Date: Sat, 24 Nov 2018 19:43:56 +0100 From: Polytropon <freebsd@edvax.de> To: freebsd-questions@freebsd.org Subject: Re: New Virus that targets *.nix Message-ID: <20181124194356.26dd5ad7.freebsd@edvax.de> In-Reply-To: <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com> References: <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Nov 2018 15:13:37 +0000, Carmel NY wrote: > This looks like a particularly nasty virus. > > https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/ The article says it targets Linux, not Unix(-alikes) in general, so the shell script mentioned is probably intended to be run with bash, the common Linux scripting shell, and will surely assume certain things we call Linuxisms, i. e., intrastructures, files and directories, services, local tools etc. which exist on a typical Linux system. Yes, the description is really scary, it has lots of... features, one of them is deactivating your installed virus program. :-) However, given how modern Linux software lacks portability to non-Linux (but still UNIXoid) systems, I wouldn't be surprised if you get a syntax error and execution stop if you try to indendedly infect your FreeBSD installation. The two CVEs mentioned explcitely (CVE-2013-2094 and CVE-2016-5195) seem to be specific to certain (older) Linux _kernels_. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094 So this probably won't work on FreeBSD (individual opinion without further research). And research has shown multiple times that installed virus software often doesn't protect your system - no, it makes it even _more_ vulnerable, that's why it has become quite hard to call it "anti-virus software". And remember l33t k1dz: Always use "curl myapp.example.com | sudo bash" to install the software you trust! Apply snake oil as desired. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181124194356.26dd5ad7.freebsd>