[Gllug] Trojans and social engineering (was: hello)

John Edwards john at cornerstonelinux.co.uk
Wed Aug 11 12:31:23 UTC 2010


On Wed, Aug 11, 2010 at 12:02:37PM +0100, Simon Wilcox wrote:
> On 11/08/2010 08:45, Christopher Hunter wrote:
>> There's a lot of it about.  It's a Windoze Trojan that has become very
>> common lately, spread through music downloads, ignored by many of the
>> "anti-malware" programs, that uses Gmail accounts for the purpose of
>> spamming.  The Trojan uses a malformed .lnk file placed on the victims'
>> desktop, which the uninformed will click on!  This is a demonstration of
>> the impossibility of making anything from MS properly secure.
> 
> And what makes you think that Linux is not equally vulnerable to such 
> attacks ?
> 
> The users are generally more clueful, it's true and there are 
> sufficiently few of us that it's not worth the virus writers' efforts to 
> write such a programme but Linux is just as vulnerable to social 
> engineering type attacks as any other system, including Windows and Mac 
> OS X.

If you are talking about social engineering then the "Linux" has
nothing to do with it.

The most important defensive against social engineering part is the
user and their access to knowledgable help, though some applications
(eg the web browser) can check the validity of sites and certificates.
But that application will probably behave the same regardless of what
operating system it is run on. 

There are badly designed operating systems where the boundary between
web brower and operating system has been blurred, and this results in
a terrible mess when it comes to security.


Also Christopher was not describing a social engineering attack,
because it required the machine to be infected with a Trojan that
changed the user's shortcuts.

Social engineering would be phoning people up and asking for their
username and password. There is not much an operating system or
application can do about that.

If you have a Trojan running on your system then it could
alternatively monitor network connections and keyboard input and
wait until you access the real Gmail and type in your username and
password. That would be more complex to program and require higher
privileges, but would be just as effective.

On Windows systems some applications require higher privileges
(often full Administrator) to work correctly and so this is
often handed out to normal users. Even if those applications
are rewritten years later for an improved security model the
privileges and mentality remain.

The fact that users on home versions of Windows have easy access
to Administrator privileges also leads to pressure to have the
same privileges on business machines.

But I'm probably preaching to the choir here.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100811/ad311b42/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list