Off-topic, slightly - Hand of Thief Linux Virus

Alchemist raimiiic at gmail.com
Sun Aug 11 18:28:28 UTC 2013 

2013/8/11 <linuxnutster at videotron.ca>

> On 08/10/2013 11:55 AM, Alchemist wrote:
>
>> ..2013/8/10 <linuxnutster at videotron.ca <mailto:linuxnutster@**
>> videotron.ca <linuxnutster at videotron.ca>>>
>>
>>     I was just reading about this new malware threat. I'm not clear on
>>     how exactly this thing can get installed on a Linux system. Would it
>>     require 100% social engineering? I installed Fedora on my elderly
>>     mother's last two laptops so she can do her banking without being
>>     paranoid about keyloggers, trojans, etc... She is a news hound, so
>>     it's only a matter of time before she comes flying at me demanding
>>     reassurances.
>>     --
>>
>> Mini gude how Fedora can protect You:
>>
>> 1. Use only official repos/strict package signing, no untrusted package
>> sources.
>> 2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole system,
>> whuh!)
>> 3. Better create two browser profiles, one for everyday usage with
>> Iced-Tea disabled, other one ONLY for internet-banking with Iced-Tea
>> enabled, and tell your mother about the value of such security solution.
>> 4. Disable autorun
>> http://blogs.iss.net/archive/**papers/ShmooCon2011-USB_**
>> Autorun_attacks_against_Linux.**pdf<http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf>
>> 5. Use SELinux shield:
>> # setsebool -P allow_execstack=0
>> # setsebool -P allow_execheap=0
>> # setsebool -P allow_execmod=0 (may break some buggy apps)
>> 6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally or
>> globally(/etc/profile,/etc/**bashrc) prevent new planted executables of
>> being execuded. Of course if only system is not for multiuser, and there
>> is no need for binary execution ~/
>> 7. HoT runs without root, so primary impact will be taking over control
>> of user evironment. Protect important config files from modification, by
>> setting chattr +i.(remove when needed)
>> .bashrc
>> .bash_profile
>> .bash_logout
>> .pam_environment
>> .xinitrc
>> .gnomerc
>> .config/autostart/*
>> and so on
>> 8. Configure firewall, but this is different story, as I know from
>> experience, this is difficult to fit any user browsing desires. But it's
>> worth a try :)
>>
>
> An excellent turorial, thanks! Does HOT rely completely on social
> engineering or can it penetrate easily via other means? Bearing in mind
> that we only use offical repos...
>
> Yes, as this is still the most effective way nowadays (for Windows,
Android too), but as we understand social engineering as a wide range of
techniques(see SET), you may be ready to tell your mother, not to enter
root password, when PackageKit will ask for it- on malicious unsigned RPM
received with Skype or by clickjacking for example. Or even give her
limited sudo rigts if needed, and keep root password only to yourself.
Don't forget about browser exploit packs, it is only a matter of time until
they will put it browser exploits, but here properly configured SELinux
comes into play. Stay safe.





> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.**org/mailman/listinfo/users<https://admin.fedoraproject.org/mailman/listinfo/users>
> Fedora Code of Conduct: http://fedoraproject.org/code-**of-conduct<http://fedoraproject.org/code-of-conduct>
> Guidelines: http://fedoraproject.org/wiki/**Mailing_list_guidelines<http://fedoraproject.org/wiki/Mailing_list_guidelines>
> Have a question? Ask away: http://ask.fedoraproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130811/e1867da0/attachment.html>

More information about the users mailing list