Linux malware evades detection for upwards of 3 years, not sure how

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
3,894
https://www.pcgamer.com/a-crafty-li...ars-and-experts-still-dont-know-what-it-does/

TLDR;
Cant figure out how it spreads, what it does, nor do existing AV’s detect it.


“At the coding level, RotaJakiro uses techniques such as dynamic AES, double-layer encrypted communication protocols to counteract the binary & network traffic analysis.

At the functional level, RotaJakiro first determines whether the user is root or non-root at run time, with different execution policies for different accounts, then decrypts the relevant sensitive resources using AES & ROTATE for subsequent persistence, process guarding and single instance use, and finally establishes communication with C2 and waits for the execution of commands issued by C2."

https://www.zdnet.com/article/rotajakiro-a-linux-backdoor-that-has-flown-under-the-radar-for-years/
 
Last edited:

auntjemima

Supreme [H]ardness
Joined
Mar 1, 2014
Messages
7,808
Linux is not an operating system.
Yes, it is. Says Linux.com

Screenshot_20210503-153812.png
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
But I'm not the one saying it. A website dedicated to Linux, one that holds the LINUX domain says it.

In reality it is a culmination of many components.

https://www.fosslinux.com/42926/is-linux-an-operating-system-or-a-kernel.htm


also as with Linux things are complicated:

https://www.gnu.org/gnu/linux-and-gnu.en.html

its a long read but tl:dr. It has just been easier to say linux is and operating system, which it is 'a system of operation' yes.

Many users do not understand the difference between the kernel, which is Linux, and the whole system, which they also call “Linux”. The ambiguous use of the name doesn't help people understand. These users often think that Linus Torvalds developed the whole operating system in 1991, with a bit of help.
 
Last edited:

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
but, not surprisingly, I see that all the windows white knights are here hating on Linux.

P.S. I am a windows user.
This is their last refuge, before Microsoft moves almost entirely to a Linux based "operating system". Change is difficult. I imagine some are afraid that moves towards a more opensource friendly microsoft might affect their livelihoods.
 
Last edited:

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
Right around the same time the Code of Conduct was written.
This is how you know corporate world are serious about supporting/moving into Linux/FOSS. Everywhere that has had the corporate stamp of approval is soon to be their next move. It's smoothing out those 'problematic' bumps for a more professional public appearance, before they put their flag up and claim it to be the next big thing.
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,067
I don't think anyone with a brain has alleged this. Linux has far fewer viruses compared to windows (and is far more secure), but, not surprisingly, I see that all the windows white knights are here hating on Linux.

P.S. I am a windows user.
Sorry. I was trying to make a joke. I use Ubuntu actually.
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
And look on Reddit or any Linux forum. When a noob comes in asking if they need anti-virus, everyone says Linux doesn't need anti-virus because it is secure and open-source.

agree, people should really drop the Linux doesn't have viruses thing.

The Linux kernel has over 25 million lines of code and many other attributing pieces of software. Nobody is checking all of that for vulnerabilities. However, i will say the speed at which a security patch can be deployed realistically is way quicker than on Windows. I can have an update patch within minuets of it's fix if i so wanted.. Windows ? technically yes, but you might have to wait a whole week in reality.

In on mint BTW and even on that im getting daily even hourly patches.


look on Reddit
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,067
its a long read but tl:dr. It has just been easier to say linux is and operating system, which it is 'a system of operation' yes.
For me it's just a branding/marketing type of thing.

Linux is just a better name and easier to understand (like an alternative to Unix) and GNU/Linux doesn't exactly roll off the tongue.

But I understand that GNU made a substantial contribution to what we now call Linux.
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
For me it's just a branding/marketing type of thing.

Linux is just a better name and easier to understand (like an alternative to Unix) and GNU/Linux doesn't exactly roll off the tongue.

But I understand that GNU made a substantial contribution to what we now call Linux.

Exactly.

..Hey what do i know im just some random guy on the internet.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,775
Now that MSFT is all linux gung-ho, expect this to be much more normalized.
It's the same issue as Mac OS. It's generally got less malware, because so few use the OS, so it's not worth the effort. That said, I'm not convinced this will be a big issue, because Linux is still an also ran on the desktop. You're better off targeting windows and getting a 1% of the than targeting Linux and infecting 90% of it's desktop users. It's a numbers game and Windows has the numbers.
 

nilepez

[H]F Junkie
Joined
Jan 21, 2005
Messages
11,775
Obvious result of amateurs making an OS
lol. Pretty sure most linux updates come from major corporations like IBM. I use to know a guy that worked for IBM and all he did was work on the Linux Kernel.
 
Joined
Dec 7, 2010
Messages
909
It's the same issue as Mac OS. It's generally got less malware, because so few use the OS, so it's not worth the effort. That said, I'm not convinced this will be a big issue, because Linux is still an also ran on the desktop. You're better off targeting windows and getting a 1% of the than targeting Linux and infecting 90% of it's desktop users. It's a numbers game and Windows has the numbers.
It doesn't help that most Windows software is distributed as EXE/installer blobs with no access to the source code - it's almost trivial to add malware/spyware, repackage, and redistribute them.
Checksums, building from source, trusted repositories etc are just not a thing that the average Windows user even understands.
I would argue that the majority of devices actually run GNU/Linux (including small IoT crap, servers, ATM software, all major cloud providers - even Azure!, etc).
 

travm

Gawd
Joined
Feb 26, 2016
Messages
981
Perhaps people should read about the university of Minnesota being banned from contributing to the kernel. They did and experiment where they intentionally added malware to bug fixes they submitted. Turns out adding malicious code to Linux is easy.

I'm also reminded of how the Gentoo distribution had malware included it for years before it was noticed. The idea that open source is somehow more secure is hilarious.

Don't get me wrong I love open source, but security is not the aspect to trumpet.
 

GNUse_the_force

Limp Gawd
Joined
Oct 27, 2014
Messages
481
Auntkojima says otherwise!
View attachment 352948

I mean. It is called one for the sake of brevity.
But technically it's the kernal.

Having new people come to linux and explain GNU + Linux kernal's, init system, display managers, windows managers, then 1,000 differently named distros etc.. is a major put off for linux adoption. So it's easier to just say Linux is an operating system :)
 

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
5,495
Don't get me wrong I love open source, but security is not the aspect to trumpet.
The fact it's found shows that open source is working as intended. Unlike Windows which had a vulnerability for 12 years. How about Mac OSX's malware that went undetected for years? The only thing negative that can be said about Linux is that this malware was undetected for so many years because too many people believed it didn't need an antivirus. The opposite of what people think of Windows.
 
Joined
Dec 7, 2010
Messages
909
Perhaps people should read about the university of Minnesota being banned from contributing to the kernel. They did and experiment where they intentionally added malware to bug fixes they submitted. Turns out adding malicious code to Linux is easy.

I'm also reminded of how the Gentoo distribution had malware included it for years before it was noticed. The idea that open source is somehow more secure is hilarious.

Don't get me wrong I love open source, but security is not the aspect to trumpet.
Yes, it's easy if you are sending patches from a respected (well no longer lulz) university email under the tutelage of a formerly respected professor(s).
Open source software is neither more nor less secure; however, when issues are found they can be tracked and fixed in the _open_, with full visibility by anyone.
 

cybereality

Supreme [H]ardness
Joined
Mar 22, 2008
Messages
7,067
Also, people use the argument that Linux is not used so that is why there is no malware. That makes sense for certain kinds of attacks, sure. But Linux is far and wide the most popular for servers.

Those servers (running Linux) are the ones with the really juicy information: credit card numbers, email/mailing addresses, user databases, all sorts of financial and medical documents.

While there are Windows servers, sure, even Microsoft uses Linux in the cloud so that should say everything right there.
 

idiomatic

Limp Gawd
Joined
Jan 12, 2018
Messages
236
agree, people should really drop the Linux doesn't have viruses thing.

The Linux kernel has over 25 million lines of code and many other attributing pieces of software. Nobody is checking all of that for vulnerabilities. However, i will say the speed at which a security patch can be deployed realistically is way quicker than on Windows. I can have an update patch within minuets of it's fix if i so wanted.. Windows ? technically yes, but you might have to wait a whole week in reality.

In on mint BTW and even on that im getting daily even hourly patches.


look on Reddit

Speed of patching only matters once vulnerabilities are noticed/public. If it takes three years to notice people are rooting around in your systems...
 

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
5,921
If you have a PC connected to the net, you are vulnerable, regardless of which OS you use. AV isn't going to detect every virus, only the ones with known signatures (sometimes). AV isn't going to detect OS bugs, either.

The only difference between Windows and Linux as far as vulnerabilities is you can see the code on Linux and you can't on Windows. You will still have bad actors who might plant naughty code in Windows, and programmers will still overlook obvious security flaws in Windows code. Code is audited on Linux, and the people allowed to push code to Linux code repos is still limited to a trusted set of individuals.

Rando's on the web are able to submit code for inclusion, so that is another potential vector. I would hope that most projects treat such submissions with a bit more skepticism, and check it before being pushed.
 
Top