The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option.
http://www.itworld.com/article/2920615/ ... ealth.html
It might only be proof of concept at the moment but what does this mean for linux users?
New Linux rootkit leverages GPUs for stealth
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
New Linux rootkit leverages GPUs for stealth
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- Pjotr
- Level 24
- Posts: 20092
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: New Linux rootkit leverages GPUs for stealth
Absolutely nothing at all.1.618 wrote:It might only be proof of concept at the moment but what does this mean for linux users?
It's very easy to create Linux malware. That has always been the case. Nothing new there.
But it's very, very difficult to get Linux malware to spread. Only when that would change, there would be some reason for concern. You might be interested in this article that I wrote about Linux security:
https://sites.google.com/site/easylinux ... t/security
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: New Linux rootkit leverages GPUs for stealth
Thanks pjotr, some well written articles there
I guess I'm just worried about being over complacent, as the linux market share grows it makes linux more of a target, even if it is a difficult one to compomise.
I guess I'm just worried about being over complacent, as the linux market share grows it makes linux more of a target, even if it is a difficult one to compomise.
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: New Linux rootkit leverages GPUs for stealth
ever since Robert Morris wrote his famous worm (November 1988 ) we have faced a rapacious desire on the part of miscreants to force their un-wanted programs onto our machines.
"Superfish" is just another example of this tripe on a long list of usurpations
naturally this would lead us to investigate how un-authorized programs ( aka "malware" or "Computer Virus") manage to get on computers
certain routes are obvious, such as downloading and installing software from un-reliable sources. this should be brought under control by vetting software with digital signatures
other routes are less obvious such as "drive by infections" launched from "infected" web sites. the only thing running in your browser should be Javascript -- which is not supposed to access or update anything on its host system other than "cookies" . but Javascript -- or even HTML code -- pulls in image and flash objects which seem to be a vector for executable attacks. so how can this spread from an application program running in RING3 into the o/s? Privilege Escallation. if the attack code can find a privileged program that is not running on an exec only page then it may be able to modify the privileged program and obtain privilege escallation. the key note here is that privileged code should be on a READ|EXEC only page if it is running in userland (RING3) .
"phishing" is a favorite ploy -- by some estimates responsible for about 75% of "hacks". Phishing is simple: you just ask the system owner to do something dumb.
Bad Drivers: again disreputable software may install a bad driver into the kernel. once compromised the system owner no longer knows what his computer is being used for . again software signatures or preferred libraries are good defenses
OEM errors/malfeasance
OEM may incorporate malware into a product -- by error or by intent. "Superfish" seems to have been by intent and we have stories of router shipments being diverted into shops where NSA "patches" are installed,.... these problems may need new approaches but it seems starting from a "Zero Defect" policy combined with changes in product liability law could be the place to start
(just a few thoughts from an ORF here on a rainy Sat. AM)
"Superfish" is just another example of this tripe on a long list of usurpations
naturally this would lead us to investigate how un-authorized programs ( aka "malware" or "Computer Virus") manage to get on computers
certain routes are obvious, such as downloading and installing software from un-reliable sources. this should be brought under control by vetting software with digital signatures
other routes are less obvious such as "drive by infections" launched from "infected" web sites. the only thing running in your browser should be Javascript -- which is not supposed to access or update anything on its host system other than "cookies" . but Javascript -- or even HTML code -- pulls in image and flash objects which seem to be a vector for executable attacks. so how can this spread from an application program running in RING3 into the o/s? Privilege Escallation. if the attack code can find a privileged program that is not running on an exec only page then it may be able to modify the privileged program and obtain privilege escallation. the key note here is that privileged code should be on a READ|EXEC only page if it is running in userland (RING3) .
"phishing" is a favorite ploy -- by some estimates responsible for about 75% of "hacks". Phishing is simple: you just ask the system owner to do something dumb.
Bad Drivers: again disreputable software may install a bad driver into the kernel. once compromised the system owner no longer knows what his computer is being used for . again software signatures or preferred libraries are good defenses
OEM errors/malfeasance
OEM may incorporate malware into a product -- by error or by intent. "Superfish" seems to have been by intent and we have stories of router shipments being diverted into shops where NSA "patches" are installed,.... these problems may need new approaches but it seems starting from a "Zero Defect" policy combined with changes in product liability law could be the place to start
(just a few thoughts from an ORF here on a rainy Sat. AM)
¡Viva la Resistencia!
- Pjotr
- Level 24
- Posts: 20092
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: New Linux rootkit leverages GPUs for stealth
As long as there are no Linux viruses for desktop computers "in the wild", there's no need to be afraid. Overcomplacency isn't good, but neither is unnecessary fear.1.618 wrote:I guess I'm just worried about being over complacent, as the linux market share grows it makes linux more of a target, even if it is a difficult one to compomise.
As long as you install updates as soon as they become available, don't install from other sources than the official software sources and (most importantly) use your common sense, you're fine. Relax, you're running Linux.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: New Linux rootkit leverages GPUs for stealth
Pjotr, that is some very good advice!
Re: New Linux rootkit leverages GPUs for stealth
It's these less obvious ones that I don't want to be complacent about, legitimate websites carrying malicous code or clones of legitimate sites and so forth that the average Joe might not be able to identify, I try to be sensible in my computing habits but smarter men than me have been fooled...mike acker wrote: other routes are less obvious such as "drive by infections" launched from "infected" web sites.
"phishing" is a favorite ploy -- by some estimates responsible for about 75% of "hacks".
So buying a graphics card with jellyfish or similar already loaded onto it could be a real possibility?mike acker wrote: OEM may incorporate malware into a product -- by error or by intent. "Superfish" seems to have been by intent and we have stories of router shipments being diverted into shops where NSA "patches" are installed,.... these problems may need new approaches but it seems starting from a "Zero Defect" policy combined with changes in product liability law could be the place to start
much appreciatedmike acker wrote: (just a few thoughts from an ORF here on a rainy Sat. AM)
I follow the advice given and do what I canPjotr wrote: Overcomplacency isn't good, but neither is unnecessary fear.
As long as you install updates as soon as they become available, don't install from other sources than the official software sources and (most importantly) use your common sense, you're fine. Relax, you're running Linux.