Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Linux users targeted by password-stealing 'Wirenet' Trojan

Open source gets some attention

Article comments

Malware writers are interested in Linux after all. Russian security firm Dr Web has reported finding a shadowy Trojan that sets out to steal passwords on the open source platform as well as OS X.

Technical details of Wirenet.1’s operation and technique for spreading are sparse for now, but the company reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin.

Under Linux it copies itself to the ~ / WIFIADAPT directory before attempting to connect to a command and control server hosted at 212.7.208.65 using an AES encrypted channel. That at least offers a simple way of blocking communication and any further payloads.

Dr Web made a name for itself earlier this year reporting on the infamous Flashback Trojan that hit Mac users on an unprecedented scale.

It’s not clear whether Wirenet’s cross-platform capabilities extend to targeting Windows systems but it is possible that avoiding Microsoft’s OS is a way of keeping off the radar of security firms.

Cross platform malware is rare but not unheard of, the usual technique being to hook into Java in search of victims using OS X.

Malware specifically designed to steal credentials from Linux systems is almost unheard of but might, on the basis of this new discovery, become a little less so in future.

Should Linux users be worried? Probably not. the details of how this malware might grab root mode on a Linux system are unknown. Atacking Linux users would also be a pretty rarified activity unless it was part of a highly-targeted attack.

"We do not have explicit evidence that it uses Java. To my knowledge it does not. This file was received from Virustotal," Dr Web analyst Igor Zdobnov told Techworld.



Share:

More from Techworld

More relevant IT news

Comments

YetAnotherBob said: You may not be able to attack the kernel space but the User is still at risk The sad fact is that anything that will run a script from the web and that can save content is a potential liability That includes Java and JavaScript It also includes Python Perl and all the other scripting languages If it runs locally it can be a problemThe problem isnt Linux Its what Linux can run I dont see that going away

deep_dish said: Had to laugh at your last line When our distro tells us Only use repositories you trust WE LISTEN looks like what a newbie would writeImplying that youre a Linux user who doesnt bother to listen to sound advice For you anti-virus is probably a good idea seeing as how you cant take basic security advice

deep_dish said: Every few weeksmonths along comes a Linux isnt immune to viruses story These stories never contain any kind of explanation about the security or stability of Linux they just trot out the same probably OK but you never know type remarks These are always followed by people explaining how they know that Linux is weak and vulnerable and how its only a matter of timeFUDOnly one company benefits from this and thats the company thats spent the last 17 years releasing insecure dross after insecure dross - loaded with cash and developers they still will NOT make their product genuinely secure and robustIn order to infect a Linux system provided the user has used a default setup you would need to hack into and change the code in the source repos a lot harder than you might think and have it go unnoticed and then have it installed widely and it still go unnoticed This chain relies on too many things going unnoticed and given that the average Linux user is miles ahead of Windows and OSX users such behaviour would almost certainly be noticed within hours

okubax said: Typical Linux know-it-all user Im a linux user for 7 years now and this articles not condescending to Linux usersHad to laugh at your last line When our distro tells us Only use repositories you trust WE LISTEN looks like what a newbie would write

Mike_Acker said: you cannot attack a properly constructed system through a user application programthe concern we should examine is this however if you receive a maliscious document via your browser -- in a restricted user account -- the script running from the document cannot modify anything other than the restricted user account home directory filesbut if you share one of those directories out -- and then extract an infected document into another account that has higher privilege you could create a riskbut why would you do that anything sensitive you are going to verify where it is coming from -- using a VPN or PGP

dourscot said: The storys significance is that someone is targeting Linux not that the attack is likely to succeed I agree its unlikely but going into denial mode especially when the full details of this attack are unknown strikes me as the mentality of the Mac user

Mike_Acker said: My U-box is built on an old Dell and doesnt have WiFi But the WiFi directory will owned by root if it contains the drivers for the wifi card As such a scriptkiddie running in a user logon cant touch it If its just a user file then it doesnt matterwe use a separate logon for general browsing and another for sensitive stuff so as to prevent scripts from getting across

jose said: the malware creator clearly doesnt know about dot files and folders

Guest said: Do you know anything about linux Nevermind the fact that almost NOBODY strays from offical repos that are trusted and the fact that EVERYTHING needs root to run and programs that arent installing themselves need to be chmod xd to run Nevermind that fact could you possibly give more information Just because some script kiddie wrote a bit of malware doesnt mean anyone is just going to be infected automatically We linux users arent idiots like on other platforms When our distro tells us Only use repositories you trust WE LISTEN Wow

Jym said: I have said for years Linux needs better virus protection It is not Linux itself but as the article points out third party software Browsers plug ins and social networking sites across platforms are all threats that really have nothing to do with Linux itself but still leaves you vulnerable



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *