New malware targets Linux and Mac OS X

[Shawn Knight]

A new piece of malware targeting Macs and Linux-based systems is causing a world of trouble for those in its path. Wirenet.1 is responsible for stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload.

The outbreak was just recently detected meaning there are still multiple pieces of the puzzle missing. It’s unknown how the malware is being spread but Russian anti-virus company Dr. Web says the malicious code installs itself into the user’s home directory under the name WIFIADAPT.

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected (for a fee, of course). Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick. 

The malware further highlights a growing trend to target operating systems with a smaller install base – basically anything other than Windows – that were once thought to be more secure. The most popular Trojan to affect a non-Windows system was Flashback, a modified version of the BackDoor.Flashback.30 variant first discovered by Dr. Web in April 2012. This code found its way to more than 600,000 Mac computers.

Permalink to story.

https://www.techspot.com/news/50009-new-malware-targets-linux-and-mac-os-x.html

 

[Punkid]

Apple fanboy: but macs dont get viruses, its just impossible cuz great lord Jobs said so

 

[DelJo63]

@Punkid; get a life

 

[Camikazi]

Seems what people have been saying is starting to happen, Mac OS and Linux are getting more popular and now malware makers have a reason to target them, this should be fun.

 

[Tygerstrike]

Or better yet....The ppl sending out this malware know that half the ppl who own a Mac or run a Linux system all kinda think the same way. Like Punkid said...The great Steve Jobs wont let anything effect their system.......Its when you think your the most secure is when you need to be watching for that knife in the back. Same thinking applies to your home PC.

 

[Guest]

This means the rise of malware proliferation era

 

[Jim T]

If you leave your home account open, with no password required to make changes, you may make it possible for this malware to attack you. Most Linux users are quite a bit smarter than this. If you think you can compromise my system, give it your best shot.I've been using broadband on the WWW for over ten years now, and the only problem I ever had was when I was using XP (back in 2001). I'm not a bit concerned with what the newest scriopt kiddies want to try.

 

[hahahanoobs]

Punkid +1

 

[hahahanoobs]

Most Linux users are quite a bit smarter than this. If you think you can compromise my system, give it your best shot.

You must be new to the internet, but virus writers target the opposite. The majority of Linux users may be smart enough to safeguard themselves against such attacks, but certainly not the people you "converted" to the OS.

 

[Guest]

@ Punkid: I don't think anybody with any system getting malware is cause for celebration and fan boy hate. Compared to Windows, Mac OS and Linux obviously have significantly less malware. Conversely, anyone who owned a Mac and thought they'd never get viruses were out of their minds too.

If you're on the Internet, get an antivirus and firewall.

 

[Det]

If you leave your home account open, with no password required to make changes, you may make it possible for this malware to attack you. Most Linux users are quite a bit smarter than this. If you think you can compromise my system, give it your best shot.I've been using broadband on the WWW for over ten years now, and the only problem I ever had was when I was using XP (back in 2001). I'm not a bit concerned with what the newest scriopt kiddies want to try.

Yeah, well, to be fair these sort of Windows users are pretty much just as hard to get infected as well. I haven't had a single malware, virus, etc. of any kind without any sort of firewall or anti-virus for 6 years.

It'd be interested to find out what sort of systems are affected, though, and what exactly is the library or application that's being exploited.

 

[lancestu]

Go with Android 4 and/or Ubuntu.
Follow common sense.
You're set for the cloud.

 

[Leeky]

Wonders if he's alone in wondering how people can claim they've never had x virus, or y malware in z number of years, yet proclaim to never use any form or protection that would, in real-time alert them to such problems..... It's a real nail bitter!

I use malware, firewall (hardware and software) and AV's for Windows boxes, but I have to be honest and say I don't use AV's in Linux at all any more. I use both OS' the same and I'm yet to get any infection whilst in Windows. I'm probably a little more relaxed with where I point my browser in Linux, but having run an AV for years previously and never had a single virus I didn't think there was a point to it any more. That said, I certainly wouldn't proclaim Linux was virus-free, as the naked truth is I have no idea. lol. Windows is fine though.

The issue of viruses and malware in my opinion is largely platform irrelevant. It isn't the OS that's the issue, its the person using it. That's the difference between x user of OS X not being infected and y user of OS X being overrun with them. That's why more experienced users face less exposure to infections and other online nasties -- its a simple case of being more cautious and aware of their "virtual" surroundings.

P.S. I wonder if Samsung has opened a new spyware/malware/virus division at its headquarters in South Korea....

 

[Camikazi]

Wonders if he's alone in wondering how people can claim they've never had x virus, or y malware in z number of years, yet proclaim to never use any form or protection that would, in real-time alert them to such problems..... It's a real nail bitter!

I tend to ignore comments of people who say that since if you don't run malware or AV scanners than you might never know if you actually have a virus. I haven't had a virus in years but I'm not dumb enough to not run AV and malware scanners since it's the only way to be sure (and even then some might get through).

 

[DelJo63]

If you follow the description of the latest drive-by, you can see it is a social engineering attack delivered
via email. Following the simplest of rules, ALL these drive-by attacks can be avoided without the necessity
of A/V, black/white lists or even a firewall:

• delete email with stupid subjects
• delete email from unknown origins
• delete email even from known origins that make no sense to you (eg delivery notice when you haven't made an order or don't have a bank account with that specific bank

@Leeky: >>The issue of viruses and malware in my opinion is largely platform irrelevant. It isn't the OS that's the issue, its the person using it.

ABSOLUTELY every click is an invitation.

 

[Tygerstrike]

@Leeky
Never have I heard it put more politely. Its true that its the users themselves that click an attachment. Or visit sites that are full of viruses. I often have to admonish my own father for visiting "pron" sites. Many times I have to wipe his computer clean and start it all over for him. Not that my father is a stupid man, just not very knowledgable about what the Internet holds. The same could be said for over 50% of the internet user base world wide. Ppl dont need to know the internal workings of a combustion engine to drive a car. The same holds true for the Internet. They dont need to understand. Its point click and go. Maybe a better solution all around would be to have those of us that DO understand, teach those that dont. Go visit grandma and grampa and help them to help themselves.

 

[Guest]

To all the windows lovers who are critizing apple here:

You know, techspot could put this story in EACH and EVERY day...

"New malware targets Windows today"

But they don't, because its common. What do they report? Uncommon things. Think about it.

 

[Jim T]

Flash is a big vulnerability, and I guess Java can be too (if you don't use the Open Source kind). I don't try to convert anyone to anything. I'm not a disciple. If you ask for my help, I'm more than happy to show you some things. As far as I'm concerned, obscurity is fine with me. I don't look for ways to make my life any more complicated than it already gets on its own. Debian is a safe, secure system, even the 'testing' or 'unstable' varieties (with a little common sense).

 

[Guest]

Nice read : Wirenet-1 - Tux gets a virus...

Nobody said it's impossible to write malicious code for Linux .. what *IS* claimed is that it wouldn't get very far

Firstly they'd have to get this thing into the Linux software distribution channels (repos) .. which they won't.

So it's immediately limited to the few Linux users that install software from outside the repos .. the majority of those users are smart enough not to install or execute something from an untrusted source .. and remember, they'd specifically have to manually execute it .. if it came as say a binary executable, they'd specifically have to mark it as executable, if it came as say a .deb they'd need elevated privileges to install, and it would again be limiting its scope.

That article also says "once executed it copies itself to the users home folder" .. which sound like it runs in userspace, limiting itself to a single account with no way of spreading.

As this in NO WAY has any way to self replicate and jump from one box to another without the user specifically having to be completely stupid .. this CANNOT be considered a virus .. more a malicious program that very few will install, and cannot spread.

I'm immediately suspicious of this claim anyway .. it's the "cross platform" part that has me suspicious .. What kind of executable can be run by a regular user on both OS X and Linux ?

Yes, malicious code is possible on Linux .. But it won't get very far, there are just too many barriers in the way for it to spread .. be careful of software you install that isn't from the repo's, and for the rest Tux has your back

 

[Guest]

[RIGHT]It's not the Os that's inviting a virus. its the user! And as for dr.web seems like they are making the viruses especially for these OSes and miraculously finding them [/RIGHT]

 

[Guest]

I just found about 250 of 1300000 virus signatures for Linux and OSX available in ClamAV virus database by running this command :

$ sigtool --list-sigs | grep -I linux | sort
$ sigtool --list-sigs | grep -I osx | sort

Output : http://paste.ubuntu.com/1185165/

 

[Det]

Wonders if he's alone in wondering how people can claim they've never had x virus, or y malware in z number of years, yet proclaim to never use any form or protection that would, in real-time alert them to such problems..... It's a real nail bitter!

I tend to ignore comments of people who say that since if you don't run malware or AV scanners than you might never know if you actually have a virus. I haven't had a virus in years but I'm not dumb enough to not run AV and malware scanners since it's the only way to be sure (and even then some might get through).

I have no idea whether it's me you guys are talking about but I do run scans like once in two months (SUPERAntiSpyware, Malwarebytes' thingy, Spybot S&D and occasionally even the Norton security scan).

The thing is I never find _anything_ so I don't really know what kind of dumb things you're doing with your own PC (or dumb software), if you're actually having viruses "slip through" even through a firewall and an antivirus.

 

[Sunny87]

@ Punkid: I don't think anybody with any system getting malware is cause for celebration and fan boy hate. Compared to Windows, Mac OS and Linux obviously have significantly less malware. Conversely, anyone who owned a Mac and thought they'd never get viruses were out of their minds too.

If you're on the Internet, get an antivirus and firewall.

Exactly, at the very least do the basics

System Preferences>Security & Privacy>Firewall>Turn On Firewall> Lock settings

I always do this on a fresh build of Mac OS X then I make a point of signing into my apple account and downloading ClamXav to run scans once a week.

Also don't entertain strange emails!!!

 

[Leeky]

@Det Nah, it was a general observation more than anything. I made a valid point though. The single biggest change a user getting viruses can make is to change the way they use their computer. I think that goes without saying really.

 

[Guest]

Yes anything one person creates another person may attack. Any system will have it's weaknesses. In many cases the system user is the largest weakness, if they install something despite understanding or warnings then they can have issues. Some people are quite click-happy and just install everything. Having said that I believe the Linux is more secure from a default position, note more secure doesn't mean [FONT=Arial]invulnerable.[/FONT]