mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-19 22:51:41 +08:00
48 lines
4.1 KiB
Markdown
48 lines
4.1 KiB
Markdown
|
Linux “HoT” bank Trojan: Failed malware
|
|||
|
|
=======================================
|
|||
|
|
|
|||
|
|
Summary: What? Another Linux vulnerability? Nope. Other operating systems may be easy malware marks, but Linux continues to resist malware.
|
|||
|
|
|
|||
|
|
By Steven J. Vaughan-Nichols
|
|||
|
|
|
|||
|
|
Initially it looked like the ["Hand of Thief" (HoT) Trojan would be the first successful Linux Trojan][1]. However, further investigation by RSA, the Security Division of EMC, reveals that the Hand of Thief is just another in a long line of so-called Linux malware that's more bark than bite.
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
Hand of Thief: Another failed Linux malware program. (Credit: RSA)
|
|||
|
|
|
|||
|
|
Indeed, the only people who will be hurt by this so-called Trojan are the cyber-criminals who paid $2,000 for this half-baked hack.
|
|||
|
|
|
|||
|
|
Yotam Gottesman, an RSA Senior Security Researcher, reported that the company obtained the HoT code builder and created HoT binaries. Gottesman reports that [HoT has no real functionality][2]. "Our research and analysis shows that, in reality, HoT’s grabbing abilities are very limited if not absent, which would make the malware a prototype that needs a lot more work before it can be considered a commercially viable banking Trojan."
|
|||
|
|
|
|||
|
|
My own experiences with HoT demonstrated that while I smelled smoke, there was no fire. It is just a harmless exploit of a since-patched problem with the Chrome Web browser.
|
|||
|
|
|
|||
|
|
HoT's builder--the part that actually creates the virus--is a Windows program. In theory the builder would enable the botmaster to generate new variants of HoT. It created 32-bit compiled [ELF (Executable and Linking Format)][3] programs. ELF is the standard Linux binary format.
|
|||
|
|
|
|||
|
|
Once installed, HoT would seek to grab information from Web forms and send the results to a botnet server. As malware, however, HoT fails in the most fundamental way possible: It requires a deliberate effort by the user to install it.
|
|||
|
|
|
|||
|
|
On some operating systems, such as Windows, it's relatively easy to infect a system without the user being aware that anything is happening. On others, such as [Android, the user must agree to install a program][4]. With Linux, you must go out of your way to install any program. HoT has no mechanism to make that any easier for a criminal cracker.
|
|||
|
|
|
|||
|
|
In fact, even if you do take the time and effort to infect a Linux PC with HoT, the program still doesn't work worth a damn. RSA found that HoT often crashed with Firefox on [Fedora][5], grabbed useless data with Chrome on Fedora, and was blocked from running at all on [Ubuntu Linux][6].
|
|||
|
|
|
|||
|
|
Therefore, RSA concluded, "HoT has come to the cybercrime underground at a time when commercial Trojans are high in demand, stirring some excitement amongst criminals. Although it initially appeared to be a compelling new Trojan entrant, RSA’s in-depth analysis of the code proves it is a prototype more than true commercially viable malware, crashing the browsers on the infected machines and displaying overall inability to properly grab data."
|
|||
|
|
|
|||
|
|
As for that critical issue of infecting Linux systems, "HoT's developer claims that he is in the final stages of implementing a Web-injections mechanism, but since the Form grabber he designed is not functional on the browsers he claims to have tested, the injections are not very likely to work either."
|
|||
|
|
|
|||
|
|
I'll take that a step farther. The only people who have, or ever will have, trouble with HoT are the would-be crooks who bought this hopelessly maimed malware.
|
|||
|
|
|
|||
|
|
|
|||
|
|
About Steven J. Vaughan-Nichols
|
|||
|
|
|
|||
|
|
Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge PC operating system. SJVN covers networking, Linux, open source, and operating systems.
|
|||
|
|
|
|||
|
|
[1]:http://www.zdnet.com/linux-desktop-trojan-hand-of-thief-steals-in-7000019175/
|
|||
|
|
[2]:https://blogs.rsa.com/rsa-peeks-into-the-bits-of-new-linux-based-trojan-hand-of-thief/
|
|||
|
|
[3]:http://www.thegeekstuff.com/2012/07/elf-object-file-format/
|
|||
|
|
[4]:http://www.zdnet.com/five-simple-ways-to-avoid-android-malware-7000017463
|
|||
|
|
[5]:http://fedoraproject.org/
|
|||
|
|
[6]:http://www.ubuntu.com/
|
|||
|
|
|
|||
|
|
via: http://www.zdnet.com/linux-hot-bank-trojan-failed-malware-7000020436/
|
|||
|
|
|