openjdk team mailing list archive

Thread
Date

[Bug 668314] Re: Trojan under Linux passing by Java ! ! !

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: gene <668314@xxxxxxxxxxxxxxxxxx>
Date: Sat, 30 Oct 2010 16:06:43 -0000
Reply-to: Bug 668314 <668314@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi all. I guess this incident should be thoroughly investigated. I read
the reporter's account (Jerome Segura). It does not seem to be quite
trustworthy and competent. E.g., he talks about "changing" in the start-
up entries?? He did not attempt to kill either the java process first,
nor  the X-session second. He clearly is a windows "scientist".

My question is, how come the mentioned code being downloaded from the
malicious website is executable? Or is it the java process executing the
script? What the java process' privileges? Why isn't it killed by the
parent firefox-bin process? The author mentions it in the article.

 There is a great misconception about unix-based systems in the public.
One can go to  http://en.wikipedia.org/wiki/Linux_malware, read the
article and a very wrong impression. Most of the links are misleading ,
like this "The number of malicious programs — including viruses,
Trojans, and other threats — specifically written for Linux has been on
the increase in recent years and more than doubled during 2005 from 422
to 863". If you follow  the  link you find out it to be a blather. Most
of the listed linux viruses turned out to be alb ones or very old ones.
Others will very unlikely to propagate, since should be installed by the
USER!

-- 
Trojan under Linux passing by Java ! ! !
https://bugs.launchpad.net/bugs/668314
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “openjdk-6” package in Ubuntu: Confirmed

Bug description:
Hi,

A trojan named "Boonana/Koobface" can be installed under linux because of java.
I thus confirm my request of real-time protection in ubuntu.

More information in French here:
http://www.echosdunet.net/dossiers/dossier_6179_un+trojan+windows+passe+sous+mac+os+x+linux+via+java.html

Why not make a real-time protection to clamav inspired by "sentinel clam" ?

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: icedtea6-plugin 6b20-1.9.1-1ubuntu3
ProcVersionSignature: Ubuntu 2.6.35-23.36-generic 2.6.35.7
Uname: Linux 2.6.35-23-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Fri Oct 29 14:29:14 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
 LANG=fr_FR.utf8
 SHELL=/bin/bash
SourcePackage: openjdk-6