Malware hits Linux systems

For discussions about security.
Post Reply
Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Malware hits Linux systems

Post by Clarity »

FontOnLake

For your review

User avatar
mikewalsh
Moderator
Posts: 6164
Joined: Tue Dec 03, 2019 1:40 pm
Location: King's Lynn, UK
Has thanked: 796 times
Been thanked: 1985 times

Re: Malware hits Linux systems

Post by mikewalsh »

@Clarity :-

Clarity, please desist from creating posts which are simply a link. On every other forum I frequent - several of 'em - this practice is generally frowned upon. The whole 'point' of these type of posts is to MAKE the reader click on the link.

It wouldn't be so bad if you at least provided some background before directing folks to your link.....

I'm NOT "having a go at you". The practice is usually regarded by forum staff as cheap sensationalism.....created by those who don't have much to post about. I've lost track of the number of wrists I've slapped over at BleepingComputer during this last 18 months or so for this very act.....

Thanks.

Mike. :|

(Anyway, it's almost certainly targeting servers. And I very much doubt that little fishes like us have got anything these "sharks" are interested in.....)

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

Thanks Mike,

I ask:
Would you offer me an example for a replacement post of the opening post of this thread, please.

I will use it as a template for future posts. I am sure I as well as others will find a sample useful going forward.

I dont view your message "having a go at you" as anything more than trying to help all of us improve.

Thanks in advance.

User avatar
8Geee
Posts: 376
Joined: Wed Jul 29, 2020 10:52 pm
Location: N.E. USA
Has thanked: 17 times
Been thanked: 55 times

Re: Malware hits Linux systems

Post by 8Geee »

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

Money talks... no, it shouts, so that it doesn't have to hear common sense.

User avatar
mikewalsh
Moderator
Posts: 6164
Joined: Tue Dec 03, 2019 1:40 pm
Location: King's Lynn, UK
Has thanked: 796 times
Been thanked: 1985 times

Re: Malware hits Linux systems

Post by mikewalsh »

8Geee wrote: Tue Oct 12, 2021 9:08 am

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

A very concise, and "to-the-point" summary. I couldn't have put it better myself!

Thank you, @8Geee . Cheers, mate. Clarity.....this is only a general summary, but it's about what was I going to put myself. 8Geee has saved me the trouble....

I may be 'picky' in this respect.....but bad grammar/spelling/over-use of text-speak etc., these things have always annoyed me. Probably a legacy of a public school education, where you had it hammered into you that you should always strive to "do things properly". Some of it's stuck..!! :D

Living in the UK, with Auntie Beeb's newsreaders constantly showing us all how to "talk proper" has perhaps had summat to do with it, too.... :lol:

Mike. ;)

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

So, instead of not asking an action by the reader

FontOnLake

For your review

You prefer this one which "tells" the reader to provide action

FontOnLake

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

Is that correct?

User avatar
mikewalsh
Moderator
Posts: 6164
Joined: Tue Dec 03, 2019 1:40 pm
Location: King's Lynn, UK
Has thanked: 796 times
Been thanked: 1985 times

Re: Malware hits Linux systems

Post by mikewalsh »

@Clarity :-

Um......NO. I think you've got the wrong end of the stick here, buddy. Image

What 8Geee posted was NOT a "template" to simply copy/paste into a post. His summation - and very concise, too! - is a brief set of instructions on how best to construct your post.

Read the article yourself.....which I assume you must have done. Then, sum it up briefly.....state WHY you think the contents of the article are relevant to the community....and then add your link.

Surely, at your age you don't need to be told HOW to write & use your mother tongue....do you? We ALL appreciate a well-written article, because it makes it interesting, and easier to follow. Okay, I admit I can be a bit "verbose" at times, but then I've always been something of a story-teller!

The best articles engage the reader, and make them WANT to continue reading. It's something of an art-form, it's true, and a "knack" that not everybody has.....but if you can pick it up, it's a God-send. Even in the "tech" world, mere recitation of dry, boring facts CAN be a bit off-putting.....

Dress things up a bit, and make your reader feel as though you're talking to them on a personal level, y'know? It's quite easy. Just put a little bit of thought into how you're posting, that's all I'm saying. :)

Again, I repeat; I'm NOT 'having a go at you'. Please don't take this the wrong way. I'm hoping you'll take this in the spirit in which it was posted.....as a genuinely instructional piece of comradely advice. :D

Mike. ;)

User avatar
fredx181
Posts: 3089
Joined: Tue Dec 03, 2019 1:49 pm
Location: holland
Has thanked: 376 times
Been thanked: 1316 times
Contact:

Re: Malware hits Linux systems

Post by fredx181 »

Yes, I agree w. Mike, give it a personal touch, not a link only.

EDIT: Btw, do we need to be extra careful ? I think yes, but as long as we download software from trusted sources it will not contain viruses, e.g. from Ubuntu, Debian, Slackware, ...

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

Its has never been my writing style to add a 'personal' touch, per se, to articles writen by other authors. I have viewed this behavior, in my past, as a personal critique of the writings of others. Thusly, I steer away, personally, because even a summary is a personal touch. The alert does not intend to be an evaluated summary or an interpreted one.

In this case, for example, I merely wanted to post an alert.

But, if I understand, it may be better to post an alert with some statement.

That article speaks for itself in the evidence it presents. So, in my case, as a reader of it, I can either incorporate it, or ignore it without anyone 'leading me' with an initial interpretation.

I do thank everyone for what you share. In the future, I will consider how best to 'frame' an alert. Yet, I hope a reader of this understands my position for bringing alerts to the community.

MUchly appreciated the insights from all. I'll try to do better. And, I will try to make alerts more appealing.

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

Back to a comment about the article.

mikewalsh wrote: Tue Oct 12, 2021 3:28 am

(Anyway, it's almost certainly targeting servers. And I very much doubt that little fishes like us have got anything these "sharks" are interested in.....)

Yes, I understand your point. But some of the members are 'hosters' and some of us provide family server services, either local at home or over the net with family members offsite.

The article for some, here, has importance.

And, some forum members have careers and might also find useful understanding.

Again, I hope the article is helpful.

User avatar
6502coder
Posts: 90
Joined: Mon Jul 13, 2020 6:21 pm
Location: Western US
Has thanked: 3 times
Been thanked: 22 times

Re: Malware hits Linux systems

Post by 6502coder »

I often run across articles , particularly regarding security issues, that I think may be of significant interest, but whose practical impact on Puppy users I am not qualified to judge.

What I usually do is to quote a few sentences in the article that seem to summarize the problem and/or impact. One can almost always find such a brief quote, if the author was at all competent.

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

Yes, we all have personal styles to relay information.

User avatar
mikeslr
Posts: 2968
Joined: Mon Jul 13, 2020 11:08 pm
Has thanked: 179 times
Been thanked: 924 times

Re: Malware hits Linux systems

Post by mikeslr »

I have to disagree with Mike Walsh's criticism for these reasons: The post, although barely more than a link, was made to the Off-Topic, Security Section. It serves as an alert "for your review", encouraging replies, a discussion.
I've read the linked post twice. As an 'alert' it points out what Clarity made clear by the title of his post: "Malware hits Linux systems". As a User of a Puppy Linux systems I am concerned as to the impact of the malware and, if there is any, what work-arounds or other responses we have, or can devise.
I am not technically sophisticated. But my 'take-aways' from the linked post were:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

As someone who is not technically sophisticated, even having read the linked post twice, I still don't have a clue as to its significance. Perhaps as a frugal Puppy makes use of a READ-ONLY kernel and securely deployed such as by booting entirely from read-only sources after making use of nicOS's Save2sfs, there is none. But maybe my lack of technical sophistication results in a serious under assessment of the threat.

None of us has the time to read everything published on the Web. One of the values of a community is to provide a vehicle for the communication of potentially important information that members of that community can review, assess and perhaps respond to. The post was to the Forum's Security Section. Hopefully, that Section is read by those who work on woof, publish Puppys, develop Puppys security provisions, or the applications most vulnerable to malware attacks. Perhaps it is information they should have but didn't.
None of us are paid. The Forum neither imposes quotas nor offers merit badges. A post is just a post. The proper response to those who frequently post merely to convince themselves and others that ‘I exist’ is to ignore their posts. I doubt that was Clarity's purpose as most of his posts have been detailed efforts to provide immediately useful information. Or maybe I'm just 'covering' myself as several of my posts have consisted entirely of placing 'an alert' to someone else's work, which was not posted in a Section I thought others who might be interested would find it.
This post has taken at least a half hour of my time. Requiring a well-drafted summary to provide an alert requires time which could and may have to be more usefully employed. Such a requirement encourages the alternative: silence.
Clarity’s alert served the purpose for which it was intended. I would much rather this thread have evolved as a response to the information Clarity’s post brought to our attention than as a vehicle to discuss etiquette and style.

jamesbond
Posts: 717
Joined: Tue Aug 11, 2020 3:02 pm
Location: The Pale Blue Dot
Has thanked: 124 times
Been thanked: 402 times

Re: Malware hits Linux systems

Post by jamesbond »

mikeslr wrote: Thu Oct 14, 2021 12:38 am

I am not technically sophisticated.

I am. And I read the article. And my professsional assessment of it: It's worthless. The one and only single conclusion that one can make from that article is: "There is a new malware called FontOnLake". Nothing more, nothing less. The rest is just mumbo-jumbo no doubt added to fill in the word-quota content threshold.

I wouldn't even bother to call this as "information". I would just call this as noise.

People with nothing better to do in their life publishes tons of malware every single day. We already know that. Announcing that there is another malware named so and so, isn't news. Today is FontOnLake. Perhaps tomorrow it will be LetterOnMountain. Or BirdInCloud. It isn't going to help anyone.

You know something that is helpful? How about telling everyone of:
- What does it do to infected systems?
- What kind of harms does it do? (Encryption - ransomware? Data deletion? Crashing the system? Bot farm? Etc).
- What is the kind of data that it steals?
- How does it spread?
- What we can do to avoid catching it? What precautions we can follow?
- How to detect if it has infiltrated our systems?
- How to remove it if we are already infected?
- Etc.

That's what I call useful and helpful.

_____________________

This post is not a criticism to @Clarity . It's more criticism to the article on ZDNet itself. I don't question why Clarity chose this article: everyone thinks differently and I could only think of the best reasons why Clarity posted the link.

However, I do have a suggestion for @Clarity to make his announcement a lot more useful.
If you could post what @mikeslr did, it would be helpful. Imagine how much more informative your post would be, if you posted this way:

Malware Hits LInux System:

From the ZDNet article:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

For more details, read the article yourself: FontOnLake Hits LInux systems

People knows straightaway what the article is all about, and they can decide whether or not to click the link.

Without putting the words on @mikewalsh's mouth, I think this is what he meant.

Posting a link by itself without any explanation or summary whatsoever is not a good netiquette. Many other sites shun it, and for good reason. A great many malware spreads by unaware users clicking certain link. Spammers do it all the time.

So we definitely don't want to cultivate the habit of clicking any link that we don't know. It's unhygienic.

I hope everyone gets positive feedback from all these.

Bye for now.

CaptGeorge
Posts: 47
Joined: Thu Jun 17, 2021 4:37 am
Has thanked: 48 times
Been thanked: 7 times

Re: Malware hits Linux systems

Post by CaptGeorge »

I've just "Thanked" everyone who commented on this thread. It's a very good discussion of threats to Linux systems. Personally, I don't worry to much about malware on my Puppy or Ubuntu computers. I don't "click" on any links email or in forums.

It would be nice to know how we can prevent linux malware. And, the best ways to scan for it, plus how to fix it, if ever necessary.

User avatar
mikewalsh
Moderator
Posts: 6164
Joined: Tue Dec 03, 2019 1:40 pm
Location: King's Lynn, UK
Has thanked: 796 times
Been thanked: 1985 times

Re: Malware hits Linux systems

Post by mikewalsh »

jamesbond wrote: Thu Oct 14, 2021 5:09 am

Malware Hits LInux System:

From the ZDNet article:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

For more details, read the article yourself: FontOnLake Hits LInux systems

People knows straightaway what the article is all about, and they can decide whether or not to click the link.

Without putting the words on @mikewalsh's mouth, I think this is what he meant.

Posting a link by itself without any explanation or summary whatsoever is not a good netiquette. Many other sites shun it, and for good reason. A great many malware spreads by unaware users clicking certain link. Spammers do it all the time.

So we definitely don't want to cultivate the habit of clicking any link that we don't know. It's unhygienic.

James makes the point well. It's more or less what I intended to put into my original reply, but.....I got distracted half-way through. When I returned to finish posting, events here had driven it from my mind.

It gets worse, the older you get...!! :roll:

Better than 90% of computer users, world-wide, run Windows. Malware authors target it for exactly this reason.....and malware is almost invariably spread by clicking on links. This is why it's bad "nettiquette" to ONLY provide a link without some additional background.

Some posters consider the "minimalist" style of posting to be "cool" and/or "profound". It's NOT. In this case, it's an open invitation to infection.....and is NOT good practice. It's not criticism, but if Clarity has, as he claims, been around the tech world for as long as he says, he really ought to know better.

-----------------------

(Enough 'distraction'.....but the point needed making, and is one that unfortunately needs to be made again & again as time goes by.)

Mike. ;)

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

OK @mikewalsh

mikewalsh wrote: Thu Oct 14, 2021 11:06 am

It's not criticism, but if Clarity has, as he claims, been around the tech world for as long as he says, he really ought to know better.

NOW, THAT'S A CRITICISM! I was wondering how long it would be before it started. Everyone, including you have already made their points for improvements. This final "I got to get the final dig in" from you is unwarranted.

For as long as I have been around, I have NOT been victim of a clickbait as I am careful of both my sources, and approaches. And insuring I am not a victim, I only offer sites that are known trusted ones on the net.

In my times, I have not posted anything to anyone, so far in my lifetime that carries a clickbait. And I certainly insure I do not bring any such to the forum.

I am paying attention to what all is being shared in this thread about 'posts in brevity' as it seems that if no additional info describing a link, that somehow makes the link suspect.

I think most know over the couple years on this forum that I have not presented any clickbaits. But, I will in the future describe briefly some indication of the link contents in efforts to better make clear some idea of the articles content. In my past, I have tried to merely use a threads title and some description in the opening post's link that would be helpful for giving some idea of information benefit.

AS I review, the problem may be that even if I made a link that is a description of an useful article, that a description-link will also not be what some member, here, want.

If I can offer a suggestion to forum moderators, it is this: Place a TEMPLATE or example, somewhere on this forum, of a minimum the moderators want to see. Personally I think it might best be posted where new members or beginners will see the Template and not make an unconscious misleading structure as I have done.

I have noticed, for example, @bigpup does offer 'sample' prescription when helping members of a useful way for forum members reporting issues to follow. He makes it clear and his samples are a TEMPLATE. Not only does he repeat a sample from time-to-time, but, that very bit of useful guidance is posted where new/beginners can see it.

There is no reason that I can think of for this thread to lead to a similarly placed TEMPLATE in the forum.

Stop the personal criticisms and offer your ideas for a template instead of alluding to what you want.

I had asked before and I ask again using different wording, show me how you would make the opening thread by giving a sampled equivalent to the opening thread. YOU have refused, instead merely alluding. I want to see how you would offer the article that would be acceptable.

What @mikeslr and @jamesbond have done is presented their reactions to the alert. My intent was not to give a reaction as an opener. Rather it intends to open and allow members to contribute any reactions they have on the merits of the article if there are any. This is how I have envisioned alerts of this sort to proceed. I THANK @mikeslr and @jamesbond as what they've offer are their reactions for member viewing. It similar to the 'reaction' you posted to your view of the article.

As I have already indicated, I intend to bring more info in the links that are posted in hopes that it will allow members to decide if the article(s) will be helpful knowledge. In the past, before this started, members have viewed the links and have posted reactions.

Lastly, I ask, has anyone gotten ANY clickbaits or bad articles of posts from anything I have done in the past. I think we all understand at this time, that my style for posting is misguided. So I hope this discussion will help anyone and I hope some one of the moderators will offer TEMPLATES or a reworded post to show its conformity to forum desires.

If you will post a succinct example by taking the opening post and presenting how you would have presented this thread, it would have gone a much better method than merely alluding to 'good practice'. GIVE A CONCRETE EXAMPLE FOR OBVIOUS COMPARISON. It is what I asked early on in this thread. That, too would be helpful and a guide.

Mike, If you are not willing, that a personal preference. But the points have been made. If you will post a comparison example I think it corrects the thread and makes plain a future pathway.

If not, let all move on, please.

User avatar
mikewalsh
Moderator
Posts: 6164
Joined: Tue Dec 03, 2019 1:40 pm
Location: King's Lynn, UK
Has thanked: 796 times
Been thanked: 1985 times

Re: Malware hits Linux systems

Post by mikewalsh »

@Clarity :-

Oh, for crying out loud....

Nobody made ANY mention of the link being 'clickbait'. My point was simply this.....that presenting a link, by itself, without any description of what that link leads to, is a dangerous practice. By your own admission, you've been around the 'tech' world long enough to know this is so.

As for a 'template', why should we have to provide articles for the lazy to simply copy/paste & edit? Do you not HAVE any imagination? Can you not think of anything to say, rather than just pasting a link & hitting the 'Submit' button? Everybody else seems to manage just fine.

I think most know over the couple years on this forum that I have not presented any clickbaits. But, I will in the future describe briefly some indication of the link contents in efforts to better make clear some idea of the articles content.

That's ALL I was asking for in the first place...

------------------------

As stated before, no-one is criticising your intentions, which are usually good.....even I will admit that. All I'm asking is that you put a little bit of thought into how you actually create and, to use your own phrase, "present" your posts. That's not so much to ask, is it? Do you feel you NEED instructions to follow?

In all my years online, you're one of only a handful of people I've come across who cannot seem to handle the slightest bit of criticism; you take a simple request & manage to manipulate it into a massive, direct, personal attack..!

Most of us are not 'mind-readers', Clarity. Please remember, too, that we're not there with you all the time, looking over your shoulder, and thus privy to what is going through your head at any given moment. :D

Nobody with a whiff of common sense will take anything said online "to heart"; nobody is "having a go" at you about intentions and/or source material. My only concern is the smooth running of this forum, and is the one thing I will pull anybody up about, be they a veteran member OR a raw 'noob'. As such, member's posting styles and/or content & behaviour are always going to be at the forefront of my mind.

All I did was to make a polite request. YOU are the one who has blown this up into something it never was.

I've said my piece. I'm outta here.....and that's the end of it. I'm not responding any further on the matter, which as far as I'm concerned has run its course.

Mike. ;)

User avatar
snoring_cat
Posts: 206
Joined: Tue Sep 21, 2021 3:40 pm
Location: Earth
Has thanked: 24 times
Been thanked: 46 times

Re: Malware hits Linux systems

Post by snoring_cat »

Clarity,

Thanks for the post. For starters, this malware can put rootkits into fake binary files such as cat, kill or sshd..." I guess it's a good thing that Puppy Linux doesn't do background weekly system updates as much as other Linux distributions.

As a suggestion for future posts, you could just post what is the main title on the web page you link. This is similar to an RSS feed entry. For example, just add to your post:

FontOnLake malware strikes Linux systems in targeted attacks
The malware is accompanied by a rootkit to sink its claws firmly into vulnerable machines.

Meeeooow!

-- substance over noise, since 5 minutes in the future --

Clarity
Posts: 3844
Joined: Fri Jul 24, 2020 10:59 pm
Has thanked: 1633 times
Been thanked: 527 times

Re: Malware hits Linux systems

Post by Clarity »

New announcement of a Linux kernel BUG that takes over your ...

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel ...

FYI

Post Reply

Return to “Security”