Researcher Shows Assault Against Linux With USB Autorun

Senior Researcher Jon Larimer attached to the X-Force Advanced Research team of IBM, while at the Washington-held ShmooCon 2011 Security Conference during January 28-30, 2011, demonstrated how Linux computers could be attacked with USB devices, so reported Softpedia.com in news dated February 10, 2011.

Evidently, during the demonstration Larimer showed how the attack could be executed through exploiting a security flaw within the evince-thumbnailer, an element that the GNOME evince for viewing files utilize to render icons.

Larimer, while elaborating the demo further, stated that it wasn't too strong for, to make it come off fast, he had to disable 'AppArmor' and 'Address Space Layout Randomization.' However, the result indeed was as expected, since the demonstration showed that autorun-like assaults were possible on Linux systems for running random code and thereby acquiring control over the computers which otherwise couldn't happen, he explained. Muktware.com published this on February 10, 2011.

Larimer further explained that since the attack used a security flaw rather than a feature such as AutoRun, it was greatly identical to the Stuxnet worm-abused LNK exploit.

Notably, the aforementioned exploit aimed at the flaw quite like Windows OS treated shortcuts as also let arbitrary code run on the system via performing a plain scanning of a file directory, which carried a malevolently created LNK document.

Reportedly, many malicious programs have ever-since utilized as well as are still utilizing the exploit.

Here, it may be interesting to note that a patch for the flaw was issued during early-January 2011, but Larimer experimented with an un-patched computer. Further, the attack could be performed merely through USB that imply that an attacker must be physically next to the computer. The attack doesn't proliferate via visiting websites, or via e-mails alternatively attachments. Hence, a computer-operator need have nothing to feel scared of, Larimer concludes.

Nevertheless, the demonstration proves one important point i.e. systems must always be maintained up-to-date. Any system-update message popping up should be heeded to.

Eventually, Larimer's demo also suggests that despite the truth about Windows virus quantities dwarfing Linux malware's tiny ecosystems sidelined, still there are plentiful other warnings associated with the attack.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 2/21/2011