There were / are bugs in the mpg and jpg libraries that allow for remote
execution that may or may not have been fixed.
If it can screw over cell phones running on Linux, it can screw you over
if you are running on garden variety Linux.
Since we are all users on an ongoing basis of fossilized non updated
systems, likely all of your older Linux systems have at least the mpg
problem, and it is a fun one. The only thing saving you is that you
would need to target it at a specific binary target.
thanks
JIm
On 9/16/2015 6:29 PM, Jon Elson wrote:
On 09/16/2015 01:10 PM, Chuck Guzis wrote:
Has cryptolocker ever invaded the world of Unix/Linux/BSD?
It would be much harder. In general, browsers do not activate just
any file you would download. There are weaknesses in various
graphical/video add-ons to browsers that may cause vulnerabilities.
But, in GENERAL, malware in videos, etc. would either do nothing at
all when sent to the add-on program, or get a message saying something
like "this script contains macros, executing it could be a security
risk: Yes / No"
I've been browsing quite fearlessly with Linux systems for about 17
years, and NEVER had any problem.
Now, I've also had a Linux web server up for about 15 years, and have
had 2 successful penetrations.
One was totally innocuous, they just added a phishing web site for a
bank, and it was easy to remove.
Another attack put in a root kit, and it caused a major mess,
including me sending out some infected code to other people. (OOPS,
red face!!) These were both done by cracking insecure passwords on my
system. The best defense for that is running denyhosts, which counts
login failures from specific IP addresses, and cuts off all access
from that IP after a threshold. I set it very tight, two failed
attempts within a month and you are out for a year. It was VERY
interesting, exactly, to the HOUR, two weeks after I set this up, the
1000 per day attempts to break in dropped to 3 a day. This means the
botnets actively track how long the horizon on the login failures is
set, and they've been programmed to give up on any node that has a
horizon over 2 weeks.
Jon