Cross-platform Trojan attacks Windows, Intel Macs, Linux

[pete_1967]

Quote:

A second cross-platform Trojan downloader has been discovered that detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. Unlike the first one, which supported PowerPC Macs, this one does Intel x86 Macs.

...

Earlier this week I wrote about a new cross-platform Trojan downloader that detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. At the time, I noted that the Mac payload for that particular attack was a PowerPC binary, meaning it required Rosetta on an Intel-based platform to execute. A second attack has been discovered that includes an Intel x86 payload for Macs. Today's news shows that the first find wasn't an isolated incident.

http://www.zdnet.com/cross-platform-...ux-7000000872/

Expect more and more of these to appear...

[Keldorn]

One of the greatest rules will perfectly protect against such kind of malware: think before you do something.
I don't think this kind of software can be taken as serious threat.

[droidhacker]

What Linux does that neither of the other two do, is it restricts the damage to the specific user account owned by the moron who let the trojan execute.

A computer *must* run stuff, otherwise it has no purpose. Because it can run stuff, it must be able to run BAD stuff.

This does not, in any way, demonstrate a vulnerability in Linux. Nor, is Linux the "target". The target is the MORON AT THE KEYBOARD.

Now interestingly, some Linux systems actually do implement a (partial) protection against a moron user. Android isolates each application under its very own user and has a well described set of permissions. What that means is that a trojan is restricted to ITSELF and whatever is accessible by whatever specific set of permissions that the application requests.... so you can instantly know that the "big boobies" application that requests authorization to send SMS messages, read your contact list, and access the internet.... is clearly up to no good.

But of course, the moron user STILL can be completely retarded brainless and install it despite the whacked out set of permissions that it requests.

Bottom line: I have no sympathy for "victims" of trojans.

[pete_1967]

You guys are missing the point. The point is that you can expect more cross-platform attacks start appearing which has not been the case earlier.

Whether one specific exploit works on a specific platform is irrelevant itself.

[Keldorn]

I can't treat such thing as attack, users always will install malicious software if they can in one way or another. It's more like social engineering or as was mentioned before a test "Are you moron?"

[Gareth Jones]

I guess it depends whether telling a user to run "su -c 'rm -fr /'" is considered an exploit... I'll worry when there's something genuinely nasty that doesn't need action on my part and can't be stopped by a timely security update. SELinux, privilege separation and all the usual security framework of Linux/Unix (or Windows for that matter) can only do so much, although there's always room for improvement.

[John the train]

There have been cases of Android users being duped into installing booby-trapped apps., but there the ' exploit ' used the lack of scrutiny on some app. store sites.

It's been said before on this forum, ' The most important security feature fits between the keyboard and the chair '.

[billybob linux]

I seem to remember reading about this in the " security" forum a few days ago. From the article linked to:

Quote:

The Web-based social engineering attack relies on a malicious Java applet to install backdoors on Windows, Mac, and Linux computers. When you first visit such a compromised site, you are prompted to install the Java applet, which unsurprisingly hasn't been signed with a certificate. If you do so, the applet checks which operating system you have (Windows, Mac OS X, or Linux) and then drops a corresponding Trojan for your platform.

You cannot mitigate against stupidity or ignorance even with the best OS and security in the world. THINK before you LINK is my advice . The reality is that this will probably be a much bigger issue for the average windows user.
But let's not be complacent, as the user base increases for Linux it becomes a bigger target so THINK before you LINK.

[jwele]

Quote:

Originally Posted by billybob linux

I seem to remember reading about this in the " security" forum a few days ago. From the article linked to:


You cannot mitigate against stupidity or ignorance even with the best OS and security in the world. THINK before you LINK is my advice . The reality is that this will probably be a much bigger issue for the average windows user.
But let's not be complacent, as the user base increases for Linux it becomes a bigger target so THINK before you LINK.

I love Java drive by's because they are so easy to detect/prevent. Any logical user wont just run something because they can. Java is so unused that its almost nonsensical to run an applet for no apparent reason.

[droidhacker]

Quote:

Originally Posted by pete_1967

You guys are missing the point. The point is that you can expect more cross-platform attacks start appearing which has not been the case earlier.

Whether one specific exploit works on a specific platform is irrelevant itself.

No... YOU are missing the point. It isn't an attack against any computers or operating systems, its an exploit against HUMAN STUPIDITY.

Prevent the user from running BAD code and you prevent them from running ANY code, and this would completely defeats the point of the technology. As a result, this is NOT a platform security consideration AT ALL.

There has always been trojan-horse style exploitation of human stupidity. Even before the trojan war to which the original "trojan horse" was attributed.

Even against Linux... how about the web troll inducting the newb by telling him to "rm -rf /" as root? That is an earlier trojan "attack", where troll promises to assist newb in getting things working smoothly, and convinces newb to do something stupid.

[jpollard]

And there is always the rumored honor virus spread by email:

Quote:

By reading this email, you are honor bound to forward this email to all your friends.

Then you are to do an "rm -rf /" as root.

[Dan]

Hmmm.

I take it from all this ... that I probably should not have answered the email I got a week ago with the header:

Quote:

Originally Posted by Your ATM Visa is currently LOCKED!

Please take a moment and review some informations with us!

This is important.

You will find all the explanations here: http://www.if-you-answer-this-you-be...id.phishbreath

Thanks,

EDIT: Link edited ... just in case there was anyone foolish enough to click on it. <....>

[John the train]

Ayup Dan, I've seen a couple of those - one claiming to be from my bank, one from my ISP. Both got forwarded to the relevant investgative branch and deleted! Perhaps it needs repeating, banks and ISP's do NOT, to the best of my knowledge, contact you by e-mail about your account.

[smr54]

I remember Katy Perry on HIYM


"I felt funny giving him my social security number, but after all, he was a Nigerian prince"

Quote:

Originally Posted by John the train

Ayup Dan, I've seen a couple of those - one claiming to be from my bank, one from my ISP. Both got forwarded to the relevant investgative branch and deleted! Perhaps it needs repeating, banks and ISP's do NOT, to the best of my knowledge, contact you by e-mail about your account.

I got a email form BT (I'm not a BT customer) and responded.

Quote:

-------- Original Message --------
Subject: Re: IMPORTANT:Alert about your billing information on file
Date: Thu, 19 Jul 2012 18:45:10 +0100
From: ***** <**@gmail.com>
To: ebilling@bt.com <ebilling@bt.com>


Piss off!!


On 07/19/2012 06:27 PM, ebilling@bt.com wrote:
>
> Dear Customer,
>
> This e-mail has been sent to you by BT Internet to inform you that we were unable to process your most recent payment of bill. This might be due to either of the following reasons:
>
> 1. A recent change in your personal information. (eg: billing address, phone)
> 2. Submitting incorrect information during bill payment process.
>
> Due to this, to ensure that your service is not interrupted, we request you to confirm and update your billing information today by clicking here.
>
> If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.
>
> Regards,
> BT
> Billing Department
>
> Thanks for your co-operation.
>
> Accounts Management As outlined in our User Agreement, BT (r) will
> periodically send you information about site changes and enhancements.

and got a response

Quote:

------- Original Message --------
Subject: IMPORTANT:Alert about your billing information on file [Incident:120719-010211]
Date: Thu, 19 Jul 2012 19:00:03 +0100 (BST)
From: eBilling <ebilling@bt.com>
Reply-To: eBilling <ebilling@bt.com>
To: *@gmail.com


BT Help

Dear customer,

Sorry, but unfortunately we won’t be able to reply to your mail.

The e-mail you have received is a Phishing e-mail which we are now working to take down the site that sent you this.

For more information please go to
http://btbusiness.custhelp.com/app/a...2048,2050,2057

Kind Regards
BT Customer Services