Linux platforms vulnerable to Grinch malware

Cyber security firm Alert Logic has discovered a bug called Grinch, which is claimed to affect Linux based systems.

Linux systems account for more than 65% of web servers on the Internet, Alert Logic said citing a report by W3Tech.

The new bug allows attackers to carry out malicious activities on the system including remote installation of applications and theft of data.

According to the security experts, Linux based personal computers, servers and Android devices could be vulnerable to the attack.

The bug resides in the new Linux authorisation system that facilitates privilege growth through Wheel, which is a special user group that controls access to the ‘su’ command that allows one user to impersonate another user.

Alert Logic said: "When a Linux system is built, the default user is assigned to the wheel group that allows for administrative task execution within the system."

"For example, if the file is owned by user XYZ and group wheel, it will run as XYZ:wheel, no matter who executes the file."

SCMagazine.com reported Alert Logic threat research director Stephen Coty as saying: "anything that is set up by the Linux default settings would be affected by grinch."

"This vulnerability could allow the attacker to install any type of software they want to, meaning remote access trojans (RATs), or software where they 100 percent own that box, or software where they can exfiltrate 100 percent of the information off a [targeted] server."

"They could install anything, so the possibilities are really endless at that point."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing