Blocking the Wirenet Trojan

Slides:



Advertisements
Similar presentations
WordPress Installation for Beginners Sheila Bergman
Advertisements

HELP GUIDE NEW USER REGISTRATION (SLIDE 2) TAKING A QUIZ (SLIDE 8) REVIEWING A QUIZ (SLIDE 17) GROUP MEMBERSHIP (SLIDE 26) CREATING QUIZZES (SLIDE 31)
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Building Web Pages With Microsoft Office. Introduction This tutorial is for the beginning web builder. It utilizes software that you already have, Microsoft.
What is ERoom? Created August 5, Agenda How to log in Directory structure –RFI –Class directories –Team directories How to download/upload files.
File sharing. Connect the two win 7 systems with LAN card Open the network.
The basics of the Online Portal
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
CSE 390a Editing and Moving Files
Copyright© 2003 Avaya Inc. All rights reserved Upgrade to Communication Manager 2.0 with Migration to Linux 8.0 Purpose: This presentation was prepared.
Accessing Barney Off- Campus How can I get my H: files when I am not on the GU network? Business 111 Edward Mitchell Fall 2006.
HTML Hyper Text Markup Language A simple introduction.
Tomcat Setup BCIS 3680 Enterprise Programming. Getting Web Apps to Work  Verify that Tomcat works.  Understand how context works.  Create folders/files.
Go to your school’s web locker site school name.schoolweblockers.com) Your user name is the first letter of your first name, the first four.
Booting Ubuntu Linux Live CSCI 130 – Fall 2008 Action Lab Dr. W. Jones.
Go to your school’s web locker site Your user name is the first letter of your first name, the first four letters of.
Tips and Tricks By PRINCE KUMAR Prince1.  Want to block all users of a Windows PC from opening certain websites, regardless of the browser they use or.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
Getting Started Introduction Section 0 Lecture 1 Slide 1 Section 0 Slide 1 INTRODUCTION TO Modern Physics PHYX 2710 Fall 2004 Intermediate Lab Fall.
Compare and Contrast : Blackboard & a Personal Web Page www3.ltu.edu/~s_schneider/howto/faculty.htm You’ll find this presentation (and another) here :
56 th VFW Open Falcon 4.5 Tech Support: BSOD. Black Screen Of Death Background: On BMS/OF installs of all flavors a small percentage of users experienced.
HTML Hyper Text Markup Language. The Basics u HTML documents contain “tags” which instruct the Browser software on how to present the information within.
Tomcat Setup BCIS 3680 Enterprise Programming. One-Click Tomcat Setup 2  This semester we’ll try to set up Tomcat with a PowerShell script.  Preparation.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
HTML Hyper Text Markup Language. Agenda Basics Tools Important tags Tables & databases Forms Publishing at Stern.
Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,
Using Grsync with Ubuntu Presented by Dave Mawdsley, DACS Member, Linux SIG August 20, 2008 (making rsync easy with a memory key or a server)
A Simple SED Lesson Presented by Dave Mawdsley, DACS Member, Linux SIG Member February 15, 2012 (modifying HTML tags in an html file)
Computer safety Filip Hruby.
Presented by Dave Mawdsley, DACS Member, Linux SIG Member
Presented by Dave Mawdsley, DACS Member, Linux SIG February 20, 2013
Using Crontab with Ubuntu
Online PD Basic HTML The Magic Of Web Pages
Data Virtualization Tutorial… SSL with CIS Web Data Sources
3.02H Publishing a Website 3.02 Develop webpages..
Configuring ALSMS Remote Navigation
Tools for Collaboration and Learning
CNIT131 Internet Basics & Beginning HTML
Mozilla Firefox Who is Mozilla? What is Firefox?
Contact for iCloud Support Services For iCloud Help
Introduction to Programming the WWW I
Getting SSH to Work Between Computers
Using Clam Anti-Virus with Ubuntu
Publishing and Maintaining a Website
Assignment Preliminaries
Fix Not Responding Antivirus with Kaspersky Tech Support.
Resolve All Mozilla Firefox Errors with Best Mozilla Technical Support How to Fix Website Loading Issues after Updating Firefox?
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
FTP and UNIX TOPICS Exploring your Web Hosting Site FTP UNIX
Internet Basics.
Crawling with Heritrix
Chap 10 Malicious Software.
Application layer Lecture 7.
OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)
Setting Up Firewall using Netfilter and Iptables
Month Year doc.: IEEE /011r0 January 2008
OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)
Faculty of Science IT Department By Raz Dara MA.
4.02 Develop web pages using various layouts and technologies.
Git CS Fall 2018.
ICT Programming Lesson 3:
Chap 10 Malicious Software.
Computer Security By: Muhammed Anwar.
Carthage ios 8 onwards Dependency manager that streamlines the process of integrating the libraries into the project.
Hinari Basic Course Module 3 Appendix 1
CSCE 206 Lab Structured Programming in C
File Transfer Protocol
Presentation transcript:

Blocking the Wirenet Trojan (blocking perhaps the first Linux trojan) Presented by Dave Mawdsley, DACS Member, Linux SIG September 19, 2012

What is the preliminary info? 1 What is the preliminary info? Excerpts (and taken liberties) from: Linux users targeted by password-stealing 'Wirenet' Trojan by John E Dunn, Techworld, 12:58, 31 August 2012 “Technical details of Wirenet.1’s operation and technique for spreading are sparse for now, but the company (Russian antivirus firm Dr Web) reports that the backdoor program targets browser passwords for Opera, Firefox, Chrome, Chromium, and as well as applications such as Thunderbird, SeaMonkey, Pidgin. Under Linux it copies itself to the ~ / WIFIADAPT directory before attempting to connect to a command and control server hosted at 212.7.208.65 using an AES encrypted channel. That at least offers a simple way of blocking communication and any further payloads....”

So Here's My Temporary Solution 2 So Here's My Temporary Solution Using terminal under root, append hosts.deny with: cd /etc; nano hosts.deny Next, at the bottom of the file add the following line: (note space) ALL: 212.7.208.65 Save the file and exit root. Verify that hosts.deny is okay with: cat /etc/hosts.deny Last verify that hosts.allow doesn't allow 212.7.208.65 with: cat /etc/hosts.allow

A Perhaps Better Linux Solution 3 A Perhaps Better Linux Solution If you're using IPTABLES, append the following entries in the appropriate sections would probably be a good idea: # iptables -A INPUT -s 212.7.208.65 -j DROP # iptables -A OUTPUT -d 212.7.208.65 -j DROP

Fixing the hosts file in Windows Computers 4 Fixing the hosts file in Windows Computers Open Notepad as an administrator and navigate to C:\Windows\System32\drivers\etc and select All Files (*.*) rather than .txt documents. Then open the hosts file. Add the following separate lines in the document: # Wirenet Trojan 212.7.208.65 Save the hosts file and exit Notepad.

Another Point of View in a Posting 5 Another Point of View in a Posting David Dreggors I am not sure I would call this FUD, that would imply intent to be misleading. I believe Dr. Web (and this author) simply use "Linux" as a generic term for any distribution running the Linux kernel and more specifically the GNU toolchain and applications. Also, when dealing with the masses you have to remember that the lay person is confused way to easily by too many specifics and you have to be more generic in statements like this. While elitists and purists may take severe issue with that notion, they also should recognize that giving the idea that GNU/Linux is way to overly complicated to understand by the novice users is not helpful either. When was the last time you heard anyone chastised for calling a certain vehicle a car? You simply don't hear anyone shout out "It's a Porsche! That must be FUD because they did not properly describe it in it's entirety!" No offense meant, just sharing some thoughts.

6 In Conclusion... It's highly likely that the ip address 212.7.208.65 (Dino Strzeminski, Jaracza 3/49, 00-378 Warszawa, POLAND) will be blocked and that another ip address or a group of them may become the replacement for the command and control server of the trojan. It might be useful to verify that the following folder is NOT on your Linux computer: /WIFIADAPT All this is another reminder to NOT be running under root in Linux unless it's really necessary because the hosts.allow and hosts.deny and other system files could be modified by the trojan. Finally, all Linux, Mac and Windows users need to “stay tuned” to tech reports about the Backdoor.Wirenet.1 trojan.

Blocking the Wirenet Trojan (blocking perhaps the first Linux trojan) This LibreOffice.org Presentation 'wirenet.odp' can be downloaded from http://madmod.com/freebies.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.