There's a new threat to Linux Systems. It's called Fokirtor. "It's is different from any other Linux backdoor that its security researchers have previously analyzed Malware on Linux systems is mostly a server-side problem and incidents of worms and Trojans". I used a Linux App called Net Activity Viewer. To check my Network Traffic and Thankfully came up clean. No (“:!;.”) in my Traffic.
Netactview is a graphical (GTK) internet/network connections viewer for Linux, similar in functionality with netstat. It is also similar with Windows programs like TcpView or CurrPorts. It's main advantage over netstat is asynchronous data retrieval and display. You can view information fast and easily about large lists of connections including the host name information.
Read More about Fokirtor below..
Don
In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords. While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out. While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.
The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid suspicious network traffic or installed files, which may have triggered a security review. Demonstrating sophistication, the attackers devised their own stealthy Linux back door to camouflage itself within the Secure Shell (SSH) and other server processes.
This back door allowed an attacker to perform the usual functionality—such as executing remote commands—however, the back door did not open a network socket or attempt to connect to a command-and-control server (C&C). Rather, the back door code was injected into the SSH process to monitor network traffic and look for the following sequence of characters: colon, exclamation mark, semi-colon, period (“:!;.”).
After seeing this pattern, the back door would parse the rest of the traffic and then extract commands which had been encrypted with Blowfish and Base64 encoded.
Read More...
http://www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol
Netactview is a graphical (GTK) internet/network connections viewer for Linux, similar in functionality with netstat. It is also similar with Windows programs like TcpView or CurrPorts. It's main advantage over netstat is asynchronous data retrieval and display. You can view information fast and easily about large lists of connections including the host name information.
- Netactview is a graphical network connections viewer for Linux, similar in functionality with Netstat
- Net Activity Viewer
- SourceForge.net: netactview
Read More about Fokirtor below..
Don
Linux Back Door Uses Covert Communication Protocol
Created: 13 Nov 2013 16:54:16 GMT | Updated: 14 Nov 2013 03:58:29 GMT | Translations available: 日本語
Symantec Security Response Symantec Employee
The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid suspicious network traffic or installed files, which may have triggered a security review. Demonstrating sophistication, the attackers devised their own stealthy Linux back door to camouflage itself within the Secure Shell (SSH) and other server processes.
This back door allowed an attacker to perform the usual functionality—such as executing remote commands—however, the back door did not open a network socket or attempt to connect to a command-and-control server (C&C). Rather, the back door code was injected into the SSH process to monitor network traffic and look for the following sequence of characters: colon, exclamation mark, semi-colon, period (“:!;.”).
After seeing this pattern, the back door would parse the rest of the traffic and then extract commands which had been encrypted with Blowfish and Base64 encoded.
Read More...
http://www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol
Fokirtor – is different from any other Linux backdoor that its security researchers have previously analysed Malware on Linux systems is mostly a server-side problem and incidents of worms and Trojans
- Linux backdoor squirts code into SSH to keep its badness buried • The Register
- Linux.Fokirtor | Symantec
- Linux.Fokirtor Technical Details | Symantec
- Linux Back Door Uses Covert Communication Protocol | Symantec Connect Community
- Virus info Linux and Windows
- trinity - Google Search
- DonsDeals: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
- DonsDeals: Updated Conficker Ropes Victims into Rogue Antivirus Scam
- DonsDeals: Jotti's malware scan
- DonsDeals: Free Agent: Linux Firewalls and Antivirus--Needed or Not? - PCWorld
- DonsDeals: Immunet v2 update on the way: adds multi-engine malware and virus scanning to cloud-powered core
- DonsDeals: The first Linux botnet? | ITworld
- DonsDeals: PC Hell: Free RootKit Removal Tools and Software
- DonsDeals: Trinityhome : New TRK 3.4: easier than ever before
- DonsDeals: Conficker Worm Called An Epidemic
- DonsDeals: Setting up Avast Antivirus to Protect your Windows PC...
- DonsDeals: VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!
- DonsDeals: M86 Security Finds URL Filters Anti Virus Scanners Ineffective
- Jotti's malware scan
- VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
- DonsDeals: Probably the Best Free Security List in the World
- DonsDeals: Re: Viruses now penetrating deeper | Tech News on ZDNet
- DonsDeals: Avast! AntiVirus For Both Window and Linux Home Edition
- remove sasser virus - Google Search
- remove sasser virus - Google Search
- wine gecko - Google Search
- crafted.win32file.ols - Google Search
- DonsDeals: Best Free Rootkit Scanner/Remover
- DonsDeals: New Kneber Botnet Tied To 75 000 Systems
- DonsDeals: Facebook Users Targeted By Fake Virus Alert
- Clam AntiVirus
- avast! Linux Home Edition
- ClamWin CD/USB - HowTo
- Free Antivirus for Windows - Open source GPL virus scanner
- WinPlanet Downloads for Windows Desktop Utilities
- DonsDeals: Download Comodo System-Cleaner
- DonsDeals: Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: Free Desktop PC Security - Free Downloads Keep your PC Safe | Comodo
- Trojans - Google Search
- Trojan horse (computing) - Wikipedia, the free encyclopedia
- worms computer - Google Search
- Computer worm - Wikipedia, the free encyclopedia
- rootkits computer - Google Search
- How to Detect Rootkits on a Computer | eHow.com
- Rootkit - Wikipedia, the free encyclopedia
- trojans computer - Google Search
- Trojan - Trojans and Viruses in Computer Networking
- Download System-Cleaner
- Comodo - Google Search
- Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: There are Viruses, Trojans, Worms and Rootkits, that can infect a Linux OS
- DonsDeals: Probably the best free security list in the world
- Remote PC through VPN Access - Secure Remote Access | Comodo
- News | VirusBlokAda
- online virus scan file upload - Google Search
- VirusTotal - Free Online Virus, Malware and URL Scanner
- Antivirus scan for 5cb14d0745d7b09bcbeba3114cc06c5f at UTC - VirusTotal
- trojan.tdss-7762 - Google Search
- Clam AntiVirus
- New Linux Rootkit Emerges | threatpost
- CrowdStrike: HTTP iframe Injecting Linux Rootkit
- The Rootkit Hunter project
- Lynis
- Unhide homepage - Welcome
- Google Translate - http://www.chkrootkit.org/download.htm
- klamav - Google Search
- KlamAV - ClamAV for KDE | Free Development software downloads at SourceForge.net
- KlamAV GUI Screen Animation
- KlamAV
- Download RogueKiller (Official website)
- RogueKiller - CNET Download.com
- avast! blog » Linux Trojan “Hand of Thief” ungloved
- Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
- Linux Today - Hand of a Thief malware targets Linux users' bank accounts
- Linux Virus - Google Custom Search on DonsDeals Blog
- DonsDeals: CrowdStrike - HTTP iframe Injecting Linux Rootkit (Vrius info)
- DonsDeals: TDL4 MBR Rootkit Virus Alureon TDSS Removal by Britec - YouTube
- best secutriy list - Google Custom Search on DonsDeals Blog
- best security list 2013 - Search on DonsDeals Blog
- DonsDeals: Privacy = Security and Security = Privacy...
- Search results for Gizmo's Freeware website
- Probably the Best Free Security List in the World
- DonsDeals: Probably the Best Free Security List in the World - Updated 28. August 2012
- Best Security List - Google Custom Search on DonsDeals Blog
- DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- Download Enhanced Mitigation Experience Toolkit 4.1 from Official Microsoft Download Center
- Powerful Free Microsoft Security Tool EMET has Been Updated
No comments:
Post a Comment