this post was submitted on 18 Sep 2023
193 points (98.0% liked)

Linux

48364 readers
1587 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 23 comments
sorted by: hot top controversial new old
[–] AbidanYre@lemmy.world 41 points 1 year ago (2 children)
[–] PoorlyWrittenPapyrus@lemmy.world 41 points 1 year ago (2 children)

Free as in freedom malware

[–] furikuri@programming.dev 2 points 1 year ago

An amendment to the popular expression, "All [personal] information should be free", I suppose

[–] BaumGeist@lemmy.ml 1 points 1 year ago

I'm guessing it's just malware that has had its source posted on github or the like, contrasted with the "hacker"/APT groups that actually charge to download and run their C2 servers

[–] autotldr@lemmings.world 36 points 1 year ago (1 children)

This is the best summary I could come up with:


Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021.

The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation.

The Trend Micro researchers eventually named their discovery SprySOCKS, with “spry” denoting its swift behavior and the added SOCKS component.

Besides showing interest in espionage activities, Earth Lusca seems financially motivated, with sights set on gambling and cryptocurrency companies.

Monday’s Trend Micro report provides IP addresses, file hashes, and other evidence that people can use to determine if they've been compromised.


The original article contains 537 words, the summary contains 143 words. Saved 73%. I'm a bot and I'm open source!

[–] Shdwdrgn@mander.xyz 26 points 1 year ago

A Chinese government group, you say? They shall henceforth be known as Stone Pooh.

[–] CurlyChopz@programming.dev 30 points 1 year ago

Just you wait till you see the deep web forum users like "I backdoored Arch btw"

[–] GnuLinuxDude@lemmy.ml 18 points 1 year ago (1 children)

Did I miss it in the article? I cannot determine what the attack vector is. Am I downloading a malicious file? Am I running an insecure publicly facing service?

[–] placatedmayhem@lemmy.ml 17 points 1 year ago (1 children)

This is the backdoor that's deployed after a host is compromised. How the host is compromised is somewhat irrelevant. It could be exploited manually, social engineering, a worm, etc.

[–] GnuLinuxDude@lemmy.ml 5 points 1 year ago

Ok, makes sense. Thanks for clarifying.

[–] shaolin_shrimp@lemmy.ml 13 points 1 year ago (5 children)

What is the recommended AV scan solution for Linux? Sounds like it’s needed these days.

[–] floofloof@lemmy.ca 18 points 1 year ago* (last edited 1 year ago) (1 children)

There's a surprising lack of them, and rather too many people who say "if you get a virus in Linux you're doing Linux wrong." ClamAV is readily available but pretty basic, slow at scanning, not real-time, and erring on the side of false positives. The commercial options are all sold to businesses under those "contact us and we'll tell you what it costs once we've figured out how much money you have" pages. And if you search for answers you find a lot of recommendations for AV products that don't seem to exist any more.

[–] piexil@lemmy.world 10 points 1 year ago* (last edited 1 year ago)

A lot of those enterprise solutions like crowdstrike are a pain in the ass because they use a binary kernel module that supports like 5 kernels at most too

[–] netburnr@lemmy.world 12 points 1 year ago

Clamav is really the only thing I've used.

ClamAV if you're ok with non real-time stuff

[–] GustavoM@lemmy.world -1 points 1 year ago (1 children)

Common sense antivirus (tm)

[–] BaumGeist@lemmy.ml 6 points 1 year ago* (last edited 1 year ago)

This isn't helpful, nor true. As technology grows, so do attack vectors, so do malware devs, so do vulnerable softwares, so do cloud servers and SaaS and android and steamos and IoT making linux a juicier target.

Two truths of "common sense" is that it's rarely actually common nor does it make sense to anyone not already In The Know. The "Sense" that is actually common is often wrong.

If by "Common sense antivirus" you mean "don't download and run the Hot Singles Finder ELF from a xxxNerdsDickedDown.com ad," that kind of common sense simply isn't enough to ensure avoiding infection anymore; if you mean "use a firewall, and don't install/run anything without checking signatures/checksums, and prefer sandboxing, and also check for exploits of application management programs like Steam or Google Play that are theoretically supposed to be checking signatures/checksums for you, and use a password manager, and don't click on the links in email, and check the headers to ensure it's actually fron who it says it's from, and..." then you're far outside the realm of "common."

If your kneejerk response is "that's just being overly paranoid," congrats, you have become a User: you are the type of person who needs something to automate checking for malware/exploits so you don't get yourself botnet'd.