Re: Off-topic, slightly - Hand of Thief Linux Virus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/10/2013 11:55 AM, Alchemist wrote:

..2013/8/10 <linuxnutster@xxxxxxxxxxxx <mailto:linuxnutster@xxxxxxxxxxxx>>

    I was just reading about this new malware threat. I'm not clear on
    how exactly this thing can get installed on a Linux system. Would it
    require 100% social engineering? I installed Fedora on my elderly
    mother's last two laptops so she can do her banking without being
    paranoid about keyloggers, trojans, etc... She is a news hound, so
    it's only a matter of time before she comes flying at me demanding
    reassurances.
    --

Mini gude how Fedora can protect You:

1. Use only official repos/strict package signing, no untrusted package
sources.
2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole system,
whuh!)
3. Better create two browser profiles, one for everyday usage with
Iced-Tea disabled, other one ONLY for internet-banking with Iced-Tea
enabled, and tell your mother about the value of such security solution.
4. Disable autorun
http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf
5. Use SELinux shield:
# setsebool -P allow_execstack=0
# setsebool -P allow_execheap=0
# setsebool -P allow_execmod=0 (may break some buggy apps)
6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally or
globally(/etc/profile,/etc/bashrc) prevent new planted executables of
being execuded. Of course if only system is not for multiuser, and there
is no need for binary execution ~/
7. HoT runs without root, so primary impact will be taking over control
of user evironment. Protect important config files from modification, by
setting chattr +i.(remove when needed)
.bashrc
.bash_profile
.bash_logout
.pam_environment
.xinitrc
.gnomerc
.config/autostart/*
and so on
8. Configure firewall, but this is different story, as I know from
experience, this is difficult to fit any user browsing desires. But it's
worth a try :)
An excellent turorial, thanks! Does HOT rely completely on social engineering or can it penetrate easily via other means? Bearing in mind that we only use offical repos... 

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux