New Virus that targets *.nix
Polytropon
freebsd at edvax.de
Sat Nov 24 18:44:07 UTC 2018
On Sat, 24 Nov 2018 15:13:37 +0000, Carmel NY wrote:
> This looks like a particularly nasty virus.
>
> https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/
The article says it targets Linux, not Unix(-alikes) in general,
so the shell script mentioned is probably intended to be run
with bash, the common Linux scripting shell, and will surely
assume certain things we call Linuxisms, i. e., intrastructures,
files and directories, services, local tools etc. which exist
on a typical Linux system. Yes, the description is really scary,
it has lots of... features, one of them is deactivating your
installed virus program. :-)
However, given how modern Linux software lacks portability
to non-Linux (but still UNIXoid) systems, I wouldn't be
surprised if you get a syntax error and execution stop if
you try to indendedly infect your FreeBSD installation.
The two CVEs mentioned explcitely (CVE-2013-2094 and
CVE-2016-5195) seem to be specific to certain (older)
Linux _kernels_.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
So this probably won't work on FreeBSD (individual opinion
without further research). And research has shown multiple
times that installed virus software often doesn't protect
your system - no, it makes it even _more_ vulnerable, that's
why it has become quite hard to call it "anti-virus software".
And remember l33t k1dz:
Always use "curl myapp.example.com | sudo bash" to install
the software you trust! Apply snake oil as desired. ;-)
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list