Mageia forum

[Erik]

Today I found this:

http://news.techworld.com/security/3378 ... et-trojan/

via Schestowitz's techrights website.

I often read that it is virtually impossible to get system wide rights on a Linux desktop, and that its users are safe. I am inclined not to believe this. If I wanted to steal information from a desktop user, I would not go for root permissions, but would try to get a script in a user's autostart directory. I noticed that sometimes scripts still have the executable attribute set when downloaded. I can download rpm's that I can double click on and the program starts. Would it be possible that anything downloaded gets the attribute non-executable? Would not this measure increase the user's security?

I am just a Mageia user, and not knowledgable about these things, so I would like to hear the opninion of those who know more about security issues.

Greetings,

Erik.

[djennings]

Files downloaded with Linux are not executable until the executable bit is set. What makes you think you can download executable files?

An RPM package is not an executable. When you click on a package it is not the package that executes, it is gurpmi the Mageia rpm installer, but of course the package could contain malicious code.

Gurpmi checks that the package is signed with the Mageia signing key and will alert you if the key is absent or wrong. So for a malicious rpm package to be installed then you must either override the alarm from gurpmi, or else the package creator must get their package onto a Mageia mirror by getting it accepted as a Mageia package.

[doktor5000]

I often read that it is virtually impossible to get system wide rights on a Linux desktop, and that its users are safe.

Well, there may be some misunderstanding there on your side. Linux, as any other operating system, is only as safe as the implementation,
and the security chain is only as strong as its weakest link. It is true that Linux offers a better default security module, as it forces you to
work as standard user, and requires you to enter credentials for all action which require root permissions, and also for its strict split between
data files and system-wide default settings, and the configuration files which are located within the users home, for which he is resposible himself.

So by just using Linux your computer will not be magically totally secure, that would be a false assumption.

[Erik]

Dear mr. Jennings and Doktor5000,

thank you for your explanations. I understand that any script or program that is downloaded, will be robbed of its "execute" attribute, if it is set and that it is impossible for one to sneak into the autostart directory without my knowledge.

Greetings,

Erik.

[doktor5000]

and that it is impossible for one to sneak into the autostart directory without my knowledge.

Sorry, that is not correct. Please stop thinking in terms of "virtually impossible" and the like.
There are many ways to get malware or exploits for security vulnerabilities onto your computer,
e.g. via your browser, java, javascript stuff, by installing software manually and similar things.

To cite some famous quote: Eternal vigilance is the price of liberty.

[viking60]

The Interesting question is how? Beeing vigilante about what? Do we need a realtime antivirus or will our sensible actions be enough - and again what actions would that be?

In this case the Trojan in question will create ~/WIFIADAPT they did not even spend a "." to hide the directory.
So removing this (or create it and write protect it) should keep you safe. Also Dr.Web has published the server IP t hat colletcts the stolen information:
212.7.208.65
So block this server for trafic in your Firewall - right now!
If you do this you would have done an almost historical thing in blocking the first known Trojan in the Linux world.

To put this in perspective: The chances for getting a virus infetction in Linux (without AV software) is slim to none, in Mac OS X it is unlikely - and in Windows it is likely.
So if you are coming from Windows to Linux in order to avoid viruses - you did the right thing!

Rootkit protection is provided with rkhunter and chkrootkit; and I know that you all have installed these as the first programs on any distro you have used (beeing vigilant).

So with Linux you are pretty safe IMO. Or can any one of you find any statistics on virus infections on Linux? I can't. But the possibility cannot be denied so I would welcome any tips on how to stay on top of this - a discussion on how to be vigilant so to speak.