current state of Linux malware

Here wizards, magicians, sorcerers and everybody can rest a bit and talk about anything they like.

Just remember to respect the rules.

current state of Linux malware

Postby jiml8 » Oct 24th, '16, 02:20

After the events of last Friday, I thought it might be good to pass on some information about the current state of malware on linux.

Remember that a properly configured linux system is highly resistant to malware, but not immune. Malware infections can have only limited impact, presuming a privilege escalation exploit is not available, but "limited impact" does not mean "no impact", and a linux system could participate in a botnet with only user rights, if the user is not alert.

http://resources.infosecinstitute.com/l ... landscape/

Now, the events of last Friday were driven in large part by web-enabled CCTV and DVR devices that were not only insecure, but which could not be secured. This is described here:

https://krebsonsecurity.com/2016/10/hac ... more-36754

Internet of Things (IOT) devices that are defective like these devices are defective are becoming very common. When you deploy such a device, it NEVER should be given direct access to the internet; it should always have to pass through a properly configured, secured, and maintained firewall/router before it leaves your house or business and connects to the internet. In this fashion, its vulnerabilities are not directly exposed to the internet, and the likelihood that it will become part of a botnet or used to spy on you, or used in some other malicious fashion, then plummets.

The joker in the deck here is that you have to maintain that firewall/router; "set and forget" is now a metaphor for "hacked or soon to be hacked". If you are unwilling, or insufficiently skilled, to do the maintenance yourself, then you need to either have someone do it for you regularly, or subscribe to a service that will do it for you. I am one of the principal developers for such a service.

The threat landscape is changing rapidly; be alert out there.
jiml8
 
Posts: 1028
Joined: Jul 7th, '13, 18:09

Re: current state of Linux malware

Postby xboxboy » Oct 25th, '16, 00:12

Spot on Jim

My view is anything on line MUST be updated, if it can't be updated, it's asking for trouble.

It's not a linux thing, it's a software thing. Just like a pc with XP wont last online long, something with old kernels/packages is asking for trouble.

The IOT is just one of the stupidest things I can recall. IMHO it's there with pokemon go.

I once read an article in a tech magazine, where one of the writers had a PVR that started to run hot, and the fans were on all the time. So they cleaned it, no change. Then they hacked it and found:
A bit coin miner had been installed!!!!

Now I assume most people are like me, banking done on line, most of my important stuff is done on line. If someone got my passwords and cleaned out my accounts I would see my entire life's work gone! It's a bloody scary thought. So in my house and business, the minute something stops receiving support, it's shutdown, given a new os if possible or junked. This goes for laptops, phone, desktops anything that's online (although saying that now I'm wondering about my printers).

I even junked my Galaxy S3 when I heard about the swiftkey issue, I dumped that.

I'm even thinking it's time for a new router, just because when was that last updated?

It's a frightening new world out there.
xboxboy
 
Posts: 322
Joined: Jun 2nd, '13, 06:41

Re: current state of Linux malware

Postby jiml8 » Oct 25th, '16, 04:16

Install dd-wrt or open-wrt on the router. Then you can configure it and update it as necessary. I have dd-wrt on my netgear router. I purchased the router and flashed it before ever putting it in service.

Install cyanogenmod on the Galaxy S3. Or else give it to me, and I will do that. I have cyanogenmod 13 on my galaxy S5, and that is the best move I have ever made with a smartphone.
jiml8
 
Posts: 1028
Joined: Jul 7th, '13, 18:09

Re: current state of Linux malware

Postby jiml8 » Oct 25th, '16, 05:20

Actually, if you have a small business, you should give serious thought to deploying our product.
jiml8
 
Posts: 1028
Joined: Jul 7th, '13, 18:09

Re: current state of Linux malware

Postby AstorBG » Oct 25th, '16, 11:37

Should we be worried about the "Dirty Cow - http://news.softpedia.com/news/linux-kernels-4-8-3-4-7-9-4-4-26-lts-out-to-patch-dirty-cow-security-flaw-509495.shtml" problem or it was patched in the last kernel update for M5 4.4.26?
Mageia 5.1, KDE4, x86_64
AstorBG
 
Posts: 48
Joined: Jan 29th, '13, 21:31

Re: current state of Linux malware

Postby filip » Oct 26th, '16, 13:21

AstorBG wrote:Should we be worried about the "Dirty Cow - http://news.softpedia.com/news/linux-kernels-4-8-3-4-7-9-4-4-26-lts-out-to-patch-dirty-cow-security-flaw-509495.shtml" problem or it was patched in the last kernel update for M5 4.4.26?

Not really if you update often ;).
filip
 
Posts: 418
Joined: May 4th, '11, 22:10
Location: Kranj, Slovenia


Return to The Wizards Lair

Who is online

Users browsing this forum: No registered users and 1 guest