Feeds

back to article Bot attacks Linux and Mac but can't lock down its booty

From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines. Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan. …

COMMENTS

This topic is closed for new posts.

Page:

Flame

WOW

That's more Mac OSX Infections that Windows 7 infections

7
1

Does Win7 come with a JRE by default?

You have to have something to run the jar file.

0
0
Silver badge

@James 12

But not more infections than Windows infections. I'm assuming OSX Other includes Snow Leopard - the latest 10.6 version. The versions shown are the previous two releases (much like XP and Vista).

3
3
Anonymous Coward

Sadly inevitable.

Consider how many Windows versus Macs there are out there. This was always likely to be the case.

The massive XP figures shouldn't be a surprise either.

It's a ten year old OS that didn't have great security to begin with. Combine this with a massive footprint of home and small businesses who buy a PC and allow their free 3 months Mcaffee etc expire and think they're safe.

Worryingly, a similar lax attitude to AV is very common amongst Mac users too. As virii on Mac get more common, many of the mac community really need to grow a little healthy cynicism.

5
1
Pint

The fanbois don't need this sort of stirring-up first thing in the morning!

Techincally yes, but if you compare OSX ( 16%) to Windows, as a whole, the ratio changes some what.

If you'll pardon the expression, let's compare Apples to Apples, eh?

After all the bluster about cross-platform infection, where's Linux in this little chart?

6
2

RE: The fanbois don't need this sort of stirring-up first thing in the morning!

"After all the bluster about cross-platform infection, where's Linux in this little chart?"

From the article...

They didn't show any infections on Linux machines. Turner said that Jnanabot attacks on the open source platform weren't able to survive a reboot.

6
2

But...

All the Linux fanbois I know continually bang on about never needing to reboot their Linux boxes, to the extent that most of them go out of their way to avoid doing so out of sheer bloody-mindedness.

I'd say that makes the Linux infections a little more relevant.

6
4
Black Helicopters

Linux reboot

but surely you only reboot linux to install hardware? ::confused::

2
0
Silver badge

As a Linux user...

"All the Linux fanbois I know continually bang on about never needing to reboot their Linux boxes, to the extent that most of them go out of their way to avoid doing so out of sheer bloody-mindedness."

We use Linux on the majority of our machines here, but we still turn them off when we go home at night. We're not thick - electricity costs money, and business like money.

"I'd say that makes the Linux infections a little more relevant."

And yet again you miss the point that they were unable to find any. Maybe Linux users were savvy enough not to get infected, maybe a reboot got rid of it, but either way there were no infections to display, so they can't display them.

10
2
Bronze badge
Thumb Down

or update the kernel or ...

maybe just finished using the computer and don't like wasting money on electricity or using the worlds resource needlessly.

2
0

We don't get bit because...

Linux users don't get bit because we're not stupid enough to believe a "You must install this codec" message given to us by the web browser, nor click through the untrusted cert warnings that come after it.

4
1
Silver badge
Linux

Don't lick the sidewalks. Don't let your browser do it for you.

> Linux users don't get bit because we're not stupid

> enough to believe a "You must install this codec"

> message given to us by the web browser

Or perhaps we're all just terribly paranoid and prone to run things like no-script that may bypass stuff like this entirely.

5
0
FAIL

@GJP

I didn't say "recorded" infections, although perhaps I should have said "potential infections" to help your brain process the possibility of future events. See, it's called irony. Irony is when, for example, a trojan has a major weakness such as not being able to survive a reboot, yet the impact of that poential weakness is reduced due to certain penguin-heads' propensity for continually demonstrating that their Linux boxes almost never need rebooting. Irony, the point you clearly missed in my post.

Sheesh.

0
6
Megaphone

And not daft enough...

to fall for that sort of blatantly bollocks Arsebook link anyway.

0
0
Paris Hilton

Title

One must remember, these figures are from Symantec, and thus, it means that this distribution is based on THEIR software DETECTING the infection on the computer. So, only people who have Symantec installed (and have their phone-home-stats bit being allowed...) are in the mashup. Now, considering the number of OSX users running Symantec AV, having 16% of infections is a VERY concerning thing. If the virus survived a Linux reboot, I'd express the same concerns with their (non-)figures. Not that they'd stray from their ClamAV or the like anyway...

It is striking that only 7% of Vista/Win7 machines were infected though. I guess the numpties haven't bothered buying a new computer in a while. How many unwashed mass members do you know that would be bothered to buy Win7 and install it on their current computer anyway?

/paris, because even for the elites, protection is needed

3
1
Jobs Horns

Steve! Leave!

Dammit Balmer, get out of here and go play with your broken windoze.

0
0
Stop

I love ...

The reek of bullshit in the morning.

3
7
Go

Carry on ...

... Lieutenant Colonel Kilgore.

0
0
Gates Horns

Windows XP other

That means Windows Embedded Standard (aka XP Embedded) used on point-of-sale terminals and bank ATMs?

Interesting...

1
1
Bronze badge

Probably...

MCE and shiz, just a guess, looking at the numbers. That and the Oyster Card top up jobs they have on the DLR. Way too easy to play with the OS on those.

0
0
Gold badge
Stop

Re: Windows XP other

Enterprise edition? I'm guessing bent copies rather than actual corporate installations though.

64-bit? Also quite likely.

I think we can probably come up with enough others in the mystifying firmament of MS OS versions to account for the size of this group without have to resort to embedded. The missing bit of information is how they are identifying the version.

0
0
Anonymous Coward

Err...

XPe isn't used on ATMs, not proper ones owned by banks, at least. Bank ATMs use XP pro or are starting to use Vista.

0
0
Bronze badge

@AC

"Bank ATMs use NT4 or are starting to use Windows 2000."

There, fixed it for you...

<eg>

4
0

yeah

cos i alway check my facebook on my ATM

2
0
Anonymous Coward

@Steve Foster

Ok, I'll rephrase that: The bank I work for, who has one of the largest ATM networks in Europe, no longer use NT4 or W2K, instead they use XP pro and starting to move onto Vista.

I'm not aware that any bank runs key, customer facing, systems on NT4 - MS won't even let you pay for support any more.

0
0
WTF?

eComStation ?

Guess I must be behind the times, as I thought most ATMs used eComStation. Why would a bank risk using the most hacked OS of them all for an application where security is paramount?

0
0
Silver badge

@YARR

Easy - they're stupid. No quibbling, banking corporations are thick as custard. You only have to look around the world today to see just how stupid banks can be.

1
0
FAIL

Bullshit?

Nothing suspicious about the reported results. The Windows/OSX breakdown seems to roughly match the installed base of those machines; and I think that everybody would be surprised if Jnanabot was able to permanently install itself on a Linux machine via an ordinary user account.

1
0
FAIL

Its pretty easy

Actually, if something is running within a user process, it would be pretty easy to put something in the .bashrc script. (And when's the last time you checked that?)

Admittedly, this means it only starts when user logs in, but as this obviously only affects desktop machines. (You have to browse and run a JAR file), its pretty much the equivelent.

It wont affect server machines, unless you let your users browse on them, but it wont affect Windows server machines for the same reason either.

0
0

Re: Bullplop?

>and I think that everybody would be surprised

>if Jnanabot was able to permanently install itself

>on a Linux machine via an ordinary user account.

You're assuming said user doesn't log on again after a reboot - nothing would stop malware from adding itself to the user account. It's what all the cool kids are doing to avoid UAC on Windows now anyway.

1
1
Linux

Noone is safe

Of course it could get permanent residence on a Linux box, you don't have to be root to install software to your home directory, for example. Granted though, it would be practically impossible to hide it, except in plain sight.

I think the real reason that it doesn't survive a restart is that the writers really don't care about infecting Linux as a desktop platform, given the (lack of) market share.

4
3
Silver badge

...and more

There are many more places than just the .bashrc (assuming you're using bash, of course, I prefer the AT&T software toolbox ksh myself). Both KDE and Gnome (and most other X11 Window mangers as well) have user startup directories and rc files to allow attacks on systems accessed with a GUI, and you would, of course, have the normal PATH and LD_LIBRARY_PATH attack vectors that could be used to subvert commands that people use all the time, and there are many more.

Linux is not immune from attack, it's just that an attack needs to do more things to really pwn it . For instance, if a user has iptables configured to control inbound and outbound traffic on a Linux system (assuming that the user does not run everything as root), you would have to engage in tricking the user to sudo a command, or otherwise obtain escalated privileges to alter the configuration or turn it off, unlike most windows systems.

There is no such thing as a totally secure OS, it's just more difficult to mess with Linux.

The OSX statistics in the article are a surprise, however.

5
0
Silver badge

re: The OSX statistics in the article are a surprise, however.

I guess it's a more homogeneous ecosystem than linux

0
0
Bronze badge

@WOW

"That's more Mac OSX Infections that Windows 7 infections"

No, not really - OS X 10.4 was out at the same time as XP and 10.5 was out just before Vista. If you ratio them out they correspond roughly to their user bases. The user ratio of the current version of OS X (10.6) to previous versions is roughly 2:1 - So it would seem that the main lesson we learn is "Old versions of both OSs are more vulnerable that newer ones".

As an aside, when I teach people to use OS X, I recommend that they turn Java off in Safari - They almost never seem to need it...

0
2
Thumb Down

@Tim99

>No, not really - OS X 10.4 was out at the same time as XP and 10.5 was out just before Vista

Really? XP was released in 2001, OSX 10.4 came out in 2005. Even the steaming turd that was OSX 10.0 didn't get released until several months after XP hit the streets....

0
2
Bronze badge
Stop

@AC

Sorry, I did not make myself clear to you. I wrote that OX 10.4 was out at the same time as XP - I did not say when they came out, or which came out first. The timeline is:

Mac OS X Server 1.0 in Jan 1999; 10.0 Desktop (not really usable) Mar 2001; OS X 10.1 (free upgrade from 10) Sept 2001; 10.2 (paid upgrade) Aug 2002; 10.3 (paid upgrade) Oct 2003; and, as you say, 10.4 April 2005; 10.5 came out in October 2007 and 10.6 in Aug 2009.

Windows XP RTM - August 24, 2001; XP Retail: October 25, 2001( I was a Microsoft DAAP and Developer, so I got mine early); XP SP1 (free upgrade) Sept 2002; XP SP2 (free upgrade) Aug 2004.

Windows 2000 Retail: 17 February 2000 (Again I got mine early - We were shipping products that ran on NT 3.51 & NT 4.0).

So we are talking about a few weeks difference between when a punter could buy usable versions of XP and OS X. Vista RTM November 8, 2006; Retail: January 30, 2007

0
0
Happy

@AC: 10.0 rvs XP release

10.0 was released (retail) BEFORE XP.

XP was MS's RESPONSE to OS X, since they found out about it while it was in development.

Just an FYI.

0
0
Silver badge
Linux

Silly Apple Narcissism

> XP was MS's RESPONSE to OS X

Nonsense. Finally ditching the rotten undercarriage of MS-DOS made moving to an NT kernel for the "consumer" version of Windows PAINFULLY OBVIOUS. Serious power users had already ditched DOS based Windows for NT of some sort by that time already.

NT was lingering around since before the transition from 16-bit Windows.

0
0

What's Safari

I have a Mac and I never use it.

0
0
Bronze badge
FAIL

No Facebook, no infection.

That is all.

7
0
Paris Hilton

Yep, agreed. Let's 'root' this problem

...if we can cast aside 'mine's tougher than yours' and any other technical squabbling for a moment here, let's look at the real cause of infection.

People.

Attention starved, 'think later', bang-on-the-nose DESPERATE herds that will everytime, without fail, 100% guaranteed, in spite of all warning click on / install / allow anything if they think someone is giving them said attention.

I'm sure we can all think of a least a few folk that we could make do ANYTHING online at the vaguest whiff of 'someone fancying them' etc. They simply cannot control their base urges and this cack will continue to happen, irrespective of technical origin / platform impact ad infinitum. It's comically easy to engineer people, it takes almost no savvy at all. People can and will adandon all common sense at the behest of their ego.

Paris, because she never hides her directories.

8
0
Go

And ...

.. they call privacy old fashioned. But once their checking account is cleaned out because they can't resist using their debit card ("it's so easy and convenient") they sing a different tune. And also ask for help. Pathetic. I have no sympathy for them and just give them my assembled list of sites to visit to learn about security and privacy. Doesn't take; they get cleaned out again and change banks because the bank let it happen. Typical, blame others and always expect someone else to watch out for you. Suits me, flaming crashes get to be quite interesting a spontaneous human combustion of the tantrum variety get to be funny rather quickly.

0
0
Dead Vulture

Yeah! That's it!

If we get rid of all the PEOPLE, we can get rid of all the computer viruses!

Why didn't I think of that before?!

0
0

@Tim99

I think @wow is referring more to the absolute percentages, 16% is more then 9%.

What strikes me more is that given market share I would expect OSX to be infected something like 5-10% instead of 16%. Maybe that's to do with the fact that it is Java based, which is one of the plugins, pieces of software that I try to void most on a Windows machine.

0
1
Bronze badge

@xxlyyk

Possibly. I don't think we can project too much from the original stats other than we should suggest that home users consider updating to newer versions of their operating systems (or new machines for Windows XP Home users).

If we look at market share by OS type/version:

http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=10

The numbers for Windows Vista and 7 show a 9% Infection rate for 33% distribution (good @ ~1/3 of expected infection) XP has 75% infection for 57% distribution (~1.3 times infection rate).

"OS X Other" (Presumably OS 10.6 plus all previous versions of OS X other than 10.58 and 10.11.4) has 3% for Infection for 3% distribution (corresponding infection?). OS 10.5.6 has 9% Infection for 1.5% distribution rate (6 times infection rate) - OS 10.4.11 has 4% infection for 0.4% distribution rate (10 times infection rate).

What I do find surprising is the numer of XP Professional infections. Generally, we could think that XP Professional is managed by "professionals" whilst the perception is that OS X is often managed by "users". If the Windows XP "professionals" were doing their job properly, the rate of infection should be lower.

If we believe Symantec (and I personally haven't used any of their products for the last 6 years), the original Windows versions of the Trojan.Jnanabot infection had 0-49 infections on October 26, 2010. The article says that the number of infections is now "in the thousands" (maybe 10,000?) so we are looking at maybe a few hundred Windows 7/Vista infections with a few more hundred OS X infections of which the substantial majority are on old systems.

I help run (as a volunteer) classes for retirees. We use Windows XP, Vista & 7, OS X and Linux. We get pupils to set up separate 'admin' accounts and 'user' accounts for their systems. The advice that we give is "Only use the 'user' account for normal tasks - If you get a message asking you to install something, be suspicious."

I note that the MacBook Air no longer ships with Java and that it now can be downloaded from Oracle - I, like you, try to avoid Java on client machines.

So in conclusion: Unless we know the breakdown of "OS X Other", I might suspect that Symantec are trying to whip up interest in their Apple producs to a growing Apple "Home User" market as their Windows Home market share is threatened by the free Microsoft Securty Essentials product.

0
0

Use Sophos

It's far better. Symantec, I wouldn't have any of their worthless pile of [insert expletive of choice here] anywhere near my dog, let alone on any computer of mine.

0
0
Silver badge

Mac infections

It might well be that Mac users are less careful about what they click on... With some reasons. Though we can see that they should be careful too.

0
0
Silver badge

Even using Linux exclusively..

.. I don't browse without NoScript

4
0
Linux

I feel left out

Nothing showing in the graph about Linux.

Even though some sites show that there are about twice as many Linux machines operating as Apple/Mac.

It is a puzzlement .

4
2
Silver badge

Not able to survive a reboot ?

But it's a well-known fact that Linux users never reboot their machines - which gives this crap a lot of time for acting out its nefarious duties.

4
3

Page:

This topic is closed for new posts.