New Linux rootkit leverages GPUs for stealth

[1.618]

The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option.

http://www.itworld.com/article/2920615/ ... ealth.html


It might only be proof of concept at the moment but what does this mean for linux users?

[Pjotr]

It might only be proof of concept at the moment but what does this mean for linux users?

Absolutely nothing at all.

It's very easy to create Linux malware. That has always been the case. Nothing new there.

But it's very, very difficult to get Linux malware to spread. Only when that would change, there would be some reason for concern. You might be interested in this article that I wrote about Linux security:
https://sites.google.com/site/easylinux ... t/security

[1.618]

Thanks pjotr, some well written articles there

I guess I'm just worried about being over complacent, as the linux market share grows it makes linux more of a target, even if it is a difficult one to compomise.

[mike acker]

ever since Robert Morris wrote his famous worm (November 1988 ) we have faced a rapacious desire on the part of miscreants to force their un-wanted programs onto our machines.

"Superfish" is just another example of this tripe on a long list of usurpations

naturally this would lead us to investigate how un-authorized programs ( aka "malware" or "Computer Virus") manage to get on computers

certain routes are obvious, such as downloading and installing software from un-reliable sources. this should be brought under control by vetting software with digital signatures

other routes are less obvious such as "drive by infections" launched from "infected" web sites. the only thing running in your browser should be Javascript -- which is not supposed to access or update anything on its host system other than "cookies" . but Javascript -- or even HTML code -- pulls in image and flash objects which seem to be a vector for executable attacks. so how can this spread from an application program running in RING3 into the o/s? Privilege Escallation. if the attack code can find a privileged program that is not running on an exec only page then it may be able to modify the privileged program and obtain privilege escallation. the key note here is that privileged code should be on a READ|EXEC only page if it is running in userland (RING3) .

"phishing" is a favorite ploy -- by some estimates responsible for about 75% of "hacks". Phishing is simple: you just ask the system owner to do something dumb.

Bad Drivers: again disreputable software may install a bad driver into the kernel. once compromised the system owner no longer knows what his computer is being used for . again software signatures or preferred libraries are good defenses

OEM errors/malfeasance

OEM may incorporate malware into a product -- by error or by intent. "Superfish" seems to have been by intent and we have stories of router shipments being diverted into shops where NSA "patches" are installed,.... these problems may need new approaches but it seems starting from a "Zero Defect" policy combined with changes in product liability law could be the place to start

(just a few thoughts from an ORF here on a rainy Sat. AM)

[Pjotr]

I guess I'm just worried about being over complacent, as the linux market share grows it makes linux more of a target, even if it is a difficult one to compomise.

As long as there are no Linux viruses for desktop computers "in the wild", there's no need to be afraid. Overcomplacency isn't good, but neither is unnecessary fear.

As long as you install updates as soon as they become available, don't install from other sources than the official software sources and (most importantly) use your common sense, you're fine. Relax, you're running Linux.

[exploder]

Pjotr, that is some very good advice!

[1.618]

other routes are less obvious such as "drive by infections" launched from "infected" web sites.

"phishing" is a favorite ploy -- by some estimates responsible for about 75% of "hacks".

It's these less obvious ones that I don't want to be complacent about, legitimate websites carrying malicous code or clones of legitimate sites and so forth that the average Joe might not be able to identify, I try to be sensible in my computing habits but smarter men than me have been fooled...

OEM may incorporate malware into a product -- by error or by intent. "Superfish" seems to have been by intent and we have stories of router shipments being diverted into shops where NSA "patches" are installed,.... these problems may need new approaches but it seems starting from a "Zero Defect" policy combined with changes in product liability law could be the place to start

So buying a graphics card with jellyfish or similar already loaded onto it could be a real possibility?

(just a few thoughts from an ORF here on a rainy Sat. AM)

much appreciated

Overcomplacency isn't good, but neither is unnecessary fear.

As long as you install updates as soon as they become available, don't install from other sources than the official software sources and (most importantly) use your common sense, you're fine. Relax, you're running Linux.

I follow the advice given and do what I can