[conspire] (forw) Re: New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio

Rick Moen rick at linuxmafia.com
Fri Jan 22 10:46:47 PST 2016 

Redirecting to the mailing list, as I assume Pual departed into private
mail by accident.

Yes, I'm fully aware of the widespread construing of 'malware' to mean
'software that does bad things'.  Part of my point is that that's a
dumb concept that conceals a crucial distinction between security
compromise (which is of vital interest and the key to everything) and
post-compromise misbehaviour (which ain't).

Let's put this in non-computer terms.

Dr.Web basically is sending a salesman around to banks, where the
salesman says:  'River City Bank got burglarised by John Dillinger last
weekend, who walked into the back of the bank, stole a bunch of cash and
jewels, egged the branch manager's office, and poured honey all over the 
HR records.  For the small sum of $500/month, you can buy our
anti-malcustomer service, where we post our guy inside yoru bank branch.
He'll be clutching a snapshot of Dillinger, and, if he sees the guy,
will yell out "Hey, it's Dillinger!" and call the cops.  He also has
snapshots of Al Capone, Bugsy Siegel, and Baby Face Nelson.  As our
malcustomer research service hears about other malcustomers, we will be
FedExing our guy additional snapshots.'

You should be saying 'Wait, isn't the point not the damage Dillinger is
able to do with eggs and honey, but rather whatever mistake allowed him
to waltz into the back of River City Bank in the first place?  Why
shouldn't I just have elementary branch security and not waste time
screwing around with your guy and snapshots?'

Dillinger's egging and pouring of honey was an irrelevant sideshow.
Linux.Ekocms.1 taking screenshots and recording microphone audio is an
irrelevant sideshow.  What matters is how Dilliger (Linux.Ekocms.1) gets
into the back office (system).

You don't need anti-dillingerware.  You need basic security.  If you
don't have basic security, you have much bigger problems than the
carefully unspecified alleged threat of trojans allegedly put onto your
system via carefully undisclosed means.

People keep buying this bullshit, and I have really no idea why.

(Greetings from SCALE14x, DevOps track.)



----- Forwarded message from Paul Zander <paulz at ieee.org> -----

Date: Fri, 22 Jan 2016 18:17:38 +0000 (UTC)
From: Paul Zander <paulz at ieee.org>
To: Rick Moen <rick at linuxmafia.com>
Subject: Re: [conspire] New Trojan Spies on Linux Users by Taking
	Screenshots and Recording Audio
Reply-To: Paul Zander <paulz at ieee.org>

I would prefer the definition from Wikipedia:

      Malware, short for malicious software, is any software used      to disrupt computer operations, gather sensitive information, 
      gain access to private computer systems, or display unwanted advertising
Trojans and worms do not spread by themselves, but still have have a malicious intent. 

The basic problem I see with _all_ software intended to prevent malware is that it only works on a data base of 
known threats.  When something new is introduced, it can spread for a period of time before protection softwarecan be updated to recognize the new threat.

It's rather like human viruses.  A flu vaccine is only helpful when you are exposed to a flu virus that matches the vaccine.  A flu vaccine doesn't help with colds or measles.   You still need to wash your hands.
Same with computers.  Be careful about unfamiliar websites when downloading.  Use NoScript to minimize unknown things from running on your machine.  Don't open links from suspicious emails.



________________________________
 From: Rick Moen <rick at linuxmafia.com>
To: conspire at linuxmafia.com 
Sent: Thursday, January 21, 2016 12:53 AM
Subject: Re: [conspire] New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio
 


Trojans (and worms) are _post-compromise_ codebases.  By definition,
they don't 'infect' anything.  They are not attack code.  They are
something the attacker (or automated scripts acting for attackers)
implement _after_ gaining access to a system through _other_ means.

In that sense (they don't attack, they don't 'infect'), trojans and
worms are not malware -- if by 'malware' you mean something that
compromises the security of your system.



----- End forwarded message -----

More information about the conspire mailing list