Linux & OS X-only Trojan Spotted

I have always been a Linux apologist – apologies to no one. My migration to the Linux platform a few years back was largely influenced by the bitter experiences i had with malwares and viruses on Windows. Rumours were rife then of the near impregnability of Linux, that Linux is virus (trojan horse) free. It was said that the old-fashioned multi-user heritage of Linux prevents malware, since users are not normally running their programs in admin mode (as root user).

But lately, i have been worried – very worried. The near invincibility image of Linux platform is fast being compromised. Now you hear of Linux trojans and hacks all around you. So much that i am now convinced that the only reason the statistics is still relatively low compared to Microsoft Windows is because of the low rate of adoption of Linux on desktops. And only if end users can adhere to best practices on the use of Microsoft Windows PCs as highlighted here, chances are that virus infiltration of the Windows platform will not be as widespread.

Below is an excerpt from theregister.co.uk, on the latest threat to the Linux (and its cousin, Apple OSX) platforms;

Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan.

Once installed on a compromised machine, Wirenet -1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted to Opera, Firefox, Chrome and Chromium web browsers, and credentials stored by applications including email client Thunderbird, web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands.

The software nastie was intercepted by Russian antivirus firm Dr Web [which] describes Wirenet-1 as the first Linux/OSX cross-platform password-stealing trojan.

Multi-platform virus strains that infect Windows, Mac OS X and Linux machines are extremely rare but not unprecedented. One example include the recent Crisis super-worm. Creating a strain of malware that infects Mac OS X and Linux machines but not Windows boxes seems, frankly, weird given the sizes of each operating system’s userbase – unless the virus has been designed for some kind of closely targeted attack on an organisation that uses a mix of the two Unix flavours.

Analysis work on the Wirenet-1 is ongoing and for now it’s unclear how the trojan is designed to spread. Once executed, it copies itself to the user’s home directory, and uses AES to encrypt its communications with a server over the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *