Dangerous Linux Trojan could be sign of things to come

'Hand of Thief' Trojan specifically targets Linux but operates a lot like similar malware that targets Windows machines

Desktop Linux users accustomed to a relatively malware-free lifestyle should get more vigilant in the near future -- a researcher at RSA has detailed the existence of the "Hand of Thief" Trojan, which specifically targets Linux.

According to cyber intelligence expert Limor Kessem, Hand of Thief operates a lot like similar malware that targets Windows machines -- once installed, it steals information from web forms, even if they're using HTTPS, creates a backdoor access point into the infected machine, and attempts to block off access to anti-virus update servers, VMs, and other potential methods of detection.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]

[MORE SECURITY:Chrome's password security insanity can be cured]

Hand of Thief is currently being sold in "closed cybercrime communities" for $2,000, which includes free updates, writes Kessem. However, she adds, the upcoming addition of new web injection attack technology will push the price to $3,000, and introduce a $550 fee for major version updates.

"These prices coincide with those quoted by developers who released similar malware for the Windows OS, which would make Hand of Thief relatively priced way above market value considering the relatively small user base of Linux," she notes.

Getting Linux computers infected in the first place, however, could be more problematic for would-be thieves -- Kessem says the lack of exploits targeting Linux means that social engineering and email are the most likely attack vectors, citing a conversation with Hand of Thief's sales agent.

Kessem also says that growth in the number of desktop Linux users -- prompted, in part, by the perceived insecurity of Windows -- could potentially herald the arrival of more malware like Hand of Thief, as the number of possible targets grows.

Historically, desktop Linux users have been more or less isolated from the constant malware scares that plague Windows, which is at least partially a function of the fact that their numbers represent a tiny fraction of the Windows install base.

Users of Linux-based Android smartphones, however, have become increasingly tempting targets for computer crime -- and with the aforementioned growth in desktop users, the number of threats may increase even further.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Dangerous Linux Trojan could be sign of things to come" was originally published by Network World.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies