Trojan under Linux passing by Java ! ! !

I do not know if linux is really affected too, and I do not think so but with the success of ubuntu should be additional protection because we are not in shelters.

The virus does not work on Mac OS, but works fine in Ubuntu! :S

More information in French here:
http://fr.news.yahoo.com/12/20101029/ttc-le-virus-koobface-s-invite-sur-mac-o-549fc7d.html

In english :
http://news.softpedia.com/news/New-Koobface-Variant-Infects-Linux-too-163450.shtml

security researcher :
http://blogs.paretologic.com/malwarediaries/index.php/2010/10/27/koobface-the-cross-platform-version/

Thanks for the report! We'll be investigating what will be needed to fix the problem.

from http://blogs.paretologic.com/malwarediaries/index.php/2010/10/27/koobface-the-cross-platform-version/

  "If the user allows the applet to run ..."

so the user actively needs to confirm that he wants to run the applet.

The problem is that people can click on the applet...

Hi all. I guess this incident should be thoroughly investigated. I read the reporter's account (Jerome Segura). It does not seem to be quite trustworthy and competent. E.g., he talks about "changing" in the start-up entries?? He did not attempt to kill either the java process first, nor the X-session second. He clearly is a windows "scientist".

My question is, how come the mentioned code being downloaded from the malicious website is executable? Or is it the java process executing the script? What the java process' privileges? Why isn't it killed by the parent firefox-bin process? The author mentions it in the article.

 There is a great misconception about unix-based systems in the public. One can go to http://en.wikipedia.org/wiki/Linux_malware, read the article and a very wrong impression. Most of the links are misleading , like this "The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863". If you follow the link you find out it to be a blather. Most of the listed linux viruses turned out to be alb ones or very old ones. Others will very unlikely to propagate, since should be installed by the USER!

HacKurx, your French link does not seem to work anymore. My question is come this "bug" is confirmed? I cannot find any more information on this. Maybe you know some. Can you please share. Merci.

I have no more information than that:
http://forums.paretologic.com/showthread.php?t=35335

The Koobface botnet has now been shut down.
http://www.networkworld.com/news/2010/111310-researchers-take-down-koobface.html

HacKurx, wasn't the java "fix" released a long time ago?

The problem is the Java virtual machine.
People board just restart the computer so this is the solution...
But remember that linux is not infallible, linux is just used less...

Apparently, the problem was a vulnerability in Java SE 6 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3560 exploitable by the trojan . This has been fixed in Lucid https://lists.ubuntu.com/archives/lucid-changes/2010-October/011816.html by October 19 .

The issue itself is pretty weird, however not that big of a deal. What it actually shows is that Java technology is pretty insecure in its nature, mostly redundant, that is why fortunately not installed on most Linux distros by default.

As far as the OS security question is concerned, although not completely infallible, most Linux/*BSD/Solaris platforms are more protected from malware and viruses than MS Windows is. Actually, this page http://www.ubuntu.com/desktop/why-use-ubuntu claims that the risk is intangible for Ubuntu users. And the statement is true. The reasons lie in the fundamental difference between open source unix-like and ms windows os'es.

The old but still mostly valid article http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/ by Nicholas Petrely talks just exactly about that. Most article's points (if not all) still apply now.

BRW, Linux/*BSD is the most popular server OS, especially web server, which is verifiable. MS Windows has no more than 30% of the Internet domains (mostly parking ones).

So, HacKurx and all of us, we are indeed more secure than our Windows-using counterparts.
Just do not install an unsigned, binary-only, unverified pieces of software Ubuntu repos have tons of applications, more than enough for everyone. Get a strong account password and do not run "sudo rm -rf /*" on your machines too often :-)