[kwlug-disc] Ransomware in Gentoo
Khalid Baheyeldin
kb at 2bits.com
Fri Mar 31 11:48:37 EDT 2017
A possible program that was used is this one (last comment in the thread).
Initially a proof of concept, but now some actors are using it for real.
The key is gaining root access. If you prevent that, then you are safe.
https://github.com/jdsecurity/CryptoTrooper
Since it has a similar /etc/motd.
On Fri, Mar 31, 2017 at 11:45 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> Scrolling down a bit in the comments.
>
> He used Firefox as root, then probably clicked on a link or ad that had
> malware in it. That replaced his Python executable with the ransomware
> thing.
>
> I never ran antivirus on Linux either.
>
> On Fri, Mar 31, 2017 at 11:10 AM, Joe Wennechuk <
> youcanreachmehere at hotmail.com> wrote:
>
>> I saw this link on reddit. https://forums.gentoo.org/view
>> topic-t-1060828.html
>>
>>
>> I have never run any antivirus or anything on my linux box. Does anyone
>> know how this got into this users machine, and/or how I should be
>> protecting my home, and work environments using Linux?
>>
>>
>>
>>
>> Joseph Wennechuk
>> Phone: (226) 505-4812
>> https://www.linkedin.com/pub/joseph-wennechuk/4/b59/382
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. -- Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
>
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170331/467289dc/attachment.htm>
More information about the kwlug-disc
mailing list