[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 11/03/14 14:19, bad apple wrote:
I've had a couple a day.. in fact over the last week several email addresses I only use for specific functions have started receiving reams of spam, including this one. Thus far I've just copy/pasted the source into Spamcop. next one I'll forward to you :)On 11/03/14 13:28, Simon Waters wrote:On 11/03/14 10:43, Brad Rogers wrote:It's almost a certainty that the payload will only run in a Windows environment.The days of this being true are gone. Sure most malware is Windows specific, but malware authors are venturing out into the big brave world of Unix (Mac OS X) and GNU/Linux. The targeted malware tool of choice is Java, since it is nicely portable. Remove client side Java where possible. I think the main use outside malware and borked websites, is Eclipse. You can always shuffle it out of the default path, and set the path for Eclipse, if you use Eclipse. Really for the non-professional leave malware alone. Even if you avoid the intended payload you may still do things that make you potentially vulnerable like visit URLs. If you make your living dealing with malware you'll have air-gapped or other environments in which to play safely. If you need to know what something is you can feed it to tools like Virus total, or your anti-malware provider of choice will tell you. If you work in a big organisation they likely have a policy on what to do.100% this - the old days of "I run Linux, I'm immune to all security threats" are not only gone, they never existed in the first place. Java is installed by default on most Linux distros these days and is by definition almost definitely compromisable. State agents and professional criminal organisations have been targeting Linux for a long time now and there are countless crimeware kits, APTs and flash/java/PDF exploits available over the counter to anyone who wants them on any operating system. I haven't been so 'lucky' as to receive a copy of this particular scam yet so if anyone can email me a copy I'll set to work ripping it apart and having a look at the internals. I have a fleet of victim VMs set aside in their own little VLAN for just such things. Regards
Julian -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq