New Koobface Variant Infects Linux Systems

At least the malware doesn't require wine.

As an experienced Linux user, I do have Java installed, but only a noob would allow an unknown applet to run. I already can play any format. If I need a special applet to play a video, no, sorry, I'm not that stupid - neither should anyone else be.

Arrogant Jack asses like this guy are the first ones to get infected.
The ones using the word "noob" self proclaimed experts, usually an idiotic 14 year old with the only real experience as a Blog reader.


Eric
A real Sr. System Engineer.

Even though this vulnerability affects one of the most oft-exploited pieces of software in computing history, rather than any core component of Linux, it does highlight the need for Linux users to keep their systems up to date and to use caution when surfing the net. Fortunately, if there is a Java update that fixes this this, it's just one 'zypper up'/'yum update'/'apt-get update' away!

Infections are temporary. So if you are stupid enough to accept unknown piece of software to run on your computer, you are still in better position than those folks with good ole Windoze.

This was comforting news. Title tells about danger, but content reveals a quite impotent and short lived worm. Does the Linux version even qualify as a virus, since it dies in event of a shutdown?

Does this really apply to desktop computers: "Linux computers tend to stay open much longer than Windows ones"? I mean you don't use a server to browse Facebook, and a server would in most cases not have X installed and hence no browser affected by java scripts.

I doubt it's attractive to create a bot net of computers that might be connected a few hours ("hurray, I've created a bot net of Linux desktop computers... oh no, it's gone!").

If this worm infects all systems, I don't understand why you would put just the Linux name in the title. That makes no sense at all. Were you paid by someone in Redmond to title the article this way?

There is "Linux" in the title, because the fact that this malware works on Linux is the news and center piece in this article.

The variant infecting Mac was covered yesterday here: http://news.softpedia.com/news/Cross-Platform-Attack-Installs-Trojan-on-Windows-and-Mac-163143.shtml

And versions of Koobface infecting Windows have been covered numerous times in the past. Check "More related articles" box.

And no, my employer is not based in US.

Based on this determination, the appropriate version of the Koobface worm is installed without requiring any interaction from the victim.

Nothing can be installed in a linux box without admin privileges. This is FUD

Sure stuff can be installed on Linux as root. Some of us do it all the time for testing. You just install it in your $HOME directory.

Nothing in this article looks like FUD to me. It was actually pretty clear and well written description of the koobface attack on linux.

It "installs" itself to the current user's home directory. It is assumed that a user can put files in their home directory without admin privileges.

I think the reason for pointing out that this virus affects Linux, is that Windows users are used to surfing the web and getting malware, and this is just another drop in the bucket. Linux users on the other hand generally dismiss most malware announcements because most malware is Windows only, or has minimal affects on Linux. Of course even this only affects users who succumb to the social engineering and who actually have installed an out-dated version of Java, so very few linux users would ever find themselves compromised by this vulnerability.

It is not actually being installed, it is just an application that can run anywhere being saved locally and being run. Real and legitimate enough, and it could be used to wipe your home directory. One more reason to keep your wits about you when browsing.

This is not FUD. It says you have to give it permission by allowing the applet in the first place. I don't let anything install that I don't go out and get personally, period.

Phishing scams can work on any operating system since they are not dependent on operating system security vulnerabilities. They are dependent on the combination of scam believability and user gullibility. Most scams are pretty transparent, but apparently there are a lot of gullible users out there as well. This isn't one that I can see myself falling for.

"Linux computers tend to stay open much longer than Windows ones" - I think this is implying Windows boxes crash more than Linux machines.

Just stay the **** away for these stinkin' social network, all are known havens for viruses, anyway

I do not think Linux users believe they safe against all sorts of "problems" but to say that Windows, (with more than 1.000.000 viruses) is targeted more than Linux, is a lot of rubbish. It is also the only thing MS can use as an excuse. Besides on the world wide web there are more Apache/Linux than Windows (netcraft.com), not to mention all the super computers.
Widows is just a more easy target.
And a lot of the "problems" are non OS related, of course.

This isn't a LINUX vulnerability, it is a JAVA vulnerability that could affect any system running Java. An outdated version at that!

Only LINUX is designed well enough to both require the user to explicitly allow this infection and automatically stop its spread.

Java on YouTube? WTF?

*sigh* FUD. It doesn't infect the computer, it infects the user. That's kind of the point behind the Unix security model; what one person does doesn't affest what anyone else does.

One need only kill the errant process, and delete the file from the user's home directory, and the problem is solved. But even better, the integrity of the computer system itself, and of every other users' data is still in tact.

And honestly, what do you expect here? Not even unix can protect users from their own ignorance. The best that can be hoped for, is precisely what happens: this worm infects a single user on the system, because they failed to follow good security practices, but the system itself, and all of the other users of the system are fine.

While this is a good example of why too keep your system updated on a daily basis (and why Linux is better at this then Windows) I agree with others in that the title of this article is misleading. This is not a Linux vulnerability anymore then it is a Windows vulnerability. This is a problem with Java (hence why it affects all systems). Other then the terrible misleading headline it's an informative article.

This is the worse they can do to GNU/Linux. Social engineering. No system can design around idiocy.

So on Linux, you have to:
(1) Allow the applet to run.
(2) Not reboot the system.
(3) Not update Sun's JRE or OpenJDK.

This sounds like a really low risk security issue for Linux.

On Linux, if this "worm" only works on user home dir and user firefox , then it doesn't affect the systems due to lack of permission. So it's not a real infection because no modification on the system can be obtained. Temporary and inoffesive, I mean.