Apparently, the problem was a vulnerability in Java SE 6 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3560 exploitable by the trojan . This has been fixed in Lucid https://lists.ubuntu.com/archives/lucid-changes/2010-October/011816.html by October 19 .
The issue itself is pretty weird, however not that big of a deal. What it actually shows is that Java technology is pretty insecure in its nature, mostly redundant, that is why fortunately not installed on most Linux distros by default. As far as the OS security question is concerned, although not completely infallible, most Linux/*BSD/Solaris platforms are more protected from malware and viruses than MS Windows is. Actually, this page http://www.ubuntu.com/desktop/why-use-ubuntu claims that the risk is intangible for Ubuntu users. And the statement is true. The reasons lie in the fundamental difference between open source unix-like and ms windows os'es. The old but still mostly valid article http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/ by Nicholas Petrely talks just exactly about that. Most article's points (if not all) still apply now. BRW, Linux/*BSD is the most popular server OS, especially web server, which is verifiable. MS Windows has no more than 30% of the Internet domains (mostly parking ones). So, HacKurx and all of us, we are indeed more secure than our Windows-using counterparts. Just do not install an unsigned, binary-only, unverified pieces of software Ubuntu repos have tons of applications, more than enough for everyone. Get a strong account password and do not run "sudo rm -rf /*" on your machines too often :-) ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3560 -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in ubuntu. https://bugs.launchpad.net/bugs/668314 Title: Trojan under Linux passing by Java ! ! ! Status in “openjdk-6” package in Ubuntu: Fix Released Bug description: Hi, A trojan named "Boonana/Koobface" can be installed under linux because of java. I thus confirm my request of real-time protection in ubuntu. More information in French here: http://www.echosdunet.net/dossiers/dossier_6179_un+trojan+windows+passe+sous+mac+os+x+linux+via+java.html Why not make a real-time protection to clamav inspired by "sentinel clam" ? ProblemType: Bug DistroRelease: Ubuntu 10.10 Package: icedtea6-plugin 6b20-1.9.1-1ubuntu3 ProcVersionSignature: Ubuntu 2.6.35-23.36-generic 2.6.35.7 Uname: Linux 2.6.35-23-generic x86_64 NonfreeKernelModules: nvidia Architecture: amd64 Date: Fri Oct 29 14:29:14 2010 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANG=fr_FR.utf8 SHELL=/bin/bash SourcePackage: openjdk-6 _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : openjdk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
