Wednesday, September 11, 2013

Hand of Thief Linux trojan harmless

Hand of Thief was discovered in August and described as the first functional and dangerous Linux trojan in the wild. However, recent analysis has showed that this trojan is relatively harmless and in most cases does not even function.

top linux trojan virus hand of thief
At the beginning of August, reports from EMC showed that a new trojan targeting the Linux platform has emerged. The trojan was given the name Hand of Thief. The purpose of the trojan is to collect login credentials and transmit it to the owner of the trojan based on input fields in web browsers, potentially able to collect banking information from the users. The threat was considered to be severe and Hand of Thief was considered to be the first Linux trojan in wild that posed a true security risk.

Recent analysis of the trojan itself now shows that the trojan in reality poses little risk. The results show that the ability of Hand of Thief to collect and transmit the information is very limited and in most cases simply non-existant. Therefore, the trojan is instead labelled as a prototype rather than a final functioning trojan. 

Practical examples that demonstrate the incapabilities of Hand of Thief is that the installation procedure of the trojan is awkward, but still disregarding this the trojan crashes Firefox under Fedora, fails to properly collect data on Google Chrome under Fedora and fails to function at all under Ubuntu. Considering that on the black market the trojan is sold for $2000, that is a large price tag for a something that does not work and in addition targets a small computer segment. 

There are risks though that the trojan will be continuously developed and eventually truly pose a severe threat. However, given that all Linux developers and administrators are given this early warning, hopefully this will result in various system hardening that makes it even more difficult for the trojan to function properly. In any case considering the large number of security threats on the internet, it is always worthwhile to be cautious even though this particular example happened to be relatively harmless.

No comments:

Post a Comment