Hand of Thief: commercial linux malware kit

I hate to disappoint those who thought linux was an extremely secure OS for which no malware exists. There is indeed malware for linux, and in fact, some of it is being sold, and is out there in the wild, capable of attacking a wide range of linux distributions and configurations: https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/

Sorry people, the grass is not that much greener on the other side…

Advertisements
This entry was posted in Software news and tagged , , , , , , , . Bookmark the permalink.

14 Responses to Hand of Thief: commercial linux malware kit

  1. Once again myth about that Linux is free from viruses has been busted! Go and cry now Linux fanboys…

  2. nickysn says:

    @Jaba Chutlashvili, Linux malware has existed for a very long time, I don’t know why do you think that the myth that Linux is free from viruses has been busted just now. It’s not a new thing at all:

    http://en.wikipedia.org/wiki/Linux_malware

    In fact, you can write a trojan for every OS. If someone thinks that Linux is free from viruses, then obviously, he is an idiot. If he thinks that it’s less likely to get infected under Linux, then that’s a simple fact. However, this is no excuse for being stupid – you should still install all your security updates and you should still never run binaries and scripts you don’t trust. What I find more dangerous, though, is the myth that Mac OS X is free from viruses. Mac OS X is much more common than Linux (as a desktop OS), there exists a much larger number of viruses for it and I find the percentage of users that are clueless of how to protect themselves and still believe they’re safe just because they use a Mac is higher the Linux ones.

  3. MacOS9 says:

    @nickysn: Indeed, Mac users are all too frequently living in the fantasy world of having an OS for which no viruses have been written. Granted, there may not be as many trojans and viruses as for other popular platforms, at this point in time, but precaution is always wise. A simple antivirus program that can scan manually for infections, a plugged and updated web browser, and a properly managed firewall are, at a minimum, what should be installed, including regular system updates. Those of you still on Snow Leopard like I am, either upgrade to Mavericks once it comes out, if feasible, or keep your Leopards patched and install a browser other than Safari once updates stop being made for it. Firefox is a good choice. Maybe Opera too but I haven’t tested that one too thoroughly. Chrome/Chromium I find too spooky since it dumps various, eccentric files in my system folders…whoops I mean in my “library” (sorry for the OS 9 era terms….heh).

  4. Alan Timston says:

    Settle down Linux Haters and BSD zealots, according to this article,

    http://www.zdnet.com/linux-desktop-trojan-hand-of-thief-steals-in-7000019175/

    Hand of thief still has no reliable means of entering into a Linux system. The only way that the hand of thief developers recommend is trying to send an email to the victim trying to convinces them to click on a link that will download the malware. As you all know, this does not work very well anymore. It’s still not like Windows and BSD malware where they could just pass through an open port using a worm.

    Also, Linux is being targeted because it is getting more popular. If BSD became more popular, that it would have the same problem except worst as BSDs are more fragmented and lack man power to fix bugs.

    • Scali says:

      Linux haters and BSD zealots? All I see here is BSD/Windows haters…
      Besides, nobody claimed that Hand of Thief is able to enter a linux system by itself (most Windows malware can’t do that either, and relies on social engineering only, so why bring it up?).

      I must say, I’m quite fascinated by this phenomenon of BSD hatred. I never considered the possibility of BSD as a target for hatred, what is there to hate, and why bother? Linux is a far more widespread OS than BSD is, so why would linux users feel any need to step on the little guy, so to say?
      Especially with such bad arguments, not even worth responding to.

      • Alan Timston says:

        “(most Windows malware can’t do that either, and relies on social engineering only, so why bring it up?)”

        Wrong, many Windows and BSD malware only need an open port to exploit a remote vulnerability which would allow them to get in without any action from the victim. “Hand of Thief” on the other hand requires it to be executed within the system to work as it cannot exploit any remote vulnerabilities only local ones. This requires tricking the user into downloading and executing a trojan containing the malware. Something which is very hard to do since Linux users are often people that remember the hurt they receive from malware they had to deal with when they were previously MS Windows users.

        “I’m quite fascinated by this phenomenon of BSD hatred. I never considered the possibility of BSD as a target for hatred, what is there to hate, and why bother? Linux is a far more widespread OS than BSD is, so why would linux users feel any need to step on the little guy, so to say?”

        Not hatred, but raising awareness. The problem with BSD is that it masquerades as FLOSS but in actual fact helps proliferation of proprietary software. How does it do that? Some people who want to produce FLOSS are fooled into contributing code to BSD (instead of real FLOSS like Linux and GNU) which then always ends up in proprietary software. Worse, projects producing FLOSS third party applications such as freedesktop.org are forced to spend so much extra time adding extra features and bloat to their software so that less then 1% of the OSes (*BSD) they support can run their application. At the same time, the users and developers of those OSes (*BSD) contributing to proprietary companies and spread FUD about Linux. Not only is this a huge waste in resources and time but it also blocks the integration of new features as the mentality of *BSD developers are so backward that such new features would cause the application to not run on *BSD. In fact the primary reason why GNU/Linux still has only 2% of the usage share is because vast amounts of resources have to be drained to make FLOSS applications work on BSD instead of making the FLOSS applications themselves better. In that sense, BSD is not a little guy but more of a flesh eating maggot that is better out of the picture.

        As for you Scali, the more appropriate question is why do you hate Linux? Your blog is littered with anti-Linux and anti-FLOSS FUD. What has Linux did to you?

      • Scali says:

        Wrong, many Windows and BSD malware only need an open port to exploit a remote vulnerability which would allow them to get in without any action from the victim.

        No, you are wrong here. I never claimed that there is no malware that can exploit a system (but then again, the same goes for linux). I merely said that *most* Windows malware these days relies on social engineering, by exploiting email, Facebook and other social media. While *most* malware works like this these days, I certainly do not deny that *some* malware will exploit a vulnerability in the system without any need for user intervention (but again, I stress that the same also goes for linux).

        This requires tricking the user into downloading and executing a trojan containing the malware.

        Not necessarily, since Hand of Thief can be used as a payload for a remote vulnerability exploit.

        Something which is very hard to do since Linux users are often people that remember the hurt they receive from malware they had to deal with when they were previously MS Windows users.

        Or it may in fact be very easy to do, since they now experience a false sense of security because they run linux.

        Not hatred, but raising awareness. The problem with BSD is that it masquerades as FLOSS but in actual fact helps proliferation of proprietary software.

        Yes, this is exactly what I’m talking about. “Masquerading as FLOSS”? What a bunch of nonsense. Even Richard Stallman himself, the godfather of the Free Software movement, considers the BSD license a FOSS/FLOSS-license: http://www.gnu.org/licenses/license-list.html
        As he says himself: “It is a lax, permissive non-copyleft free software license, compatible with the GNU GPL.”

        “helps proliferation of proprietary software.”? And how is that a problem? Did it ever occur to you that in some cases you actually WANT free software to be available to developers of proprietary software as well? The TCP/IP stack is a good example: by using a permissive license such as BSD, the code can also be used in closed-source OSes, which makes it a lot easier to get widespread support for the standard.
        I think your problem is that you do not understand the difference between free software and GPL-software (case in point: “real FLOSS like Linux and GNU”… not getting it, are you?). Richard Stallman does though, which is rather ironic.

        In fact the primary reason why GNU/Linux still has only 2% of the usage share is because vast amounts of resources have to be drained to make FLOSS applications work on BSD instead of making the FLOSS applications themselves better.

        Okay, that makes no sense whatsoever.
        Why would developers even bother supporting BSD anyway, since linux has a much larger marketshare anyway? By not supporting BSD, you’d only tip the balance more in favour of linux, and the demand for BSD-ports will cease to exist before long.
        Not that they support BSD very well anyway. A lot of free software is written in an overly linux-specific way (for which there is no excuse, it’s mainly just ignorance on behalf of the developers), and a lot of patches for BSD are never taken back upstream, so the BSD-people have to keep patching the same things over and over again, even though with their patches, the source would work fine on linux and BSD out-of-the-box.
        And I already said it: the BSD-people patch things. Not the developers of the original software. The FreeBSD project maintains ports for a large number of applications. These ports consist of taking the original source distribution, and then applying patches developed by the FreeBSD port maintainers, to make the software compatible with BSD (since most of it is developed as linux-only).

        You sir, do not seem to know what you are talking about.

        As for you Scali, the more appropriate question is why do you hate Linux? Your blog is littered with anti-Linux and anti-FLOSS FUD. What has Linux did to you?

        I don’t hate linux (plenty of proof right here on this blog: I have discussed a number of my own open source projects, which have linux support out-of-the-box, I have discussed Android development, and I have participated on a demo for the GP2X platform, to name but a few things). I hate people who spread misinformation and FUD, such as Linus Torvalds and yourself.
        The same can be said for other types of FUD, coming from eg Intel, nVidia, AMD or Microsoft, as you can find on my blog.
        I am not anti-FLOSS at all. On the contrary, I use, support and maintain various open source projects.

  5. MacOS9 says:

    @scali, agreed, it’s almost as bad as their Windows hatred. Hope the PC-BSD guys do some good with that system and give some of the half-cooked Linux distros a run for their money eventually. Heh, OS X would probably receive more hatred too if more people didn’t confusedly think it was based on Linux.

    • Alan Timston says:

      If OS X were based on Linux, it will be a very good thing as Apple will be forced to contribute back to community. But of course being the scam bags they are, they chose BSD and Mach instead as those are under permissive licenses. But because of that, it’s now the fault of the people responsible for putting those software under those appalling licenses.

      The great Richard Stallman said that we should be glad Steve Jobs is gone, but Steve Jobs cannot have done the damage he did without the terrible things like BSD so I say that we shouldn’t be glad as those people responsible for BSD, Mach and Minix are still alive and operating.

  6. MacOS9 says:

    …interesting arguments. as an end user I tend to gravitate towards the most stable software/os-es around. if they’re open source great, if not so be it. i’d like to see more gui friendliness from Linux though, lots of inconsistency across various distros. the minty boys have the right attitude, but time will tell. pc-bsd is also a noble idea. hope something user friendly comes of it, if not then again maybe the minty guys will succeed. I see they are now selling a computer that comes with Linux Mint. in the meantime it’s windows or os x until the terminal is further tamed in Linux from popping up too often. maybe by then games will also run well on OpenGL :D. this bsd vs. linux argument reminds me for some reason of the OpenOffice (owned by Apache and semi-closed) and LibreOffice (open source) argument…although you have to admit that OpenOffice is a better-sounding brand name…and I find it more stable for now.

    • Scali says:

      the minty boys have the right attitude, but time will tell. pc-bsd is also a noble idea.

      I think the problem with both, especially with Mint, is that they are built on top of other projects.
      Mint is built on top of Ubuntu, which in turn is built on top of Debian. This means that they have less control than distributions that are completely independent and self-sufficient.

      this bsd vs. linux argument reminds me for some reason of the OpenOffice (owned by Apache and semi-closed) and LibreOffice (open source) argument…

      Yes, I suppose in both cases you can argue that the licenses (LGPL/Apache and BSD) are actually less restrictive than the GPL, and actually give you MORE freedom.

  7. MacOS9 says:

    @Scali, true enough. i can see the problem there, with not much control of the distributions. the minty people offer a variant directly based on Debian but, ugh, the rolling upgrades sometimes do ugly things. if something ever happens with Ubuntu, the minty guys and their mainstream releases would be in real trouble unless they go independent. oh well, it’s good that there’s always trusty windows or os x for the end user. i guess some of the most independent linux distros would be the gentoo-based ones but i doubt the common end user would be interested in rolling their own software, that’s just nasty.

  8. Jerwald says:

    Linux will have more issues because it will become more and more dumbed down and security will inevitably suffer, since the two don’t go well together. Meanwhile…The professional IT community is looking for a serious OS that captivates us with it’s beauty.(which Linux is not).

  9. MacOS9 says:

    @Jerwald, Windows 7 Ultimate is a very serious OS, as is Windows 8 once the odd start menu is tamed (8.1 should improve the way it functions, and besides, if people don’t like live tiles they can always use the start menu in 8 as an app list, I’m sure it can be made to work properly…for example, uninstall all full screen apps and install traditional desktop versions instead, use the start menu to pull up a quick list of all your apps, click to start an app and you’re back in desktop mode, problem solved…yes, no?? this way the start menu basically becomes an extension of desktop functionality, nothing more) or does Windows for some strange reason lack beauty in the IT world??? what about the upcoming OS X Mavericks, perhaps it looks more aesthetic? 😀 mind you I don’t care too much for the aesthetic part, I like running Windows 7 in classic “Windows 2000” view for example. if I could slap the platinum look of Mac OS 9 onto OS X i’d do that too but oh well, so it goes…. if you’re looking for a somewhat beautiful Linux distro try the LTS KDE spin by the minty people….lots of blue hues in that one, it’s soothing and looks like Windows Aero, or try the XFCE variant if you like a greenish minimalist look, it screams productivity :D.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s