Bot attacks Linux and Mac but can't lock down its booty

Nod

Nod

Honorary Master
Joined
Jul 22, 2005
Messages
10,968
Reaction score
2,715
Location
Darling
Source: http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/
From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.

Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.

The bot can force its host to take instructions through internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim's Facebook account, among other things.

Now, Symantec researchers have uncovered weaknesses in the bot's peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim's hard drive. That means the unknown gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses.
Click to expand...
Turner said the number of Jnanabot infections so far is “measured in the thousands,” rather than the hundreds of thousands for some of the better-known trojans. Still, infection statistics gathered by Symantec in December are surprising. They show that about 16 per cent of infections hit Macs. They didn't show any infections on Linux machines. Turner said that Jnanabot attacks on the open source platform weren't able to survive a reboot.
jnanabot_stats_graph.jpg
Click to expand...
 
I just rebooted my machine just to make sure :D Feel much safer now
 
Silver-0-surfer said:
lol, thats awesome but does it still effect the pc before a reboot?
Click to expand...

I would assume so.

In effect it imply that the bot software can only run in user space, and probably the temp directory, so it gets wiped when you reboot. Not too serious, unless you never reboot your PC.
 
"They didn't show any infections on Linux machines." ... and the point is? Somebody just looking for attention I guess as he had to say "LINUX" to get the world to take notice. Yawn
 
cbrunsdonza said:
"They didn't show any infections on Linux machines." ... and the point is? Somebody just looking for attention I guess as he had to say "LINUX" to get the world to take notice. Yawn
Click to expand...

What should he have said? Fedora, Redhat, CentOS, Ubuntu, etc, etc?

How would you have said it, if the only system not being infected is Linux based systems?
 
They show that about 16 per cent of infections hit Macs. They didn't show any infections on Linux machines.
Click to expand...

So not really a Linux problem, shu

Turner said that Jnanabot attacks on the open source platform weren't able to survive a reboot.
Click to expand...

Go FOSS! Strongest of the lot :D
 
The funny thing is that when you look up the trojan.jnanabot on Symantec's page (remember this is a Symantec guy being qouted in this article) they list the affected machines as all being Windows Platforms, no mention of any other platforms.

I haven't bother reading too much about it, but this is a java app so that I think would be the reason why it can't infect a Linux machine in the traditional sense, and why it won't survive a reboot. It will probably die if you kill java.
 
ponder said:
Don't see Linux in that Pie Chart?
Click to expand...

This whole story, and it's connection to Linux, still confuses me. I think what they are trying to say is because it is a Java-based virus, it is not exclusive to Windows that will only run .exes or recognise .dlls. I don't know OSX, so I can't comment there.

It appears while it could attack Linux machines, it did not. I guess.

B
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X