Argh, just what we need. Another Linux security problem. Please see: https://linux.slashdot.org/story/16...-rootkit-targets-linux-systems-on-arm-and-x86
Pokemon themed umbreon rootkit targets Linux systems...
- Thread starter cloasters
- Start date
I'm a little confused by the furor being created around this exploit.
Now, I'll grant that there are a LOT of appliances out there running outdated and unmaintained Linux installations, provided by companies who barely understood their hardware, much less the Linux OS they were putting on them, and who have made no attempt to provide ANY updates since. However, those appliances are at risk from all MANNER of nasty compromises, not just this one. (Now THERE'S a comforting thought.)
So, yeah, I'm a little confused, and can't help but feel that I'm missing something?
- The system in question has to have already been compromised some other way in order to get this rootkit installed. You can't just e.g. point at port 80 and use it to compromise the web server; you have to have already compromise the web server and at least gained the ability to upload and run arbitrary scripts.
- In order to install this rootkit, you have to be able to create a file in the /etc directory. On every system I've looked at (I currently admin over 450 linux-based servers, ranging from kernel 2.6.32 up to 4.4.8, including a range of servers on varying versions of RHEL, Ubuntu, CentOS, and Gentoo), NOT ONE of them has the /etc directory writable by anyone other than root.
Now, I'll grant that there are a LOT of appliances out there running outdated and unmaintained Linux installations, provided by companies who barely understood their hardware, much less the Linux OS they were putting on them, and who have made no attempt to provide ANY updates since. However, those appliances are at risk from all MANNER of nasty compromises, not just this one. (Now THERE'S a comforting thought.)
So, yeah, I'm a little confused, and can't help but feel that I'm missing something?
There's a surprising amount of kit out there running an embedded Linux, and most of it is for stuff you wouldn't think of. Home routers and wifi access points are pretty obvious, but most computer monitors and TVs also, DVD/BluRay players, stereos, MP3 players, internet-enabled refrigerators, stoves, home power meters, programmable thermostats, network accessible cameras, security systems, the list goes on and on. If it has the ability to be accessed via a network connection (or even USB), then it has an operating system, and odds are that operating system is running some version of Linux.
Its always good to hear that another threat in Linux is mostly targeted to WEB servers and not desktops. I know desktops are susceptible to these threats as well, but most of these seem to be looking for always on, open to the public servers.
My desktops are only on a few hours a day and only connect to the internet during those times. The rest of the day they are off or in sleep mode. Nothing is broadcasted to the internet... not even games.
As Gizmo said... systems that are susceptible to these type of threats need to already be compromised in the first place.
You can also protect yourself by keeping your distro updated, never login as root and install an anti-virus/anti-malware program.
My desktops are only on a few hours a day and only connect to the internet during those times. The rest of the day they are off or in sleep mode. Nothing is broadcasted to the internet... not even games.
As Gizmo said... systems that are susceptible to these type of threats need to already be compromised in the first place.
You can also protect yourself by keeping your distro updated, never login as root and install an anti-virus/anti-malware program.
So we really need to run anti-virus and anti-malware software? Is it the end of the good old days?
Ouch, I didn't think about monitors, tv's, DVD and Blu-Ray players. Plus stereos and MP3 players. Ah for the "good ole' days" of krank generator powered short-wave sets.
Probably not, but if you want the extra layer of security... you can.
Other Linux gamers have used an anti-virus in Linux because they share files with Windows gamers. So you don't want to accidentally send them an infected file.
Linux isn't immune to virii, it's just more difficult to get them because we don't run day-to-day applications as the administrative ('root') user, they way many Windows systems do. In addition, painful as it is to admit, Linux just isn't a worthwhile target for virus writers; there are just WAY more stupid people out there running Windows than Linux, which makes Windows a 'target rich environment' compared to Linux.
Once Linux becomes popular enough to start getting the attention of virus writers in a concerted way on the desktop, you'll start seeing more Linux attacks.
Once Linux becomes popular enough to start getting the attention of virus writers in a concerted way on the desktop, you'll start seeing more Linux attacks.
This is what I'm afraid of. As Linux develops into a widely used gaming/home PC, more threats will head our way.
Oh, the embarrassment. I was a more or less trusting MS user for too long. I always ran a paid for good AV prog and anti-rootkit software but I bet I was virussed and hacked a lot more than I realized.
Assuming that you have the knowledge and can afford the equipment is it possible to monitor for virii and all other security attacks? In near real time?
Or would you have to have far too much gear and too many people on the job all of the time?
I guess I'm asking about just your own PC.
Assuming that you have the knowledge and can afford the equipment is it possible to monitor for virii and all other security attacks? In near real time?
Or would you have to have far too much gear and too many people on the job all of the time?
I guess I'm asking about just your own PC.
You can monitor, but the thing is, if you depend solely on reactive technologies then you are always behind the curve; threats are always evolving, and the ways of detecting them are always going to be playing catch up.
The best way to prevent virii and account compromises is through good system security policy; don't share passwords between accounts, use complex passwords, use 2-factor authentication where possible, don't click on links that you don't know, don't open attachments that you aren't expecting, don't run programs from sources you don't trust, don't open e-mails from people you aren't expecting e-mail from, use encrypted connections wherever possible (HTTPS, IMAPS, POP3S, SMTPS, SSH, VPN), don't share sensitive data over unencrypted connections, don't run anything as administrator that you don't absolutely have to.
That's a lot of rules, I know, but until we come up with a better way, it'll have to do.
The best way to prevent virii and account compromises is through good system security policy; don't share passwords between accounts, use complex passwords, use 2-factor authentication where possible, don't click on links that you don't know, don't open attachments that you aren't expecting, don't run programs from sources you don't trust, don't open e-mails from people you aren't expecting e-mail from, use encrypted connections wherever possible (HTTPS, IMAPS, POP3S, SMTPS, SSH, VPN), don't share sensitive data over unencrypted connections, don't run anything as administrator that you don't absolutely have to.
That's a lot of rules, I know, but until we come up with a better way, it'll have to do.
I'm wondering...
Given my on-line presence as an AOA admin and now in GOL, I expected my first Virus
long long time gone by!
So my question is how many of you have been hit? Am I just lucky...or did Norton actually do something besides ask me to update Norton.
Given my on-line presence as an AOA admin and now in GOL, I expected my first Virus
long long time gone by!
So my question is how many of you have been hit? Am I just lucky...or did Norton actually do something besides ask me to update Norton.
I have never been unexpectedly hit by a virus.
What I mean by that is that I have had viri on my system, but only because I opened a file, attachment, or web site of which I was already suspicious, so made sure I had my defenses in place and then examined the suspicious content in a sandbox.
I have over the years had numerous opportunities though. I get several zip files or PDFs every day. Of course, I also routinely receive over 1,000 spams a day.
What I mean by that is that I have had viri on my system, but only because I opened a file, attachment, or web site of which I was already suspicious, so made sure I had my defenses in place and then examined the suspicious content in a sandbox.
I have over the years had numerous opportunities though. I get several zip files or PDFs every day. Of course, I also routinely receive over 1,000 spams a day.