Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Crime

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 43

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
This discussion has been archived. No new comments can be posted.

Neutrino Exploit Kit Has a New Way To Detect Security Researchers

Comments Filter:
  • by Anonymous Coward

    Until we get proper malware support there can be no year of the linux desktop.

    • by JustAnotherOldGuy ( 4145623 ) on Saturday February 06, 2016 @03:37PM (#51453891)

      Until we get proper malware support there can be no year of the linux desktop.

      I know- as someone who's in the process of switching to Linux Mint, I'm having trouble finding replacements for stuff like Zeus, Conficker, Koobface, Rustock, and Cutwail.

      If someone could point me towards some quality malware to infect my Linux box with, I'd be grateful.

      • by Anonymous Coward

        https://www.winehq.org/ [winehq.org] You're welcome

      • If someone could point me towards some quality malware to infect my Linux box with, I'd be grateful.

        Dual boot with Windows - that should do it.

      • "point me towards some quality malware to infect my Linux box with, I'd be grateful."

        Set a password 'root' for the root user, let sshd listen to the internet from the default port, and wait a few days.

        • Set a password 'root' for the root user, let sshd listen to the internet from the default port, and wait a few days.

          I'm probably not technically proficient enough to figure out how to do that, so for the time being I guess I'll have to search the repositories for some highly-rated malware. Sadly there doesn't appear to be a version of Macafee Anti-Virus for Linux yet.

          I did find something called "mkfs.ext4 /dev/sda1" which looks promising; I'll try it and let you know how it wo*J^$ - @~_![[^8(fx4| 5n är föd#&

  • Headline (Score:5, Insightful)

    by Livius ( 318358 ) on Saturday February 06, 2016 @03:26PM (#51453855)

    For a second I thought sub-atomic particles were turning the tables on physicists.

    (Seriously, we need more original names for these things.)

  • So a windows wanting to avoid infection from neutrino should spoof the TCP packets and pretend to be Linux?
  • Yet again, Linux fails to be properly interoperable with the Windows ecosystem. Heck, I'll bet you can't even get properly detected and infected by Neutrino when running WINE.

    Sigh.

  • Malware devs are protecting malware researchers? Hey, thanks!

  • by Anonymous Coward

    If the exploit kit won't talk to malware detectors, it's possible to spoof all computers so they look like malware detectors, and the exploit is rendered harmless.

    • In this case it sounds like that's basically exactly what happens for Linux users, we'll be basically immune to Neutrino since the server will refuse packets from us.

  • your tinfoil hat certainly won't stop neutrinos

    oh, we are not talking about the massless subatomic particle?

If the facts don't fit the theory, change the facts. -- Albert Einstein

Working...