Jump to content
Sign in to follow this  
Tx Redneck

Cross-platform malware

Recommended Posts

http://thehackernews.com/2016/09/cross-platform-malware.html?m=1

 

Stefan Ortloff, a researcher from Kaspersky Labs Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes, in January this year.

Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakdown of the backdoor in a post on Securelist.

Alike the Linux and Windows variants, the OS X backdoor variant, Backdoor.OSX.Mokes.a, specializes in capturing audio-video, obtaining keystrokes as well as taking screenshots every 30 seconds from a victims machine.

The variant is written in C++ using Qt, a cross-platform application framework that is widely being used for developing applications to run on various software and hardware platforms.

Share this post


Link to post
Share on other sites

Compile software religiously, I am no security expert, but from those outputs they make it look like $HOME goes to town to send off tidbits of useless information to the Ruskies, The same Ruskies who designed kaxspersky, i can see how some home directories on certain linux platforms can become such a haven, start a new account and flush the old one!

 

Me myself will never fall pray to such propaganda, to make me use a software that is designed to make money.

 

Viruses aren't free, People have jobs designing them to sell signatures, hellooooo :P

Share this post


Link to post
Share on other sites

my friend always brags about his mac being virus proof...lol...

has he ever had a virus? have you? he may not be "virus proof" but i bet he's more chance winning the lottery than getting infected.

 

 

So do most Linux users...

know any linux users who have been infected? bet you have though.

 

truth is no os is impervious to being hacked or infected with malware, but at the moment it's not anything a mac or linux user really needs to lose sleep over, number one reason i see why people say install an anti-virus software on a mac or linux system is "if you share files with a windows pc" :rofl3:

 

take this topic for example they say they have found code aimed at linux and mac in a windows malware making it cross platform, but how are they going to get the linux or mac user to install and run it with the permissions it needs to do any damage in the first place? and because that is not so easy to do in the first place it makes things much harder to infect those os.

 

i bet i'll never ever see or run whatever malware app this code is from on my linux machine, and it wouldn't surprise me to learn my linux machine is one of the most vulnerable to infection out there just because of it's user. :P

 

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

Terry the lack of understanding seems to be more of the issue and a lot of the problem.

 

For instance directories change throughout distributions not to add the custom changes and permissions to an already complicated setup and settings, Kernel updates that require all modules reloaded rendering vulnerabilities to nothing.

 

Doing things in secured LUA with a powerful firewall that's locked down by default and the lovely armor shield AppArmor, Sudo with it's pal SU, can't forget about Yast Infrastructure with /etc/config :P

 

Another being eyes overseeing open code, entire communities, flaws are fixed immediately, and users then receive the fix. Other platforms then get wind, the cycle continues, most distributions take security very seriously and end users, we subscribe and become part of the solution, A simple subscription to SLE and working with them to resolve any security related issues swiftly, being a user of an awesome operating system, we feel that we have a serious part in it's development.

 

The biggest misconception, Linux distributions to date" i think" are in the hundreds to thousands, Leap is completely different from Ubuntu, Kubuntu is similar to Ubuntu, Arch is serious stuff, Ubuntu is based off Debian, most of which written in c++ and QML, likewise we have systemd distributions i use this and it's enhanced security features, 1) isolating services from the network 2) service private/ tmp 3) taking away capabilities from services wile still being productive 4) making directories appear read only or inaccessible to services, several days to explain the rest.

 

Repositories vs the web, No comparison, Packages are checked before submitted. Maintainers have ID's.

 

Now we have windows a closed source operating system none of you know first hand and are forced into trust in order to get a license to use.

Share this post


Link to post
Share on other sites

For what it's worth... I run windows. Back in 2007, my mothers computer got infected after she let her grandchildren download some games on it at Christmas time. I received help at What The Tech to clean it. I found it interesting and ended up joining the classroom and became a trained malware remover. During my training, I decided that maybe I should install an anti-virus. I've ran one most of the time since then. I've been messing with computers since the 1980's. I've never been infected. I used to take care of 13 computers at our business. Over the years, only two of them have ever gotten infected. My son got infected once when a "friend" downloaded a "cool new game" once. My wife picked up some oddball trojan doing something on facebook once. After each of these incidences, I installed an anti-virus on their machines (Yeah after. I just didn't get around to it before). I don't do anything "special" to keep from getting infected... but I don't randomly click on popups nor do I participate in P2P. Granted, I have many colleagues that will tell you that you will get infected if you go on the World Weird Web without an anti-virus for even a few minutes. I don't believe that because I've done it.

 

Or maybe I'm just lucky.

 

When my daughter started college, the college issued each student a Mac laptop. They switched from Windows to Mac the previous year. Said that they did it because it was easier and "we won't have to worry about everyone getting viruses!" The next year they started recommending that all students have a portable drive to do full backups weekly. Two years later they started giving the students a choice of either a mac or a windows laptop. They started phasing the mac's out because they found the only viable, efficient method for cleaning them was a nuke and pave... losing all the student's records if they didn't have a good backup - and most didn't because their portable drive was infected with all the P2P stuff they downloaded that they didn't want on the laptop when they turned it back to IT for updates. In most cases, the windows systems were "cleanable".

 

It's all about market share. When/if linux becomes more mainstream, more "mentally challenged" users will become better targets for malware and you will see more interest in targeting linux machines among the malware writers.

 

"For every action, there is an equal and opposite reaction." Become popular, and you will be popular with the bad guys also.

Share this post


Link to post
Share on other sites

there is no more "popular" os out there than linux. it runs nearly everything including i bet the server your seeing this forum on.

so i'm not really a believer in the more popular argument.

 

like we all know though the biggest problem with any os is not the os itself (especially now windows follows a more secure way of operating by default.) but the idiot using it. :laughing:

 

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

The misconception is there are hundreds to thousands of LInux distributions.

 

The Arch devs are rolling at the disgruntled Ubuntu maintainers, Gentoo gurus could care less :lol:

Share this post


Link to post
Share on other sites

 

"When you turn on a brand new computer, connected to a brand new internet connection, the amount of time from the first attempt at hacking that computer is four minutes," Farmer said.

Again, I'm not buying it, even if he is a professional expert.

 

When I turn on a brand new computer, I connect it to my existing router. Hackers cannot tell that I've turned on a new computer. The "four minutes" fact sounds made up to me.

Share this post


Link to post
Share on other sites

Google stuff, Gotta have it, Love it when i allow it to track my locations and upload my personnel information, All my sexy pics too :P

I have nothing to hide, If i were spied on, the spies would pass out from boredom :snooze:

Share this post


Link to post
Share on other sites

http://cw39.com/2016/09/12/is-it-possible-to-be-completely-cyber-safe/

 

 

The bottom line is when it comes to cyber security, Farmer said the only safe computer is the one that's factory-sealed in the box.

...paranoia runs deep...

 

not paranoia when it's true though.

hackers can even get data off an infected pc when it has no connection to any network whatsoever (air gapped.).

:- https://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/

 

 

 

"When you turn on a brand new computer, connected to a brand new internet connection, the amount of time from the first attempt at hacking that computer is four minutes," Farmer said.

Again, I'm not buying it, even if he is a professional expert.

 

When I turn on a brand new computer, I connect it to my existing router. Hackers cannot tell that I've turned on a new computer. The "four minutes" fact sounds made up to me.

 

think you missed the point, he said connected to brand new internet connection. which to me means it takes the bots out there 4 minutes to test your brand new ip address just issued to you from your isp for the very first time to see if they can gain access to whatever's behind it.

 

just look in your routers logs for proof, in mine there's very few minutes where an inbound connection attempt wasn't rejected, and most minutes have at least 2 or 3 such attempts and rejections, even though my router is stealthed and doesn't respond to any inbound communications.

 

so i definitely believe the 4 minute time, surprised it takes that long to be honest with how fast pc's are today.

 

a site some might find of interest with some tests you can run to test different things like if you have any open ports or if your router is stealthed or not :- https://www.grc.com/x/ne.dll?bh0bkyd2

 

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

I agree Terry, but that is a function of a new connection. Has absolutely nothing to do with whether or not there is a new computer or an old computer connected to it. So... the lesson is "Don't connect to the internet on an open connection. At minimum, have a firewall." Doesn't matter how old or new your computer is. The statement was obviously made to be dramatic. I just think that if he wants to be treated as an expert - he should stick with the facts and leave the scare tactics to the news media.

This just in... new study shows that water may be the most dangerous substance on earth. Study finds that every person who has ever died at any time on this earth has done so withing 100 hrs of consuming this substance.

Early findings of a separate study seem to indicate that oxygen may be even more dangerous as every person who ever died breathed it within 5 minutes of death. More grant money needed for additional double blind testing to recreate results.

Share this post


Link to post
Share on other sites

We should start a topic on "Voluntary Malware" Google is the aggressive software that can take form scripts, active content, spyware, adware etc...

 

I allow this, those other guys are jealous and use brute force to get my attention :lol:

Share this post


Link to post
Share on other sites

still think you missed what he was saying tomk (as i understood it anyway. :laughing: )

edit ---------------

should add, i never watched the video (needs JavaScript enabled,) and am going by this quote only.

"When you turn on a brand new computer, connected to a brand new internet connection, the amount of time from the first attempt at hacking that computer is four minutes," Farmer said.

---------------------

 

you just bought a brand new pc, had the internet connection installed, so first thing you do is connect your all in one modem/wifi/switch device to the internet connection, connect your pc to the modem, and within 4 minutes of you connecting that all in one modem (with it's built in firewall.) to the internet connection and it establishing it's connection to the isp it will have received at least 1 attempt to gain access to the new network and pc.

 

so no i don't think the statement was made to be dramatic, it's just the plain and simple truth as i understand it anyway.

 

i agree it doesn't matter if the pc is new or old or if it's even connected to the modem yet but that's not the point i think he was trying to make.

 

i just had a thought on how to test the 4 minute quote easily too, if you have an all in one device like they issue over here in the uk and you get a new ip address every time you restart it, so after a restart the modem connects to the isp and is given a new ip then look in the logs and see if within the 4 minutes on the new ip you got an inbound attack then that would prove the 4 minute quote. to my mind anyway. :mrgreen:

 

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

When in doubt the sizzle hit's he fizzle terry will activate L.I.D.S "Linux Intrusion Detection System" at this point he'll take shelter in his underground bunker then system tweaks shall commence :P

Share this post


Link to post
Share on other sites

Perhaps I read what he is quoted as saying...

 

In english, the subject of the sentence must stand on it's own regardless of the superfulous information between the comma's. So he said:

 

 

"When you turn on a brand new computer,..., the amount of time from the first attempt at hacking that computer is four minutes," Farmer said.

 

Notice he said... "that computer". The main subject is "a brand new computer". You can try to interpret what he said any way you want... but it doesn't actually change what he is quoted as saying.

 

You may be right. I may be missing the point. Or, perhaps, I no longer care about the point.

Share this post


Link to post
Share on other sites

well you know for a fact my grasp of the english language and correct grammar isn't great (to say the least. :laughing: )

 

but to me this is a conditional sentence,

 

"When you turn on a brand new computer, connected to a brand new internet connection, the amount of time from the first attempt at hacking that computer is four minutes,"

 

with "connected to a brand new internet connection" being the condition,

 

so to me what you've done here without the condition "When you turn on a brand new computer,..., the amount of time from the first attempt at hacking that computer is four minutes," Farmer said.

is to take something completely out of context thereby changing the complete meaning of the sentence as originally meant and spoken.

 

we all know just turning on a new pc won't mean anyone/thing is likely to attempt hacking it within 4 minutes just by the fact it's turned on, but when you add the condition of connecting it to the internet then that makes a hacking attempt within 4 minutes much more likely and logical. (well at least to me.)

 

now not being an english grammar expert i have no idea which interpretation is correct yours or mine. :rofl3:

 

but logically i'd go with my interpretation, so therefore i refute your claim the sentence was made to be dramatic and is in fact just a plain statement of truth without any embellishments or scaremongering, and i don't care if you no longer care about the point. :P which was the point (in my mind anyway.) that a brand new pc (so malware free.) connected to a brand new unused, pristine clean ip address (therefore not known to have a pc located there.) will still be tested by hackers (their bots really.) within 4 minutes of being connected to the internet.

 

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

Disabled useless, Not really useless, just for now they are.

 

Also when in and tweaked AppArmor

* apparmor.service - Load AppArmor profiles
   Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
   Active: active (exited) since Tue 2016-09-13 20:54:17 EDT; 1h 7min ago
 Main PID: 387 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/apparmor.service

Sep 13 20:54:17 linux-pc70 boot.apparmor[387]: Starting AppArmor ..done
Sep 13 20:54:17 linux-pc70 systemd[1]: Started Load AppArmor profiles.

Decided to up my file permissions from easy to secure, would have done paranoid but that's a bit to extreme :lol:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

Click here to Read Amazon Reviews!



×