Backtrack 5: Linux & Mac Systems Vulnerable to Malicious Scripts Too

Ask almost any Linux or Mac user and they will tell you that they are much better protected against viruses and online threats. But is this really true?

Not necessarily so.

Sure, most malware writers target Windows based systems due to the large volume of potential targets. But, malicious executables and scripts work just as well against Linux and Mac systems.

I have recently been working on a video showing Backtrack 5 in action against a Windows 7 target and wondered, ‘How well would some of the same attacks work against a Mac or Linux system?’

So, I fired up Backtrack 5 in my lab and used it to create a test malicious website. The site serves up a backdoored java applet to a target machine when they connect to the page.

This is what the simulated target machine saw when it surfed to the website:

The target machine is an Ubuntu 11.04 machine, running Google Chrome, with the built in firewall enabled and an updated Anti-Virus program running. As you can see, the webpage is a bogus “message from the CEO” page and it instructs the user to run the Java popup. A real malicious page could look much more believable or could even be an exact clone of an existing site.

When the user clicks “run”, a remote shell session (Session 1) is created on the Backtrack 5 machine as seen below:

And that is it. I now have read/write access to the Ubuntu host in the context of the logged in user. I ran a few Linux commands to verify the connection. Commands entered are highlighted by a white box:

I checked the Ubuntu version, the present user name and the user’s identity.

I then checked the disk space, surfed to the users document directory and viewed the contents of the file named “Test”:

And finally, checked the processes running on the remote system:

I do not have root access at this point, just user level access. But from here I could check the system for other vulnerabilities that could be exploited. Or if my goal was just to collect user data or documents, no further penetration is necessary.

Malicious scripts and executables are encoded and obfuscated to purposely bypass anti-virus programs. And once they are run on a target machine, Windows, Mac or Linux, they connect out through the firewall to the attacker machine. It is imperative to educate your users about these types of attacks and tell them to never allow programs to run from unknown websites or e-mails.

Running script blocking programs like “Noscript“, and disabling script capabilities in browsers really help against these types of attacks. But users with privileges can and will allow programs to run if they really think they need the program or gadget that the attacker is offering.

Finally, locking down what sites your users can connect out to and monitoring the traffic leaving your network is always a good idea in preventing or detecting these types of attacks.

Advertisements

China Hacking Tool captured on Chinese Military Propaganda Ad

A Chinese military propaganda video released mid-July shows what many have accused the Chinese of all along. Being responsible for numerous cyber attacks on different nations.

According to an article on The Epoch Times:

The documentary itself was otherwise meant as praise to the wisdom and judgment of Chinese military strategists, and a typical condemnation of the United States as an implacable aggressor in the cyber-realm. But the fleeting shots of an apparent China-based cyber-attack somehow made their way into the final cut.

The Chinese made attack tool can be seen in the above Youtube video starting at 39 seconds. And in case there are any questions on who made it, “Electrical Engineering University of China’s People’s Liberation Army” is displayed on the tool. It seems that this tool was specifically made to attack Falun Gong websites.

The software window says “Choose Attack Target.” The computer operator selects an IP address from a list—it happens to be 138.26.72.17—and then selects a target. Encoded in the software are the words “Falun Gong website list,” showing that attacking Falun Gong websites was built into the software.

A drop-down list of dozens of Falun Gong websites appears. The computer operator chooses Minghui.org, the main website of the Falun Gong spiritual practice.

The IP addressed listed on the screen belongs to the University of Alabama at Birmingham – University Computer Center. This proves that the Chinese military has in fact been attacking not only Chinese spiritual groups but systems in America.

According to the Washington Post, the original video has since been removed and an e-mail from China’s Defense Ministry said that “the scene was the “pure action of the producer,” and that “the content and opinion of the program do not represent the policy and stance of the government.

Well, nothing new here, they are denying that they are behind it, but as the saying goes, a picture is worth a thousand words.

EC-Council forms Global Cyberlympics

This looks very interesting! EC-Council, a leader in Ethical Hacking certifications (C|EH), has created a world wide cyber games competition.

Information (From Website):

The World’s First International Team Ethical Hacking Championships

The Global CyberLympics is a not-for-profit initiative led and organized by EC-Council. Its goal is to raise awareness towards increased education and ethics in information security. The mission statement of the Global CyberLympics is Unifying Global Cyber Defense through the Games.

Form a team now and earn the rights to represent your region at the Global CyberLympics World Finals!

China’s Military Buildup and Cyber Attacks

From Foxnews:

“The pace and scope of China’s sustained military investments have allowed China to pursue capabilities that we believe are potentially destabilizing to regional military balances, increase the risk of misunderstanding and miscalculation and may contribute to regional tensions and anxieties,” said Michael Schiffer, the deputy assistant secretary of defense for East Asia.

According to the article, China spent $160 Billion for defense in 2010. Add to this the huge volume of technical and military information that China is believed to have siphoned in cyber attacks against the US and our allies.

The US imported $364.9 Billion from China in 2010. China cites our trade relations with Taiwan as a threat, but it appears that we only exported about $26 Billion to them in 2010. One would have to ask why one of our largest trading partners sees us as a threat?