Linux

9322 readers

223 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection (thehackernews.com)

submitted 2 weeks ago by Sunshine@piefed.ca to c/linux@programming.dev

14 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] pedz@lemmy.ca 3 points 2 weeks ago (1 children)

The starting point of the attack is an email message containing a RAR archive, which includes a file with a maliciously crafted file name: "ziliao2.pdf{echo,<Base64-encoded command>}|{base64,-d}|bash"

Doesn't it mean that a rar archive contains the malicious file?

It's worth noting that simply extracting the file from the archive does not trigger execution. Rather, it occurs only when a shell script or command attempts to parse the file name.

[–] skaffi@infosec.pub 2 points 2 weeks ago (1 children)

Right you are! I'm not sure how that went over my head. Eh, too much morning, too little coffee. Thanks for correcting me.

[–] pedz@lemmy.ca 1 points 2 weeks ago

It's also worth saying that as much as I don't have an antivirus on Linux, and that I'm generally not too worried about malware and viruses, I have backups, follow the 3-2-1 rules, and my OS can be scarified if there is ever a problem.

But I must admit that being infected is not always detectable and taking extra care probably wouldn't hurt.