On Mon, Jun 14, 2010 at 7:35 PM, Ramnarayan.K <ramnaraya...@gmail.com> wrote: > A limited security concern butit has implications on how we view our > Linux OS as far as on the net safety is concerned. > > Read more below > > or visit link to get more details and reader's comments - which are > interesting > > Seems it yet again boils down to how careful / careless users are with > respect to security permissions > > > ram > > > Linux Trojan Raises Malware Concerns > http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html > > > By Tony Bradley, PC World > > [Author's Note: The article has been modified to correct the assertion > that Unreal IRC has any relation to Unreal--the first-person shooter > developed by Epic Games.] > People who read this also read: > People Who Like This Also Like > > > > I've got good news and bad news for those of the misguided perception > that Linux is somehow impervious to attack or compromise. The bad news > is that it turns out a vast collection of Linux systems may, in fact, > be pwned. The good news, at least for IT administrators and > organizations that rely on Linux as a server or desktop operating > system, is that the Trojan is in a download that should have no > bearing on Linux in a business setting. > > Despote the perception that Linux is inherently secure, it is not > impervious and IT admins need to remain vigilant.An announcement on > the Unreal IRCd Forums states "This is very embarrassing...We found > out that the Unreal3.2.8.1.tar.gz file on our mirrors has been > replaced quite a while ago with a version with a backdoor (trojan) in > it. This backdoor allows a person to execute ANY command with the > privileges of he user running the ircd. The backdoor can be executed > regardless of any user restrictions (so even if you have passworded > server or hub that doesn't allow any users in)." > > The post goes on to say "It appears the replacement of the .tar.gz > occurred in November 2009 (at least on some mirrors). It seems nobody > noticed it until now." > > Unreal IRC is an Internet relay chat platform. I don't have any > numbers on the total downloads since November of 2009, but it seems > safe to assume there are a lot of Linux systems out there compromised > by a backdoor Trojan. > > However, none of those systems should be in a place of business, so > the risk from a business perspective is not very high. IT > administrators can learn, though, from the mea culpa at the end of the > UnrealIRCd Forums post. "We simply did not notice, but should have. We > did not check the files on all mirrors regularly, but should have. We > did not sign releases through PGP/GPG, but should have done so." > > Basically, because of the false sense of security provided by Linux it > simply never occurred to anyone to check if the software might be > compromised. Combining that false sense of security with the security > by obscurity factor that Linux makes up less than two percent of the > overall OS market and isn't a target worth pursuing for attackers, > means that many Linux owners have zero defenses in place. > > To be fair, Linux experts are aware that the operating system is not > bulletproof. You can pick any flavor of Linux, and its accompanying > tools and applications and find hundreds of vulnerabilities. The > difference--according to the many lectures I have received in the > comments of articles I have written on Windows security--is that the > way the Linux OS is written makes it harder to exploit a > vulnerability, and that because its open source vulnerabilities are > fixed in hours rather than months. > > The lesson for IT Admins managing Linux is to be more vigilant. Linux > is not impervious to attack. Hopefully the Linux systems in a business > environment aren't running Unreal, but it's quite possible that Unreal > is not the only compromised software available. > > Linux does not have the vast array of threats facing it that Windows > systems do, but there are still threats. Even if those threats aren't > exploited through a quickly-spreading worm, they are still there and > represent a potential Achilles heel in your network security if not > monitored and protected. > > Don't make the mistake of simply assuming Linux systems are safe > because they're Linux systems. Implement similar security controls and > policies for Linux as you have in place for Windows systems and you > can prevent being pwned by a backdoor Trojan for months without even > knowing about it. > > You can follow Tony on his Facebook page , or contact him by email at > tony_brad...@pcworld.com . He also tweets as @Tony_BradleyPCW . >
Actually the point to be noted is, "most of the times we won't get to know that we are compromised" until some strong evidence is found... So I think there should be some file auditing software intelligent enough to identify whether it is something misbehaving or not... Also I feel, We mostly get compromised due to vulnerabilities in Applications rather than Underline OS/Kernel... Most vulnerable apps are cross platform like Adobe Flash, JDK, Web Browsers, Open Office... I don't mean to avoid them, but try to Update regularly... > -- > ubuntu-in mailing list > ubuntu-in@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-in > -- ubuntu-in mailing list ubuntu-in@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-in