurdle in that email attachments and downloaded files won't be immediately executable.

Then again, in Ubuntu, for example, downloading a .deb package in browser and clicking "Open" will launch a GUI installer - and if user clicks "Yes, I want to install this", the .deb can run anything it wants as part of that installation, with root permissions too.

Thing is, you can't have ease of use that's only magically applicable to "good" scenarios - not unless God implements the evil bit.

Re:Significance (0)

Anonymous Coward | more than 3 years ago | (#36043372)

Yeah, no-one would want to hack the OS that Google's servers run on.

And what kind of idiot would want an exploit that would only affect insignificant machines like those pointed to by facebook.com and youtube.com?

Nothing to be gained by exploiting this tiny, hobbyist OS.

Re:Significance (1)

hairyfeet (841228) | more than 3 years ago | (#36044210)

The problem with your BS MR AC, is this: Those servers? they actually have these things called "admins" that make many thousands of dollars and are sent to classes and things like Black hat to stay on top of the game, whereas with Windows you have the nice little old lady down the hall that still can't figure out the difference between memory and hard drive space.

Think of it THIS way MR AC: Which would be easier to rob, the bank in the middle of Paduka AR with one old guy that hasn't fired a gun in 30 years, or the supermegabank in Las Vegas where they have had a dozen attempts over the years and have ex special forces for security?

In the end, as much as it will butthurt the Linux desktop users (all four of you) the simple fact is YOU ARE TOO SMALL to be worth the trouble, and the servers running Linux are locked down tighter than a nun's thighs by guys like my old friend Glenn that spend all their time ass deep in sites like Securina and consider recompiling code for security and speed improvements a "fun" way to spend an afternoon. In the end malware writers are like any other criminal and are thus lazy: the easiest mark will always be the target. Now once XP finally dies hard? Well as we have seen with the OSX malware kit they are starting to look at OSX as kinda tasty, and there are plenty of exploits for Android. But Linux desktop is what...0.02% of the market? It would be like targeting OS/2 Warp users, it just isn't worth the effort.

Linux is safe, because... (0, Troll)

cinemabaroque (783205) | more than 3 years ago | (#36043188)

Because it has a small market share. Nobody wants to write a program that will work on unix based systems because it just isn't practical. The main reason for this is that Linux systems vary wildly in terms of operation and security. Windows does not have this "problem" (and lack of standardization is what has kept Linux out of the mainstream) and, to a degree, neither do Macs. Who would want to write a botnet for linux systems? Now, if our dreams become a reality, and Linux becomes the de facto standard then we will have problems too, this is a perfect example of security though obscurity. The opportunity costs outweigh the benefits, as long as this is true then Linux users have little to fear.

Re:Linux is safe, because... (-1)

Anonymous Coward | more than 3 years ago | (#36043532)

most servers are linux IIRC, and on servers tends to be the valuable data such as credit card numbers and passwords. Also for botnets servers are always on and tend to have fat pipes, which is very nice. I have seen attacks on my linux machines, but so far they have all been brute force password guessing.

Re:Linux is safe, because... (0)

mug funky (910186) | more than 3 years ago | (#36043580)

well, the internet runs on linux. but it also runs on semi-competent admins who don't open up all the ports, so it would still be harder to hack into.

consumer friendly linux, rest assured, would be quite insecure, even if the OS is built to be bulletproof. no point in high security when the root password is a three letter word, like the one on my sandpit box is.

Re:Linux is safe, because... (1, Insightful)

jc42 (318812) | more than 3 years ago | (#36043896)

It is funny how the "They don't attack X because it's not popular" meme keeps popping up, no matter how often people show how wrong it is.

My favorite approach for debunking it is to point out that apache has been the overwhelmingly dominant web server since 1996 (according to Netcraft), and web servers are one of the most inviting targets that the computer business has to offer. But how many actual exploits have ever appeared for apache? When was the last story of a worm, virus, whatever making the rounds by taking advantage of a security hole in apache? (There have been a few security holes in releases of apache, but they tend to be fixed before an exploit appears, due to the "many eyes" that are always looking at apache's code, usually for other reasons. As such things go, it's a very approachable piece of software.)

Of course, there are lots of other chunks of software that serve equally well for debunking this meme. Just recently, I ran across yet another survey that once again made the old estimate that over 50% of the world's cpu cycles are spent running one venerable chunk of code, the Simplex Algorithm. Has that code ever been a vector for malware? You'd think it would be, since manufacturing plants everywhere in the world totally depend on it for their profitability. But I doubt if you'd find very many malware authors who would even recognize its name, much less tell you what it does.

I guess it's the old problem that things like religion, politics, and apparently computer security issues don't encourage people to look at the actual facts. It's totally acceptable to just make up a theory and use it to explain everything, without bothering with even the simplest of tests against reality.

(And I do like to try to debunk the claim that the Simplex Algorithm is the main user of cpu cycles by countering that the actual winner in that ranking is the Idle Loop. But people look at me funny when I say that. ;-)

Re:Linux is safe, because... (1)

ToasterMonkey (467067) | more than 3 years ago | (#36044422)

But how many actual exploits have ever appeared for apache?

Dude... Sony.

and lots http://lmgtfy.com/?q=apache+exploit [lmgtfy.com]

Re:Linux is safe, because... (1)

aztracker1 (702135) | more than 3 years ago | (#36043912)

Beyond this, the bot doesn't need root privs to run under the logged in user... The only reason for the root escalations in windows is to work around the antivirus programs that are more common in windows... targeting a platform without active av is easier.. I'm surprised there aren't more mac trojans currently.

Exactly what OS isn't susceptible to trojans? (5, Insightful)

l0ungeb0y (442022) | more than 3 years ago | (#36043200)

AFAIK, any OS that allows a user to install software is susceptible to malware.
Anyone smugly thinking they aren't is an idiot.

Wake me up when a worm has been discovered in the wild targeting OS X or Linux

Re:Exactly what OS isn't susceptible to trojans? (1)

digitallife (805599) | more than 3 years ago | (#36043468)

Perhaps not every OS... The much maligned iOS would seem to be a model which is very hardy to trojans.

Re:Exactly what OS isn't susceptible to trojans? (3, Interesting)

mrnobo1024 (464702) | more than 3 years ago | (#36043584)

None that you know about. You can hide a lot in a closed-source binary.

The only "security" iOS has is that you have to shell out $100/year to be a developer. Gives great protection against hobbyist programmers, does absolutely nothing against the Russian mafia.

Re:Exactly what OS isn't susceptible to trojans? (2)

digitallife (805599) | more than 3 years ago | (#36044130)

It only takes being discovered once to have it removed from the app store, and hence not reasonably installable. Imagine how many pieces of malware would exist on Windows if MS actively and persistently vetted all software... It would probably tend towards zero.

Re:Exactly what OS isn't susceptible to trojans? (1)

ADRA (37398) | more than 3 years ago | (#36044350)

Wouldn't any OS API exploit allow said -now deleted- program from installing a real root kit within something that apple can't just wave a magic wand to clean up? One of the hardest entry vectors for virus writers is to run binaries on hardware. Since Apple's platform is one universal hardware platform, its a lot easier to exploit a single weakness for large impact effects.

Re:Exactly what OS isn't susceptible to trojans? (1)

Goboxer (1821502) | more than 3 years ago | (#36044388)

And it would have the selection of iOS.

Risk is required for gain.

Re:Exactly what OS isn't susceptible to trojans? (1)

mr_da3m0n (887821) | more than 3 years ago | (#36044510)

The only "security" iOS has is that you have to shell out $100/year to be a developer. Gives great protection against hobbyist programmers, does absolutely nothing against the Russian mafia.

Oh god, are you trying to tell me the billion fart apps, soundboards and shitty glorified flash applets from the early 2000s are written by professional programmers? Or that hobbyists don't have 100$ a year to spare for their hobby? Say it ain't so! :(

Re:Exactly what OS isn't susceptible to trojans? (0)

Anonymous Coward | more than 3 years ago | (#36044512)

Really?

Who that can afford a $300+ iphone and data plan is stopped from developing by $100/year?

Nobody, that's who.

Re:Exactly what OS isn't susceptible to trojans? (1)

jacinda (1875592) | more than 3 years ago | (#36043626)

Re:Exactly what OS isn't susceptible to trojans? (1)

Doctor_Jest (688315) | more than 3 years ago | (#36044140)

Indeed... what amazes me is how many people still fall for the old tricks. I guess there really isn't any antivirus that protects against stupid.

I'd be willing to bet OpenBSD is pretty tough... though, it still suffers from the weakest link (the user.) Here's to hoping the average OpenBSD user isn't as stupid as the average Mac/Windows/Ubuntu user. :)

Re:Exactly what OS isn't susceptible to trojans? (1)

Gerald (9696) | more than 3 years ago | (#36044188)

Wake me up when a worm has been discovered in the wild targeting OS X or Linux

Good morning! [wikipedia.org] I remember cleaning a worm from a client's system in the early aughts; as I recall they were old news even then.

Hey, I remember this (1)

airfoobar (1853132) | more than 3 years ago | (#36043208)

Wasn't this posted here a while back? I think it does run on Windows, Mac and Linux, but tests showed that Linux is the only platform that doesn't allow it to restart after a reboot. Can't find the story, could be wrong.

What took them so long? n/t (1)

Stumbles (602007) | more than 3 years ago | (#36043224)

Shut up cat.

the ARE linux rootkits/viruses (0)

Anonymous Coward | more than 3 years ago | (#36043256)

unix is where the term root for #1 user, hence rootkit comes from. just look at rkhunter and chkrootkit they search for about ~150 such programs. and until very recently there has been a long standing remote vuln in dhcpd3 which existed for months after it was believed to be patched, although the patch was ineffective in ubuntu. yes i still use linux anyway, cause mathematica matlab and intel compilers have 1st class support and hence i am much more productive and the interface is more humane.

Re:the ARE linux rootkits/viruses (2)

jc42 (318812) | more than 3 years ago | (#36043686)

unix is where the term root for #1 user, hence rootkit comes from.

Minor correction: On unix systems, root is always the #0 user. The #1 user is typically "daemon", though not always.

(Unix was written by -- and for -- C programmers, who always start counting at 0. ;-)

Re:the ARE linux rootkits/viruses (1)

shutdown -p now (807394) | more than 3 years ago | (#36044100)

(Unix was written by -- and for -- C programmers, who always start counting at 0. ;-)

Wasn't C written by and for Unix, rather?

By Design (0)

Anonymous Coward | more than 3 years ago | (#36043570)

Write once, pwn anywhere.

Silly (0)

Anonymous Coward | more than 3 years ago | (#36043622)

This is almost as news worthy as a botnet client written in Win32, that might potentially infect Linux computers because the packager could wrap it in Wine.

Oh boy (0)

Anonymous Coward | more than 3 years ago | (#36043624)

Java botnet, courtesy of McAfee, the same company that tried to scare people with "jpeg virus" a couple of years ago...

Oracle's marketing dept. should get on this (3, Funny)

antifoidulus (807088) | more than 3 years ago | (#36043690)

They just gave Oracle a new slogan for Java, "Write once, pwn everywhere!"

This is a case of (2)

surveyork (1505897) | more than 3 years ago | (#36043792)

"No OS left behind."

http://www.happyshopping100.com (-1)

Anonymous Coward | more than 3 years ago | (#36043814)

---Something unexpected surprise--

Hello. My friend

=== http://www.happyshopping100.com/ ====

Dedi cated servi ce, the new style, so you feel like a warm spring!!!

WE ACCEPT PYAP AL PAYMENT

YOU MUST NOT MISS IT!!!

thank you!!!

Believe you will love it.

http://www.happyshopping100.com/ (-1, Offtopic)

IRISTTT (2116274) | more than 3 years ago | (#36043844)

---Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ [happyshopping100.com] ==== Dedi cated servi ce, the new style, so you feel like a warm spring!!! WE ACCEPT PYAP AL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it.

www.happyshopping100.com (-1, Offtopic)

IRISTTT (2116274) | more than 3 years ago | (#36043882)

-Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ [happyshopping100.com] ==== Dedi cated servi ce, the new style, so you feel like a warm spring!!! WE ACCEPT PYAP AL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it. **

gg (-1, Offtopic)

guoxianteng (2058798) | more than 3 years ago | (#36044056)

The author's blog written in very good, description is very in place, I love Handys [efox-shop.com] from myefox.

ff (-1, Offtopic)

guoxianteng (2058798) | more than 3 years ago | (#36044084)

The author's blog written in very good, description is very in place, I love epad [myefox.it] from myefox.

Totally misleading title (2)

Florian Weimer (88405) | more than 3 years ago | (#36044596)

The original McAfee blog article [mcafee.com] says this (why not link to the original resource in the first place?):

However, we’ve seen only the PC version in a downloader/dropper in the wild.

So this is not different at all from the Java-based Facebook suicide Trojan horse which circulated in Spring 2010 (but was not spotted by most AV companies back then).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>