Find the answer to your Linux question:
Results 1 to 10 of 10
This looks bogus to me. Wondering whether anyone has more info on it. I can't post a URL, so Google BackDoor.Wirenet.1 trojan and look for the article in Forbes....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2012
    Location
    Southern California
    Posts
    8

    Malware claim


    This looks bogus to me. Wondering whether anyone has more info on it.

    I can't post a URL, so Google BackDoor.Wirenet.1 trojan and look for the article in Forbes.

  2. #2
    Linux User
    Join Date
    Dec 2009
    Posts
    264
    Here what I found in the news-letters in the last few days:
    Cross Platform Trojan steals Linux and Mac OS X passwords | The Hacker News

    https://www.gulli.com/news/19576-dr-...ner-2012-08-28

    Hackerszene trojanisiert Fernwartungswerkzeug | heise online

    Sry, the last two pages are in german ...
    Gulli just translates the content of the first link, while heise explains that a remote-management software was modified by hackers ... and that-for became declared as male-ware

  3. #3
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2012
    Location
    Southern California
    Posts
    8
    Yeah, I saw the Forbes article, too, but I still can't wrap my head around the concept of a piece of malware that installs itself in your /home/user directory and announces its presence there with an unambiguous file title. So I translated the article linked by Zombykillah above. -- Now I see that while I originally posted in the Security forum, which is where I thought this belonged, I got bounced to the coffee shop or whatever you call it, so I suppose this translation may get whacked. Never mind, here it is. (Corrections to it will be welcomed and appreciated; it's been a while since I used my German very much).

    World Wired Labs describes NetWire as software for the control of a remote server. The server can run Windows, various Linux distros, Mac OS X and Solaris, while the client uses only Windows for PCs. The app's basic version costs USD 65, and add-ons can drive that up to USD 105.

    So far, so good. But the press release includes a section titled "Undetected" that indicates there's more to it. The company behind the app claims that the advanced version of NetWire cannot be recognized by Windows virus-detection software. That takes us into a gray area.

    World Wired Labs considers NetWire a reliable tool for the remote administration of commercial systems, and states that NetWire can cross boundaries, moving from one application to another. The link between client and server is said to be protected by an AES lock and key system, and is limited to a single TCP port. In addition, the company has equipped NetWire to issue "special remote commands" -- from administrative tasks to and including post-install control of the expanding capabilities of the app. For these tasks, NetWire monitors all processes as they unfold, and even makes screenshots of the progress.

    The NetWire app is depicted utterly differently on a "hacker" online forum. There the claim is made that NetWire can penetrate all firewalls and all routers, that it can read the passwords in all browsers, and that its keylogger can run without assuming administrative (root) privileges. It is claimed that the expanded capability to break TrueCrypt passwords for instant messaging conversation protocols is under development. This portrays the app as something that has been transformed into a Trojan.

    The folks at World Wired Labs are not pleased to find their app lurking in the dark corners of the internet. Upon installation, NetWire now presents a disclaimer. The user must indicate with a click of the mouse that this installation will not be abused for purposes of cracking into other computers or committing illegal acts.

    As for the "hacker" who portrayed NetWire on an internet forum as a useful tool for cracking -- World Wired Labs quickly tossed him out of its group of affiliates. Of course that won't prevent others from discussing NetWire in the unofficial forums for "crypters", and touting it as a tool for hiding and spreading malware.

    Meanwhile, it's no wonder that NetWire is now part of the anti-virus companies' world. Dr. Web, for example, considers the app "a password thief" and has christened it "BackDoor.Wirenet.1". Other companies call it "TrojanSpy", "NetWired" and "NetWeird" (sic).

    VirusTotal accordingly states that the version of NetWire designed for Windows is recognized by 16 virus scanners, while 6 Linux AV scanners, 4 Solaris, and 9 Mac scanners spot NetWire. Everybody is looking for it. Of 42 AV scanners checked, 26 sound the alarm on detecting the presence of NetWire.

    && End of translation &&

    I note the use and abuse of the word "hacker" (hackers are not crackers! Hackers are the good guys!) as well as what seems to me to be paranoia, and even the fond hope in some circles that AT LONG LAST, Linux users will have to live with the same problems that have savaged Windows users.

  6. #5
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    I also think it seems legitimate, at least from what I've read.

    Another thing I do to harden boxes in general is to put /home and /tmp on their own partitions and then mount them with noexec,nosuid,nodev permissions. Anytime something like a game wants to create a profile in my home directory that needs exec permissions I make a symlink that points to something on /opt or /usr/local

  7. #6
    Linux Newbie SL6-A1000's Avatar
    Join Date
    May 2011
    Location
    Australia
    Posts
    120
    I would be interested to know how add-ons would affect this sort of trojan. Like Ghostery, Adblock, foxyproxy etc I wonder if the users getting this trojans have these sorts of add-ons installed in their web-browser or not? Perhaps the web-browsers can even prevent it through these add-ons, thats what they were designed for isn't it??

    Not to be synical and i know its for legal reason but just issuing the statement during install its not to be abused won't stop people abusing it!
    So while they may not condone it, they are just as bad if they aren't doing anything to prevent people from misusing it.

    I note the use and abuse of the word "hacker" (hackers are not crackers! Hackers are the good guys!) as well as what seems to me to be paranoia, and even the fond hope in some circles that AT LONG LAST, Linux users will have to live with the same problems that have savaged Windows users.
    I wish the different operating system followers, fanatics and their corporations would move beyond their own self-inflated superiority... Its one thing to believe your product is best, its totally different to have your "ego so far up your own arse to wish malicious intent on another out of envy"

    It may not occur to those user from Windows, Mac OSX or even Unix (Linux, BSD, Solaris, SVR4 etc) camps that if they actually worked together on these sorts of trojans and viruses they may not be able to even exist. Instead of always relying on third-party anti-virus programs to do the work for them...!

    All three camps have advantages the others don't, utilise all three and it practically becomes impossible for these trojans to take advantage of your system. To be frank that is part of the reason why i believe malicious software is able to exist. Crackers know that each camp have their own ignorances and take advantage of it.
    Last edited by SL6-A1000; 09-02-2012 at 04:09 AM.

  8. #7
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    418
    Well from what I've been able to find no one has actually identified the infection vector yet. Which is going to make it harder to harden your system against it. I'm the paranoid type and I've been saying for well over a year now that malware is coming to *nix. As a "lump sum" we're just starting to become too juicy a target: If you lump desktop and server *nix with Apple and Android (derivatives of *nix) there's just too many pickins for the bad guys to ignore us anymore.

    Things I do that should help against this type of scenario:

    1) I never store my passwords in my browser. (From what I've read, so far this one can only steal from the browser.)
    2) I store my passwords in a truecrypt encrypted partition.
    3) The password for it is in an excrypted file.
    4) The password for the encrypted file is easy to remember, but hard to crack.
    5) My root password is stored in here as well.
    6) All of my web passwords are long, complex, random gibberish and all very different.

    I open the file with the easy to remember password. I then copy and paste the hardened password for the encrypted partition and the root password to mount the TC voulume. I then copy and paste all my web passwords from a doc in the TC volume to their individual web sites when needed.

    If you get a key logger all the logger will record is the first password and a bunch of mouse clicks or keyboard short cuts after that.

    Note: This will not protect you against stuff that can read your clipboard or take screenshots. But, those are topics for another day.

    -----
    Edit:

    I also use NoScripts and RequstPolicy on FireFox. This severly limits the possibilty for "drive by" attacks exploiting my browser by limiting what scripts are allowed to execute in my browser. Plus I use Modify Header to change my user agent string to something totally different than what I'm really using, but something that won't effect web site rendering (like Safari on an XP system). That way any automated drive by attackers are runnning the wrong set of scripts to hit me because they read me as something I'm not.
    Last edited by Steven_G; 09-03-2012 at 05:35 PM. Reason: Additional info

  9. #8
    Linux User TaZMAniac's Avatar
    Join Date
    Jan 2009
    Posts
    269
    @ Steven_G
    A good keylogger will also grab the contents of your clipboard so your method of security is pretty much wasted effort.

    Before we all get our panties in a wad, I suggest we wait this out until it is verified and documented by other security sources.
    I never take the word of one company especially when they are also selling anti-virus software.

    When independent verification of this 'virus' becomes official then I will take steps to prevent it.
    But remember that Linux is quite a bit different from Windows and Macs.
    Nothing can install itself on your system unless you allow it with your su or sudo password.
    So drive-bye's are virtually infeasible unless you are one of those users that says yes to everything that comes down the pipe.

  10. #9
    Linux Newbie SL6-A1000's Avatar
    Join Date
    May 2011
    Location
    Australia
    Posts
    120
    @Steve_G: I am not personally worried about it, as feel i am pretty good with security and not being too stupid.

    Storing your passwords on your web browser is asking for trouble in my view. Even if it is encrypted, its still got outside threats. Nothing beats writing it down with pen & paper its not encrypted but then again the person as to physically find it leaving them open to being caught by the wide array of forensics available...! :P

    While i agree with you Taz. Its not worth worrying about until it is verified and documented.

    I disagree on the similarity of Mac OS to Linux (Windows is out of the question obviously) Mac OS is a little closer to home than you might think
    Remember Mac OS (at least OSX) is based of the FreeBSD and Mach Kernel, so while its not inherently similar to Linux, it only takes a few lines of code to become FreeBSD capable (utilizing what FreeBSD internals are used in Mac OSX), and knowing that there is a lot of shared source between the BSDs and most Unixes, so i don't think it would be hard for it to eventually become Linux capable.

    I may be wrong and i hope so...
    Last edited by SL6-A1000; 09-04-2012 at 04:05 AM.

  11. #10
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    418
    @ TaZ: A good doze keylogger, sure. But, since there are no known (independently verified) *nix keyloggers yet, I'm *hoping* that the various stuff that I've been teaching myself about apparmor, selinux and grsecurity will make a difference when, not if, one does come around. (If not I'm FUBAR'd any way.)

    I'm just trying to get ahead of the curve. There's no such thing as perfect security. And there's no such thing as a perfect OS. I've been reading a bunch of stuff lately from a lot of folks a lot smarter than me that present a lot of good arguments for why open source is about to under go a huge revolution and become far more widespread over the next few years.

    If that is true we will become a major target for the buttheads. And yes, *nix is a different nut to crack and is built much better than most from a security perspective. But, anything one person can make another person can break; especially if there's sufficient money to be be made in the process.
    Last edited by Steven_G; 09-04-2012 at 03:43 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •