Posted on 07/08/2022 10:34:58 AM PDT by ShadowAce
hos is this malware acquired?
Good question. The article is rather light on details.
i just did a quick search, but the articles are all the same practically- no mention of how it’s acquired- just that ‘once it’s installed’ - but does it install automatically somehow? or does user have to install it? articles don’t mention how
Microsoft Warns of '8220 Group' Targeting Linux Servers
... [T]he names of the group come from the port number 8220 used by the miner to communicate with the C2 servers....
https://www.cysecurity.news/2022/07/microsoft-warns-of-8220-group-targeting.html
How is this malware acquired?
Step 1: Stand up a C2 server.
Step 2: Doesn't matter unless you've stood up a C2 (command & control) server.
Maybe we should go back to filing cabinets.
https://threatpost.com/sneaky-malware-backdoors-linux/180158/
Glad I don’t run linux, sad my router does. LOL. Just being as stupid as those that attack windows when they have a security issue.
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
From the link:
ConclusionThreats that target Linux continue to evolve while successfully staying under the radar of security tools, now OrBit is one more example of how evasive and persistent new malware can be.
so i would have to run a server in order to get it? (I’m not real up on this stuff)
It comes via a “dropper” Bob. Same as with MS Trojans. The user has to click something. This is why I use NoScript for websurfing. It reduces the chance of loading malicious scripts and droppers from websites, the other methods are already known as safe practice to prevent it.
“A dropper is a small helper program that facilitates the delivery and installation of malware. Spammers and other bad actors use droppers to circumvent the signatures that anti-virus programs use to block or quarantine malicious code. It’s much easier to change the dropper, should its signature become recognized, than it would be to rewrite the malicious codebase.
“Droppers, like many of their larger Trojan horse counterparts, can be persistent or non-persistent. Non-persistent droppers install malware and then automatically remove themselves. Persistent droppers copy themselves to a hidden file and stay there until they complete the task they were created for.
Droppers can be spread by people who:
Open an infected e-mail attachment.
Pick up a drive-by download on an infected website.
Click on a malicious link in an email or on a website.
Using an infected flash drive.
Sometimes droppers are bundled with free utility programs (such as ad blockers) to avoid detection by antivirus software. When the free program executes, the dropper will first download and install malware before it unpacks and installs the legitimate utility.”
https://www.techtarget.com/whatis/definition/dropper
Thanks- i never c.ick stuff that pops up when browsing, but accidents could happen I suppose. R,someone else using the computer could click unaware.
[[Pick up a drive-by download on an infected website.]]
This is the one that worries me. A few years ago windows using explorer jnternet, I woild constantly go to what should have been safe sites, and get auto atical.y redirected, or have some file start downloading automatically. I had to run a program called “Rollback Rx” which would do a complete system restore (not partial like windows system restore utulity), and it would do,it when booting up, not from desktop, so it would activate before viruses could stop it. Whene ver I hit a site that redirected me or saw soe thing down,oading, I stopped immediately and did a rollback.
It was happening a fee times a month for awhile there, then things seemed to calm down a bit, then I switched to Firefox, and don’t get it anymore, but a,so,I use Linux, so thatnis added level of protection if it hits a site that downloads an .exe
I think that is one of the advantages of Linux. If you are cautious it is hard to do this. Unlike MS you are always by default logged in as a guest. Nothing can access the system files without a notice, warning, and password.
So just say no if you have any doubt at all. Do some homework and go find a more trusted source.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.