Ceci est une ancienne révision du document !
Linux & OS X-only Trojan Spotted
Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan.
Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted to Opera, Firefox, Chrome and Chromium web browsers, and credentials stored by applications including email client Thunderbird, web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands.
The software nastie was intercepted by Russian antivirus firm Dr Web [which] describes Wirenet-1 as the first Linux/OSX cross-platform password-stealing trojan.
Multi-platform virus strains that infect Windows, Mac OS X and Linux machines are extremely rare but not unprecedented. One example include the recent Crisis super-worm. Creating a strain of malware that infects Mac OS X and Linux machines but not Windows boxes seems, frankly, weird given the sizes of each operating system's userbase - unless the virus has been designed for some kind of closely targeted attack on an organisation that uses a mix of the two Unix flavours.
Analysis work on the Wirenet-1 is ongoing and for now it's unclear how the trojan is designed to spread. Once executed, it copies itself to the user's home directory, and uses AES to encrypt its communications with a server over the internet.
Source: theregister.co.uk
Java Flaw Puts Millions At Risk
Computer users - whether they favour Windows, Mac or Linux operating systems - are at risk from a newly discovered Java vulnerability for which there is currently [as of 31st August 2012] no fix. It appears the flaw allows the Blackhole exploit kit to target the Java system using a Pre.jar file that lets it install malware, in this case a banking Trojan, onto users machines, through a variety of methods.
FireEye went on to criticise Oracle - which owns Java - for its lack of action regarding the flaw. “It's very disappointing that Oracle hasn't come forward and announced a date for an emergency update patch,” wrote FireEye's Atif Mushtaq.
The flaw was uncovered earlier in August.
Source: v3.co.uk
Google Currents
Install Google Currents on your Android/Apple devices, search for 'full circle' (in the app) and add issues 55+ to your app. Or, you can click the links on the FCM download pages.
Software Centre
You can also get FCM via the Ubuntu Software Centre: https://apps.ubuntu.com/cat/, Search for 'full circle', choose an issue, and click the download button.