RSA Says Hand of Thief Linux Trojan Is a Non-Threat, Easy To Defeat - HotHardware
RSA Says Hand of Thief Linux Trojan Is a Non-Threat, Easy To Defeat

RSA Says Hand of Thief Linux Trojan Is a Non-Threat, Easy To Defeat

The Hand of Thief Trojan made waves among security experts when RSA first announced the for-sale malware. But now that RSA has had a chance to run additional analysis, the security arm of EMC is toning down its alert. It seems that the Hand of Thief is basically a prototype. The only people getting swindled at the moment is the would-be evil genius who buys this broken malware.


RSA doesn’t see the Hand of Thief Trojan as a major threat at the moment, but the developer plans improvements. Image credit: RSA

As it stands, the Hand of Thief Trojan isn’t stable. According to RSA, the software has trouble stealing the data it’s meant to steal, and it can crash your Web browser – something that doesn’t appear to be intentional. And removing the software is just a matter of deleting the Trojan’s files. If you think you have the virus and what to remove it, check out this post by Yotam Gottesman from RSA’s FraudAction Research Labs. That said, the malware’s developer is actively working to improve the Trojan, so security firms like RSA aren’t writing it off completely. The company intends to keep an eye on the malicious software as it evolves.
+1
+ -

> If you think you have the virus

It's not a virus. I.e., it doesn't spread by itself. The only way for it to get installed is for you to have manually installed it yourself via some social engineering. So, if you run random shell scripts attached to viagra emails, you might have it. If you only install software from signed repos like most Linux users, you do not.

The way it spreads is so atypical of how you normally install software in Linux that I have a hard time believing anyone could unintentionally end up with it on their system.

If you want the warm fuzzies, and you're on a debian-based distro like the Ubuntu screenshot above, just 'sudo apt-get install rkhunter && sudo rkhunter --check' from a terminal window to check for all known rootkits.

Login or Register to Comment
Post a Comment
Username:   Password: