For the interested
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-
do-windows-but-it-does-linux/
Thank you for the article. Interesting read. What I would like to know is how one can get infected by this virus ? 
On 2013-08-08 12:36, glistwan wrote:
> Thank you for the article. Interesting read. What I would like to know
> is how one can get infected by this virus ?
For the moment, social engineering.
> https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 08/08/2013 12:36 PM, glistwan wrote:
> this virus
it is not a virus…(those are self-replicating and ‘flow’ to and
infect other machines)
it is a trojan. routinely trojans must be allowed inside the
defensive perimeter and are installed by the user who thinks (for
example) s/he is ‘just’ installing another game, program, whatever…
therefore the careful user will not:
-download from unknown, untrusted, and/or un-signed sites
-run online java/javascript/flash games offered by unknown,
untrusted, and/or un-signed sites
and more more more…
read up on trojans…
–
dd
http://tinyurl.com/DD-Caveat
http://tinyurl.com/DD-Complaints
How can a machine be infected by a Flash game on Linux? For what I know you must type your root password every time you install something on Linux (or at least on most distros), but I have no doubt that some users would actually install whatever is prompted to them. “Oh, I want to play this cool game, but the page is telling me to install this. Therefore, I must install it”.
Most infections come with the ignorance of the user.
On 2013-08-08 15:06, amarildojr wrote:
>
> DenverD;2577738 Wrote:
>> -run online java/javascript/flash games offered by unknown,
>> untrusted, and/or un-signed sites
> How can a machine be infected by a Flash game on Linux? For what I know
> you must type your root password every time you install something on
> Linux
Not if it runs as the local user.
Once it is running, it may try to scalate privileges if it knows about a
hole, but if not, it still can do damage.
> Most infections come with the ignorance of the user.
Yes.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On Thu 08 Aug 2013 01:23:06 PM CDT, Carlos E. R. wrote:
On 2013-08-08 15:06, amarildojr wrote:
>
> DenverD;2577738 Wrote:
>> -run online java/javascript/flash games offered by unknown,
>> untrusted, and/or un-signed sites
> How can a machine be infected by a Flash game on Linux? For what I
> know you must type your root password every time you install
> something on Linux
Not if it runs as the local user.
Once it is running, it may try to scalate privileges if it knows about a
hole, but if not, it still can do damage.
> Most infections come with the ignorance of the user.
Yes.
Hi
The way I read the article is the initial attack vector would be a
webserver running apache etc, so the system first has to be comprised
to install the code, then the end user using a browser to visit that
site to download the code via one of the listed browsers…
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.3 (x86_64) Kernel 3.7.10-1.16-desktop
up 1:26, 3 users, load average: 0.14, 0.15, 0.13
CPU AMD E2-1800@1.70GHz | GPU Radeon HD 7340
So there’s a risk on “Just downloading stuff”?
I remember that Linux wouldn’t automatically run infected files even if you had Wine installed.
I didn’t read the article yet so I may be tripping in my own feet here.
On 08/08/2013 03:06 PM, amarildojr wrote:
>
> How can a machine be infected by a Flash game on Linux?
i do not know (i am not a security [or any other kind of] expert),
but i do know that there have been dozens of released packages of
FlashPlayer in the last several years…and, many of those were
due to security problems…i do not know the depth of that threat…
> For what I know
> you must type your root password every time you install something on
> Linux (or at least on most distros)
you can also install things in your home directory which only you can
run…but, once inside the security fence there are ways to sneak
around and “escalate privileges” which just means “become root”…or
… . .
> but I have no doubt that some users
> would actually install whatever is prompted to them. “Oh, I want to play
> this cool game, but the page is telling me to install this. Therefore, I
> must install it”.
i’ve seen many come here asking how to install a bin or zip
file…and, many of those were poorly documented, from sites/folks i
never heard of, and . . .
> Most infections come with the ignorance of the user.
yes, as one of the devs wrote (in the mail list) this morning, after
reading about this trojan: “You can’t patch out stupid user.”
–
dd
http://tinyurl.com/DD-Caveat
http://tinyurl.com/DD-Complaints
There are some good suggestions here from knowledgable people, I personally think that eventually we will need a tool to control the way (and which) applications use java/javascript. The platform seems unfixable for windows users and on rare occasions leaves the user space vunerable when running linux. Much of the esteemed reputation of linux in the area of security is mostly due to lack of interest by malware authors. Bear this in mind and develop habits which eliminate (or at least confine to trusted originators) content from the internet/network that have risky elements.
Even a “user” exploit can harvest your banking password…scary, ain’t it?
Don’t develop a naive sense of security.
> Most infections come with the ignorance of the user.
Even the experts get nailed from time to time. No shortage
of examples.
That’s why I said MOST 
Most people are average users. Most of them don’t have good security chains.
Lets not be picky about nomenclature Can I call it an exploit ?
On 2013-08-08 15:30, malcolmlewis wrote:
> Hi
> The way I read the article is the initial attack vector would be a
> webserver running apache etc, so the system first has to be comprised
> to install the code, then the end user using a browser to visit that
> site to download the code via one of the listed browsers…
Another article says that they talked to the “sales person” and they
recognized that best approach is social engineering.
> https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/
“Although Hand of Thief comes to the underground at a time when
commercial Trojans are high in demand, writing malware for the Linux OS
is uncommon, and for good reason. In comparison to Windows, Linux’s user
base is smaller, considerably reducing the number of potential victims
and thereby the potential fraud gains. Secondly, since Linux is open
source, vulnerabilities are patched relatively quickly by the community
of users. Backing this up is the fact that there aren’t significant
exploit packs targeting the platform. In fact, in a conversation with
the malware’s sales agent, he himself suggested using email and social
engineering as the infection vector.”
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 2013-08-09 11:36, glistwan wrote:
>
> Lets not be picky about nomenclature Can I call it an exploit ?
Malware
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 08/09/2013 11:36 AM, glistwan wrote:
> Lets not be picky about nomenclature:) Can I call it an exploit ?
you can call it an exploit…
or malware…
or trojan…
and maybe a dozen other generic words/phrases…
but, i would say that among those dozen correct to use words/phrases
(if there are that many) you would not find the word virus…because
it has a specific meaning and the Hand does not fit that specific word…
it is sometimes important to use the correct words…
otherwise folks get confused and run around saying (for example)
They found a linux virus, run run run.
ymmv
> Most people are average users. Most of them don’t have good security
> chains.
Yes, and mostly Linux makes it hard to shoot yourself in the foot.