Malware

From In2Job Organizer, knowledge base of The Economic Group
Jump to: navigation, search

Router

Protect and harden your router!

The Moon

'The Moon' effects many (setups/configurations of) older models of Linksys routers.

http://news.en.softonic.com/the-moon-malware-spreading-through-linksys-routers

official guide from LinkSys (the vendor)

http://kb.linksys.com/Linksys/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml


BotNet

GameOver ZeuS

"The Lifecycle of Peer-to-Peer (Gameover) ZeuS", an excellent report by SecureWorks from Dell.

Is a more sophisticated p-2-p version of a previous Trojan

official report from the U.S. federal government " More Alerts Alert (TA14-150A) GameOver Zeus P2P Malware Original release date: June 02, 2014."

only effects Windows platforms, right? A Microsoft Windows -only vulnerability?

Trojans

Downloader-TJK

False positive (Avast blocked itself, effectively?) When the anti-virus software tried to update itself, one of its components halted the updating when it identified what it thought was malware.

avast blocked this:

http://files.avast.com/files/emupdate/20131217 - dot - exe

which it idenitifed as: Win32:Downloader-TJK [Trj]

http://www.avast.com/en-us/lp-fr-virus-alert?p_ext=chrome&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_vir=Win32:Downloader-TJK%20[Trj]&p_prc=C:\Program%20Files\Alwil%20Software\Avast5\AvastEmUpdate.exe&p_obj=http://files.avast.com/files/emupdate/20131217.exe&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=218&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=chrome&p_vep=9&p_ves=0&p_vbd=2008&p_hid=05327537-aa6b-4885-811e-01284920e030

HideLink-A

and this:

when I visited this page

Avast identified it as: JS:HideLink-A [Trj]

http://www.avast.com/en-us/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_vir=JS:HideLink-A%20[Trj]&p_prc=C:\Program%20Files%20(x86)\Mozilla%20Firefox\firefox.exe&p_obj=http://veganyumyum.com/2007/03/tuscan-white-bean-stew/&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=140&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=chr2&p_vep=9&p_ves=0&p_vbd=2011&p_hid=6c8a598a-a59b-43a2-a909-777b695c37a2&p_ram=2815&p_cpu=6.5

Linux

Yes, Linux-based OSes (distros) are not immune to all malware and vulnerabilities.

In fact, it is possible that there is a growing trend of ever-sophisticated malware that can compromise systems that use the Linux kernel. This seems to support the inverse of the security by obscurity argument (that the main reason Windows had the most malware was simply because it was the most popular , or visible platform (at least for end-users, but not SERVERS).

examples

IPtabLes IptabLex

IptabLes and IptabLex DDoS Bots

"IptabLes and IptabLex DDoS Bots" "Originally published: Sept. 3, 2014"

"Akamai Warns of IptabLes and IptabLex Infection on Linux, DDoS attacks" "Linux systems infiltrated and controlled in a DDoS botnet" believed to have originated from Asia (and is expanding).


Hand of Thief

Avast's blog has an article on “Hand of Thief” Trojan by Peter Kálnai August 27th, 2013


solutions tools

Most anti-malware software that runs on a non-commercial OS platform is designed to identify malware that would work on and target and compromise commercial OS platforms. In other words, anti-malware software that runs on a Linux server (say) scans for malware that would present problems not to Linux but to Windows and maybe OS X and maybe Android and iOS.

wikipedia: Linux malware#For Microsoft Windows-specific threats

The key advantage to running scans for malware in a Linux (or BSD-based) environment (platform/distro/OS) is that the host platform in which the scan (AV engine) runs itself is not vulnerable. Even Avast's bootable live rescue CD (which uses a very stripped down version of The Windows NT kernel (Windows 8, probably) has an advantage over the regular Avast software running within a regular Windows system. <-- word this better --11:34, 5 June 2014 (MDT)


use GRML distro to boot up Live OS and


http://www.virustotal.com/file/854dac8b4616c1b4174dc01796174a2bd7002f6d99e39efad92ca74efe4cf2e1/analysis/


Avast for server

Avast offers software that runs on GNU/Linux systems/distros (pre-compiled binary packages (not open source?) for RedHat and Debian and derivative distros, it seems including Ubuntu and Fedora and SUSE) (no Arch, no Slackware, no Gentoo, no Mandriva/Magea (and it's not open-source so ...) )

Avast4workstation

old?:

"Avast4linuxworksations carries the virus database for windows viruses." -http://forum.avast.com/index.php?topic=133995.0

http://files.avast.com/files/linux/avast4workstation-1.3.0-1.i586.rpm http://files.avast.com/files/linux/avast4workstation_1.3.0-2_i386.deb http://files.avast.com/files/linux/avast4workstation-1.3.0.tar.gz

-  http://sparewotw.wordpress.com/2011/07/08/avast-antivirus-home-edition-on-pclinuxos-2011-6/


Yes, most AV (anti-malware) (InfoSec I.T. security) software that runs within a UNIX-like (*nix GNU/Linux or BSD-based) environment scans for malware that impacts Windows (or other platforms that most consumer end-users use like OS X and also Android and maybe also iOS)


However, ...

wikipedia: Linux malware#For Linux-specific threats


Comodo

However, Comodo offers Comodo Antivirus for Linux download

best description of CAVL includes screenshots (is a forum/board thread) for version 1.1.268025.1

Pre-compiled binary installation packages are available: 4 in total (verify this) -- one in .deb format for Debian-based OS/distros like Ubuntu, Linux Mint, as well as .rpm for SuSE and RedHat-based distros (like CentOS, RHEL, Fedora).

release notes

Each package is about 25 MiBs in size. checksum/hash/disgest


ClamAV

mostly used for email servers to scan contents of emails before they're transmitted elsewhere

ESET

ESET NOD32 Antivirus for Linux Desktop | wikipedia: ESET

download page

Version: 4.0.81.0, Size: 45.3 MB File name: eset_nod32av_64bit_en_.linux


http://www.eset.com/us/download/thank-you-eav-linux/file/9203/


"The Rootkit Hunter project" (official homepage) , and wikipedia: Rkhunter

and

Sophos

wikipedia: Sophos makes

http://www.sophos.com/en-us/support/documentation/sophos-anti-virus-for-linux.aspx#

doucmentation for v 9

Sophos Anti-Virus for Linux 9.6.1 release notes

Sophos Anti-Virus for Linux configuration guide (PDF)

http://www.sophos.com/en-us/support/knowledgebase/14378.aspx


debate

Is "AV" software (antiVirus) useless?: http://www.f-secure.com/weblog/archives/00002482.html


wikipedia: Linux malware

There is debate http://www.pclinuxos.com/forum/index.php/topic,106246.msg907747.html#msg907747 http://www.pclinuxos.com/forum/index.php/topic,101287.msg861762.html#msg861762


http://webcache.googleusercontent.com/search?q=cache:YjFd7WSYwIgJ:forum.avast.com/index.php%3Ftopic%3D119152.0+&cd=3&hl=en&ct=clnk&gl=us

Cloud Security

solutions using the cloud (virtualisation server-side ? )

Herd Protect

Sophos Cloud


See фlso