Koobface Can Infect Linux Systems Too – But That is An Accident

By Ricky on November 1st, 2010

Koobface is a trojan that has been going around in social networking sites like - Facebook, Twitter, MySpace etc. It originally started as a Windows only trojan. But a few days ago, a new variant emerged which can infect both Mac OS X and Linux.

Infecting a Mac or a Linux system with Koobface is quite tedious. Unlike in Windows, users need to manually download a java applet and give it the permission to run - that should stop the trojan right there for most users. In Linux, it gets even better - even if the applet has been allowed to run and the system has been infected, all that is needed to stop it is a simple reboot.

However, according to some experts, the Linux infection is an unintended effect. Koobface was designed to infect OS X and because of the platform independent nature of Java, the code also runs in Linux.

This is what Jerome Segura, Security Researcher at ParetoLogic wrote:

If they really wanted to infect Linux computers, the bad guys would have added a start-up entry to ensure the code would run each and every time the machine was started. This, by the way, is not a big deal to achieve.

Rather, the code was written with Mac OS X in mind, and of course Microsoft Windows.

Anyway, this should remind people that no operating system can be completely free from malware and one of the most important factor in security is the users themselves.

Further Readings:

1. OS X the main target of new Facebook Worm?

2. New Koobface Variant Infects Linux Systems

Image Credit: The Carphone Warehouse Help Blog

« Previous Post

Related Posts by Tags: koobface, Linux, mac, trojan, virus, worm

Pingback: World Wide News Flash
Pingback: Tweets that mention Koobface Trojan Infects Linux And Mac - Linux By Accident -- Topsy.com
Pingback: MY IDC » Koobface Trojan Infects Linux And Mac – Linux By Accident
Pingback: Koobface Trojan Infects Linux And Mac – Linux By Accident
Pingback: Koobface Trojan Infects Linux And Mac – Linux By Accident
Pingback: All About PC that connected to internet » Blog Archive » Koobface Trojan Infects Linux And Mac – Linux By Accident
Pingback: Cheap Windows & Linux Reseller Web hosting (Multi Platform)? :: Dedicated Server Hosting Reviews
http://www.siliconindia.com/shownews/Yahoo_goes_for_Call_Ezee-nid-50125.html callezee

good post… thanks for shared…
dagget

Adding a startup entry is a big deal, as you would need to be root to do that. Once you’ve achieved that, you can do much more damage then simply putting a link in place.

Most linux installations create a ‘non-admistrator’ account by default, so becoming root from within a java app run as normal user involves more than ln -s…

The above only applies for systems not running selinux / apparmor etc.
http://www.mauserrifle.nl mauserrifle

There’s indeed no OS immune for malware. Very interesting post. Thanks for sharing!
oiaohm

Really this is interesting timing.

Thinking real-time scanning support for anti-virus software on Linux comes on-line the next Linux kernel version.

Linux defenses evolve to face threats. So even crap like this will not stand much of a chance.
C. Whitman

Well, maybe it could install a script that would load it whenever that particular user logged on (depending on the user’s desktop and setup), but a script that loads it on startup would require root access, which the user/administrator would have to provide.

Of course, as long as a system administrator can fall for a phishing scam, any system can be affected. This type of malware tries to take advantage of what may be the weakest link in your security system, the user.
Pingback: Koobface kan Linux systems ook besmetten – Maar het is veeleer een neveneffect | Wamukota's getokkel
none

“If they really wanted to infect Linux computers, the bad guys would have added a start-up entry to ensure the code would run each and every time the machine was started.”

Easier said than done. Ask a real hacker.
Todd

I really don’t have much faith in such a linux infection. Most important, using Firefox extensions such as NoScript will vastly improve your protection. Even if you are redirected to another page. You’ll have to enable the script manually.

Thoughts??
Pingback: Links 02/11/2010: GNOME Executive Director Resigns, Ted Ts’o on EXT4, Fedora 14 and OpenBSD 4.8 Released | Techrights
JustMe

Let’s get this straight. In order to really infect Linux, the unsuspecting user would have to download the Java (.jar) file and run it as root (after installing Java of course). This seems a bit of a stretch for the typical Linux user.

Why not create a .deb and have the user install it using gdebi (again as root)? A Linux user that knows what they are doing would simply not go through the effort of infecting their system (We are all lazy hippies after all).

If humans are the weak link in computer security, god help us if the Windows and Mac users switch to Linux. The scary virus might actually stand a chance with them.
- alaukik
  
  Also They have to goto a absolutely fake looking youtube site and download a java applet
Richard

Considering the highly improbable procedures required to “infect” a GNU/Linux system with this Java applet, the real lesson is that no system that allows any user interaction at all can be rendered immune from a user who is determined to do wilfully stupid things. It’s not a GNU/Linux, BSD, OS X, or Windows problem. It’s pure PEBKAC.

Problem Exists Between Keyboard And Chair.