Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 15:08
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Cross-platform Trojan Attacks Windows, Mac, Linux
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10941
Location: Arizona USA

PostPosted: Wed 11 Jul 2012, 19:40    Post subject:  Cross-platform Trojan Attacks Windows, Mac, Linux  

Cross-platform Trojan checks your OS: Attacks Windows, Mac, Linux
Quote:
...The new Web-based social engineering attack, first detected on a compromised website in Colombia, relies on a malicious Java applet to install backdoors on Windows, Mac, and Linux computers. When you first visit such a compromised site, you are prompted to install the Java applet, which unsurprisingly hasn't been signed with a certificate. If you do so, the applet checks which operating system you have (Windows, Mac OS X, or Linux) and then drops a corresponding Trojan for your platform...

...[Which has] one purpose: to connect to a Command and Control (C&C) server and await further instructions. These typically include downloading additional malware and executing it. The security company did note, however, that ever since it began monitoring this particular attack, the C&C server hasn't pushed any additional code. That being said, it could technically do so at any time.

It appears that the Trojan downloader was written using the Social-Engineer Toolkit (SET), an open-source and publicly-available Python tool designed for penetration testing. It is very unlikely that this is a penetration test.

Malware writers love using a cross-platform plugin as an attack vector because it allows them to target more than one operating system, and thus more potential users. It shouldn't surprise you that Java is being used: the platform has loads of security holes, and it runs on all the major operating systems.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 12 Jul 2012, 04:00    Post subject:  

Quote:

F-Secure, which first found the Web exploit, detects the
initial malware as Trojan-Downloader:Java/GetShell.A.
The respective payloads for Windows, Mac, and Linux
are detected as follows:
Backdoor:W32/GetShell.A,
Backdoor:OSX/GetShell.A (PowerPC binary,
requires Rosetta on an Intel-based platform), and
Backdoor:Linux/GetShell.A.


My naive question. How do I know if I have java or not?
What are they talking about in the quote I make here above?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 678

PostPosted: Thu 12 Jul 2012, 04:14    Post subject:  

nooby wrote:
My naive question. How do I know if I have java or not?


http://javatester.org/enabled.html

In Puppy you have to install Java JRE
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 12 Jul 2012, 06:45    Post subject:  

Thanks I did a bookmark to that test and I seems to not have the java.
I most likely confuse it with Python language. Maybe python require java?
Hope I am not derailing. So how does one protect onself from this
cross platform threat then?

Thanks to Flash for the link.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6426
Location: Auckland, New Zealand

PostPosted: Thu 12 Jul 2012, 07:16    Post subject:  

No, Python does not require Java.
_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 783
Location: USA

PostPosted: Thu 12 Jul 2012, 07:50    Post subject:  

this can't be good.
_________________
Desktop: Intel 945PSN Motherboard, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 500GB WD HDD, Slackware 14.1
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 678

PostPosted: Thu 12 Jul 2012, 17:26    Post subject:  

nooby wrote:
So how does one protect onself from this
cross platform threat then?

If you haven't installed Java JRE you are not vulnerable to this exploit, Java JRE is the cross-platform environment it uses.

If you have installed Java JRE you can drastically lower the odds of such exploits by using NoScript where you have to give permission for a webpage to run Java applets.

Another solution would be to browse the internet with a version of puppy which is not saved after use, (e.g. from DVD-R disc) : a pristine version is loaded every time you boot it up.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 13 Jul 2012, 02:18    Post subject:  

Java Run Env (JRE) seems to be needed by LibreOffice
Which other programs need it?

http://murga-linux.com/puppy/viewtopic.php?t=77821
Quote:
JRE or JAVA PETs issues in Puppy LInux distros


So if a Puppy has LibreOffice from scratch then most likely
it also has JRE/Java? On all the others one need to install
it first. Ooops just my wild guess though

_________________
I use Google Search on Puppy Forum
not an ideal solution though

Last edited by nooby on Fri 13 Jul 2012, 06:46; edited 1 time in total
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1778
Location: Out wandering... maybe.

PostPosted: Fri 13 Jul 2012, 03:01    Post subject:  

Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions, but not everything. The maintainers do their level best to recommend Java be installed, though, of course.

I know Java has a Control Panel applet on Windows that allows you to change the settings, including the security settings. Can we do that on Linux? I think I saw a setting to disallow unsigned (no certificate) Java apps... of course, I'm probably wrong. Neutral

_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6426
Location: Auckland, New Zealand

PostPosted: Fri 13 Jul 2012, 03:30    Post subject:  

Makoto wrote:
Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions

Not Calc - Base, which is the openoffice alternative to MS Access. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!

Last edited by disciple on Fri 13 Jul 2012, 11:46; edited 1 time in total
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1778
Location: Out wandering... maybe.

PostPosted: Fri 13 Jul 2012, 03:58    Post subject:  

I don't use it enough to remember the name at all times. Smile

As for trying to remove or lessen its dependence upon Java, I don't know... I haven't heard anything about it. Embarassed I've always thought Base was heavily dependent upon Java, so it'd be rather difficult to separate it. Neutral

_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6426
Location: Auckland, New Zealand

PostPosted: Fri 13 Jul 2012, 07:18    Post subject:  

Ah:
Quote:
LibreOffice contains various pieces of code written in Java. Some of these pieces are currently being replaced/rewritten, but it is likely that LibreOffice will contain Java code for quite some time.
...
Some think java is a slow memory hog, others think it is a legal swamp that invites lawsuits. Neither might be true, but some developers have nevertheless expressed their desire to remove Java usage in LO over time.

http://wiki.documentfoundation.org/Development/Java

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
ICPUG

Joined: 24 Jul 2005
Posts: 1289
Location: UK

PostPosted: Fri 13 Jul 2012, 08:19    Post subject:  

disciple wrote:
Makoto wrote:
Last I checked, OpenOffice/LibreOffice didn't absolutely require Java - it's needed to run Calc and some other functions

Not Calc - Base, which is the openoffice alternative to MS Exchange. So most people would never use it.
But I thought Libreoffice was getting rid of that dependence on Java?


The level of incorrrect statements put forward as facts is bewildering.

Base is the OpenOffice/LibreOffice alternative to Microsoft's dataBASE Access. (The clue is in the name). MS Exchange is a server for e-mail, calenders, to-do lists etc.

As such Base might be used by quite a few people, certainly people here in the past have asked for a Database.

I think, on Windows at least, that Java may be needed to display LibreOffice help without being connected to the internet. Not sure if this is the same for Linux.

The op mentions that the user is prompted to install the malicious Java applet. The solution then is to 'just say no'. No problem for Puppy users then, who usually have more than half a brain.
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6426
Location: Auckland, New Zealand

PostPosted: Fri 13 Jul 2012, 11:47    Post subject:  

Oh dear, I can't believe I wrote that Embarassed
I know I've done too many 18 hour days lately, but that's shocking...
Yes, Access.

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1778
Location: Out wandering... maybe.

PostPosted: Fri 13 Jul 2012, 12:40    Post subject:  

Yeah, I should have been paying attention, too... in my defense, though, I came home at about 11, last night, and was probably running on autopilot for a few hours. Embarassed
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0881s ][ Queries: 12 (0.0080s) ][ GZIP on ]