Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Nov 2018 19:43:56 +0100
From:      Polytropon <freebsd@edvax.de>
To:        freebsd-questions@freebsd.org
Subject:   Re: New Virus that targets *.nix
Message-ID:  <20181124194356.26dd5ad7.freebsd@edvax.de>
In-Reply-To: <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com>
References:  <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 24 Nov 2018 15:13:37 +0000, Carmel NY wrote:
> This looks like a particularly nasty virus.
> 
> https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/

The article says it targets Linux, not Unix(-alikes) in general,
so the shell script mentioned is probably intended to be run
with bash, the common Linux scripting shell, and will surely
assume certain things we call Linuxisms, i. e., intrastructures,
files and directories, services, local tools etc. which exist
on a typical Linux system. Yes, the description is really scary,
it has lots of... features, one of them is deactivating your
installed virus program. :-)

However, given how modern Linux software lacks portability
to non-Linux (but still UNIXoid) systems, I wouldn't be
surprised if you get a syntax error and execution stop if
you try to indendedly infect your FreeBSD installation.

The two CVEs mentioned explcitely (CVE-2013-2094 and
CVE-2016-5195) seem to be specific to certain (older)
Linux _kernels_.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5195

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094

So this probably won't work on FreeBSD (individual opinion
without further research). And research has shown multiple
times that installed virus software often doesn't protect
your system - no, it makes it even _more_ vulnerable, that's
why it has become quite hard to call it "anti-virus software".



And remember l33t k1dz:

Always use "curl myapp.example.com | sudo bash" to install
the software you trust! Apply snake oil as desired. ;-)


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181124194356.26dd5ad7.freebsd>