Off-topic, slightly - Hand of Thief Linux Virus

linuxnutster at videotron.ca linuxnutster at videotron.ca
Sun Aug 11 13:26:28 UTC 2013 

On 08/10/2013 11:55 AM, Alchemist wrote:
> ..2013/8/10 <linuxnutster at videotron.ca <mailto:linuxnutster at videotron.ca>>
>
>     I was just reading about this new malware threat. I'm not clear on
>     how exactly this thing can get installed on a Linux system. Would it
>     require 100% social engineering? I installed Fedora on my elderly
>     mother's last two laptops so she can do her banking without being
>     paranoid about keyloggers, trojans, etc... She is a news hound, so
>     it's only a matter of time before she comes flying at me demanding
>     reassurances.
>     --
>
> Mini gude how Fedora can protect You:
>
> 1. Use only official repos/strict package signing, no untrusted package
> sources.
> 2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole system,
> whuh!)
> 3. Better create two browser profiles, one for everyday usage with
> Iced-Tea disabled, other one ONLY for internet-banking with Iced-Tea
> enabled, and tell your mother about the value of such security solution.
> 4. Disable autorun
> http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf
> 5. Use SELinux shield:
> # setsebool -P allow_execstack=0
> # setsebool -P allow_execheap=0
> # setsebool -P allow_execmod=0 (may break some buggy apps)
> 6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally or
> globally(/etc/profile,/etc/bashrc) prevent new planted executables of
> being execuded. Of course if only system is not for multiuser, and there
> is no need for binary execution ~/
> 7. HoT runs without root, so primary impact will be taking over control
> of user evironment. Protect important config files from modification, by
> setting chattr +i.(remove when needed)
> .bashrc
> .bash_profile
> .bash_logout
> .pam_environment
> .xinitrc
> .gnomerc
> .config/autostart/*
> and so on
> 8. Configure firewall, but this is different story, as I know from
> experience, this is difficult to fit any user browsing desires. But it's
> worth a try :)

An excellent turorial, thanks! Does HOT rely completely on social 
engineering or can it penetrate easily via other means? Bearing in mind 
that we only use offical repos...

More information about the users mailing list