Koobface>becomes>bonana/Linux:(!

After « Koobface » on W$ caming from Facebook & Twitter. We hav an new one : « Boonana » putatif under nux:(!
It's an Java applet, saying he is needed to read a photo album... (ia.JPhoto.Album).
He hyde hymself in «.jnana« , to open a backdoor to a botnet without requesting admin privileges... TKS to Java application
Mind to read Jerome Segura (in anglais) article about security at :
http://blogs.paretologic.com/ ... and stop clicking on everything:)! Lol? CheerS Mi <(")

--

Le trojan « Koobface » infecte depuis 2 ans windows à partir des réseaux sociaux comme Facebook et Twitter.

Mais aujourd’hui une variante appelée « Boonana » s’attaque désormais à Linux :/

Ce virus prend la forme d’une applet Java sous les différents réseaux sociaux et il fait croire à l’utilisateur qu’il est indispensable afin de lire un album photo (Nom : ia.JPhoto.Album).

Une fois installé, Boonana se cache dans le dossier caché « .jnana« , puis ouvre une backdoor pour rejoindre un botnet et le tout sans le mot de passe root grâce à java et l’utilisateur qui à gentiment installé l’applet vérolé…

Je vous invites à lire l’article du chercheur en sécurité Jerome Segura (en anglais) :

http://blogs.paretologic.com/

Et un conseil évitez de cliquer sur tout ce qui bouge ^^

--

In french in the text:)! Lol?

CheerS Mi <(")

--

Some news caming from :

http://hackurx.wordpress.com/2010/10/29/le-virus-koobface-socialise-avec-linux/

--

Sent on FB.. cross-posted on Buzz : Koobface>becomes>bonana/Linux:(!
News at : https://wikienveut.forumsactifs.net/t654-koobfacebecomesbonana-linux#3900 !
What a world:)! Lol? Or the return and revenge of the Sun's team, against O-rahK'le...?
/Or how to make Buzz, an/or have an international trail, for a Troll, not that so good:(/?

--

As i' m one of the only invested in Free Software now, or so here.. i goes on in spreading my very little knowledge.. but a big will of understanding deeper what's realy on:(!

From FB :

In any case u receive some :

'ha ha check this out..she is soo busted
CLICK HERE to see the status udpate that got a girl expelled from school!!
you got to see this...'

1- never click
2-report to FB... thus:(!
3 Read all about Koobface and now 'boonana'... some words at :
https://wikienveut.forumsactifs.net/t654-koobfacebecomesbonana-linux
TY Tammy:)! xx Mi <(")

--

Milux a écrit:Sent on FB.. cross-posted on Buzz : Koobface>becomes>bonana/Linux:(!
News at : https://wikienveut.forumsactifs.net/t654-koobfacebecomesbonana-linux#3900 !
What a world:)! Lol? Or the return and revenge of the Sun's team, against O-rahK'le...?
/Or how to make Buzz, an/or have an international trail, for a Troll, not that so good:(/?

--

Okay one advert too at :
http://chrispederick.com/work/user-agent-switcher/help/
about UserAgent :

'Why does the user agent reset when the browser closes?

Due to a bug in Sun's Java plug-in the extension automatically resets the user agent when the browser closes in order to stop the browser crashing on the next start-up.

If you are unable to start the browser find the file 'prefs.js' in your profile and delete the line containing 'general.useragent.override' to fix the issue.

If you understand this issue and want to disable the auto-reset functionality create a new preference 'useragentswitcher.reset.onclose' and set it to false.

No support is provided for this configuration.'

--

Note than indeed, the bug in Java have been patched the same day:)!
It's the only Free real internet application.. thus owned in last version by Oracle:(, all the oldest one are totaly all OS compliant and indeed 'actives'!

--

Note 2, that by using chkrootkit.., last upgrade, U hav all that solved in :

'Rootkit Hunter announces release 1.3.8

The Rootkit Hunter project team is pleased to announce the release of version 1.3.8.
The change log lists 24 bug fixes, 29 changes and 18 new items. Naming a few:

Whitelist rootkit strings (RTKT_FILE_WHITELIST).
Whitelist items not always present (EXISTWHITELIST).
Whitelist combined pathname and port number (PORT_WHITELIST).
Added Whirlpool and Ripemd160 hashes to file properties check.
Support for DragonFly BSD.
Support for Solaris OS package management.
The 'suspicious files' check display each item individually.
The '--enable' and '--disable' command-line options may now be specified more than once.
Grsecurity-enabled systems may now run the network 'ports' test.
Allow test names for the 'unhide' command (UNHIDE_TESTS).
Rootkit checks added: OS X Togroot and Boonana (Koobface.A) trojan, Solaris Wanuk backdoor and worm and Inqtana worm.
Better support for *BSD commands and OS X.'

--

All the feature ar on :

http://rkhunter.sourceforge.net/

--

Bazsis information and certifications ar indeed at :

http://www.cert.org/search_pubs/search.php

--