Malware hits Linux systems

[Clarity]

FontOnLake

For your review

[mikewalsh]

@Clarity :-

Clarity, please desist from creating posts which are simply a link. On every other forum I frequent - several of 'em - this practice is generally frowned upon. The whole 'point' of these type of posts is to MAKE the reader click on the link.

It wouldn't be so bad if you at least provided some background before directing folks to your link.....

I'm NOT "having a go at you". The practice is usually regarded by forum staff as cheap sensationalism.....created by those who don't have much to post about. I've lost track of the number of wrists I've slapped over at BleepingComputer during this last 18 months or so for this very act.....

Thanks.

Mike.

(Anyway, it's almost certainly targeting servers. And I very much doubt that little fishes like us have got anything these "sharks" are interested in.....)

[Clarity]

Thanks Mike,

I ask:
Would you offer me an example for a replacement post of the opening post of this thread, please.

I will use it as a template for future posts. I am sure I as well as others will find a sample useful going forward.

I dont view your message "having a go at you" as anything more than trying to help all of us improve.

Thanks in advance.

[8Geee]

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

[mikewalsh]

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

A very concise, and "to-the-point" summary. I couldn't have put it better myself!

Thank you, @8Geee . Cheers, mate. Clarity.....this is only a general summary, but it's about what was I going to put myself. 8Geee has saved me the trouble....

I may be 'picky' in this respect.....but bad grammar/spelling/over-use of text-speak etc., these things have always annoyed me. Probably a legacy of a public school education, where you had it hammered into you that you should always strive to "do things properly". Some of it's stuck..!!

Living in the UK, with Auntie Beeb's newsreaders constantly showing us all how to "talk proper" has perhaps had summat to do with it, too....

Mike.

[Clarity]

So, instead of not asking an action by the reader

FontOnLake

For your review

You prefer this one which "tells" the reader to provide action

FontOnLake

Read the article before posting, with summarization, and any effect on Puppy systems, servers, and Linux in general. Post your comments and a link.

Is that correct?

[mikewalsh]

@Clarity :-

Um......NO. I think you've got the wrong end of the stick here, buddy.

What 8Geee posted was NOT a "template" to simply copy/paste into a post. His summation - and very concise, too! - is a brief set of instructions on how best to construct your post.

Read the article yourself.....which I assume you must have done. Then, sum it up briefly.....state WHY you think the contents of the article are relevant to the community....and then add your link.

Surely, at your age you don't need to be told HOW to write & use your mother tongue....do you? We ALL appreciate a well-written article, because it makes it interesting, and easier to follow. Okay, I admit I can be a bit "verbose" at times, but then I've always been something of a story-teller!

The best articles engage the reader, and make them WANT to continue reading. It's something of an art-form, it's true, and a "knack" that not everybody has.....but if you can pick it up, it's a God-send. Even in the "tech" world, mere recitation of dry, boring facts CAN be a bit off-putting.....

Dress things up a bit, and make your reader feel as though you're talking to them on a personal level, y'know? It's quite easy. Just put a little bit of thought into how you're posting, that's all I'm saying.

Again, I repeat; I'm NOT 'having a go at you'. Please don't take this the wrong way. I'm hoping you'll take this in the spirit in which it was posted.....as a genuinely instructional piece of comradely advice.

Mike.

[fredx181]

Yes, I agree w. Mike, give it a personal touch, not a link only.

EDIT: Btw, do we need to be extra careful ? I think yes, but as long as we download software from trusted sources it will not contain viruses, e.g. from Ubuntu, Debian, Slackware, ...

[Clarity]

Its has never been my writing style to add a 'personal' touch, per se, to articles writen by other authors. I have viewed this behavior, in my past, as a personal critique of the writings of others. Thusly, I steer away, personally, because even a summary is a personal touch. The alert does not intend to be an evaluated summary or an interpreted one.

In this case, for example, I merely wanted to post an alert.

But, if I understand, it may be better to post an alert with some statement.

That article speaks for itself in the evidence it presents. So, in my case, as a reader of it, I can either incorporate it, or ignore it without anyone 'leading me' with an initial interpretation.

I do thank everyone for what you share. In the future, I will consider how best to 'frame' an alert. Yet, I hope a reader of this understands my position for bringing alerts to the community.

MUchly appreciated the insights from all. I'll try to do better. And, I will try to make alerts more appealing.

[Clarity]

Back to a comment about the article.

(Anyway, it's almost certainly targeting servers. And I very much doubt that little fishes like us have got anything these "sharks" are interested in.....)

Yes, I understand your point. But some of the members are 'hosters' and some of us provide family server services, either local at home or over the net with family members offsite.

The article for some, here, has importance.

And, some forum members have careers and might also find useful understanding.

Again, I hope the article is helpful.

[6502coder]

I often run across articles , particularly regarding security issues, that I think may be of significant interest, but whose practical impact on Puppy users I am not qualified to judge.

What I usually do is to quote a few sentences in the article that seem to summarize the problem and/or impact. One can almost always find such a brief quote, if the author was at all competent.

[Clarity]

Yes, we all have personal styles to relay information.

[mikeslr]

I have to disagree with Mike Walsh's criticism for these reasons: The post, although barely more than a link, was made to the Off-Topic, Security Section. It serves as an alert "for your review", encouraging replies, a discussion.
I've read the linked post twice. As an 'alert' it points out what Clarity made clear by the title of his post: "Malware hits Linux systems". As a User of a Puppy Linux systems I am concerned as to the impact of the malware and, if there is any, what work-arounds or other responses we have, or can devise.
I am not technically sophisticated. But my 'take-aways' from the linked post were:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

As someone who is not technically sophisticated, even having read the linked post twice, I still don't have a clue as to its significance. Perhaps as a frugal Puppy makes use of a READ-ONLY kernel and securely deployed such as by booting entirely from read-only sources after making use of nicOS's Save2sfs, there is none. But maybe my lack of technical sophistication results in a serious under assessment of the threat.

None of us has the time to read everything published on the Web. One of the values of a community is to provide a vehicle for the communication of potentially important information that members of that community can review, assess and perhaps respond to. The post was to the Forum's Security Section. Hopefully, that Section is read by those who work on woof, publish Puppys, develop Puppys security provisions, or the applications most vulnerable to malware attacks. Perhaps it is information they should have but didn't.
None of us are paid. The Forum neither imposes quotas nor offers merit badges. A post is just a post. The proper response to those who frequently post merely to convince themselves and others that ‘I exist’ is to ignore their posts. I doubt that was Clarity's purpose as most of his posts have been detailed efforts to provide immediately useful information. Or maybe I'm just 'covering' myself as several of my posts have consisted entirely of placing 'an alert' to someone else's work, which was not posted in a Section I thought others who might be interested would find it.
This post has taken at least a half hour of my time. Requiring a well-drafted summary to provide an alert requires time which could and may have to be more usefully employed. Such a requirement encourages the alternative: silence.
Clarity’s alert served the purpose for which it was intended. I would much rather this thread have evolved as a response to the information Clarity’s post brought to our attention than as a vehicle to discuss etiquette and style.

[jamesbond]

I am not technically sophisticated.

I am. And I read the article. And my professsional assessment of it: It's worthless. The one and only single conclusion that one can make from that article is: "There is a new malware called FontOnLake". Nothing more, nothing less. The rest is just mumbo-jumbo no doubt added to fill in the word-quota content threshold.

I wouldn't even bother to call this as "information". I would just call this as noise.

People with nothing better to do in their life publishes tons of malware every single day. We already know that. Announcing that there is another malware named so and so, isn't news. Today is FontOnLake. Perhaps tomorrow it will be LetterOnMountain. Or BirdInCloud. It isn't going to help anyone.

You know something that is helpful? How about telling everyone of:
- What does it do to infected systems?
- What kind of harms does it do? (Encryption - ransomware? Data deletion? Crashing the system? Bot farm? Etc).
- What is the kind of data that it steals?
- How does it spread?
- What we can do to avoid catching it? What precautions we can follow?
- How to detect if it has infiltrated our systems?
- How to remove it if we are already infected?
- Etc.

That's what I call useful and helpful.

_____________________

This post is not a criticism to @Clarity . It's more criticism to the article on ZDNet itself. I don't question why Clarity chose this article: everyone thinks differently and I could only think of the best reasons why Clarity posted the link.

However, I do have a suggestion for @Clarity to make his announcement a lot more useful.
If you could post what @mikeslr did, it would be helpful. Imagine how much more informative your post would be, if you posted this way:

Malware Hits LInux System:

From the ZDNet article:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

For more details, read the article yourself: FontOnLake Hits LInux systems

People knows straightaway what the article is all about, and they can decide whether or not to click the link.

Without putting the words on @mikewalsh's mouth, I think this is what he meant.

Posting a link by itself without any explanation or summary whatsoever is not a good netiquette. Many other sites shun it, and for good reason. A great many malware spreads by unaware users clicking certain link. Spammers do it all the time.

So we definitely don't want to cultivate the habit of clicking any link that we don't know. It's unhygienic.

I hope everyone gets positive feedback from all these.

Bye for now.

[CaptGeorge]

I've just "Thanked" everyone who commented on this thread. It's a very good discussion of threats to Linux systems. Personally, I don't worry to much about malware on my Puppy or Ubuntu computers. I don't "click" on any links email or in forums.

It would be nice to know how we can prevent linux malware. And, the best ways to scan for it, plus how to fix it, if ever necessary.

[mikewalsh]

Malware Hits LInux System:

From the ZDNet article:
"FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code... that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information...Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones...The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue "heartbeat" commands to keep this connection active... FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine."

For more details, read the article yourself: FontOnLake Hits LInux systems

People knows straightaway what the article is all about, and they can decide whether or not to click the link.

Without putting the words on @mikewalsh's mouth, I think this is what he meant.

Posting a link by itself without any explanation or summary whatsoever is not a good netiquette. Many other sites shun it, and for good reason. A great many malware spreads by unaware users clicking certain link. Spammers do it all the time.

So we definitely don't want to cultivate the habit of clicking any link that we don't know. It's unhygienic.

James makes the point well. It's more or less what I intended to put into my original reply, but.....I got distracted half-way through. When I returned to finish posting, events here had driven it from my mind.

It gets worse, the older you get...!!

Better than 90% of computer users, world-wide, run Windows. Malware authors target it for exactly this reason.....and malware is almost invariably spread by clicking on links. This is why it's bad "nettiquette" to ONLY provide a link without some additional background.

Some posters consider the "minimalist" style of posting to be "cool" and/or "profound". It's NOT. In this case, it's an open invitation to infection.....and is NOT good practice. It's not criticism, but if Clarity has, as he claims, been around the tech world for as long as he says, he really ought to know better.

-----------------------

(Enough 'distraction'.....but the point needed making, and is one that unfortunately needs to be made again & again as time goes by.)

Mike.

[Clarity]

OK @mikewalsh

It's not criticism, but if Clarity has, as he claims, been around the tech world for as long as he says, he really ought to know better.

NOW, THAT'S A CRITICISM! I was wondering how long it would be before it started. Everyone, including you have already made their points for improvements. This final "I got to get the final dig in" from you is unwarranted.

For as long as I have been around, I have NOT been victim of a clickbait as I am careful of both my sources, and approaches. And insuring I am not a victim, I only offer sites that are known trusted ones on the net.

In my times, I have not posted anything to anyone, so far in my lifetime that carries a clickbait. And I certainly insure I do not bring any such to the forum.

I am paying attention to what all is being shared in this thread about 'posts in brevity' as it seems that if no additional info describing a link, that somehow makes the link suspect.

I think most know over the couple years on this forum that I have not presented any clickbaits. But, I will in the future describe briefly some indication of the link contents in efforts to better make clear some idea of the articles content. In my past, I have tried to merely use a threads title and some description in the opening post's link that would be helpful for giving some idea of information benefit.

AS I review, the problem may be that even if I made a link that is a description of an useful article, that a description-link will also not be what some member, here, want.

If I can offer a suggestion to forum moderators, it is this: Place a TEMPLATE or example, somewhere on this forum, of a minimum the moderators want to see. Personally I think it might best be posted where new members or beginners will see the Template and not make an unconscious misleading structure as I have done.

I have noticed, for example, @bigpup does offer 'sample' prescription when helping members of a useful way for forum members reporting issues to follow. He makes it clear and his samples are a TEMPLATE. Not only does he repeat a sample from time-to-time, but, that very bit of useful guidance is posted where new/beginners can see it.

There is no reason that I can think of for this thread to lead to a similarly placed TEMPLATE in the forum.

Stop the personal criticisms and offer your ideas for a template instead of alluding to what you want.

I had asked before and I ask again using different wording, show me how you would make the opening thread by giving a sampled equivalent to the opening thread. YOU have refused, instead merely alluding. I want to see how you would offer the article that would be acceptable.

What @mikeslr and @jamesbond have done is presented their reactions to the alert. My intent was not to give a reaction as an opener. Rather it intends to open and allow members to contribute any reactions they have on the merits of the article if there are any. This is how I have envisioned alerts of this sort to proceed. I THANK @mikeslr and @jamesbond as what they've offer are their reactions for member viewing. It similar to the 'reaction' you posted to your view of the article.

As I have already indicated, I intend to bring more info in the links that are posted in hopes that it will allow members to decide if the article(s) will be helpful knowledge. In the past, before this started, members have viewed the links and have posted reactions.

Lastly, I ask, has anyone gotten ANY clickbaits or bad articles of posts from anything I have done in the past. I think we all understand at this time, that my style for posting is misguided. So I hope this discussion will help anyone and I hope some one of the moderators will offer TEMPLATES or a reworded post to show its conformity to forum desires.

If you will post a succinct example by taking the opening post and presenting how you would have presented this thread, it would have gone a much better method than merely alluding to 'good practice'. GIVE A CONCRETE EXAMPLE FOR OBVIOUS COMPARISON. It is what I asked early on in this thread. That, too would be helpful and a guide.

Mike, If you are not willing, that a personal preference. But the points have been made. If you will post a comparison example I think it corrects the thread and makes plain a future pathway.

If not, let all move on, please.

[mikewalsh]

@Clarity :-

Oh, for crying out loud....

Nobody made ANY mention of the link being 'clickbait'. My point was simply this.....that presenting a link, by itself, without any description of what that link leads to, is a dangerous practice. By your own admission, you've been around the 'tech' world long enough to know this is so.

As for a 'template', why should we have to provide articles for the lazy to simply copy/paste & edit? Do you not HAVE any imagination? Can you not think of anything to say, rather than just pasting a link & hitting the 'Submit' button? Everybody else seems to manage just fine.

I think most know over the couple years on this forum that I have not presented any clickbaits. But, I will in the future describe briefly some indication of the link contents in efforts to better make clear some idea of the articles content.

That's ALL I was asking for in the first place...

------------------------

As stated before, no-one is criticising your intentions, which are usually good.....even I will admit that. All I'm asking is that you put a little bit of thought into how you actually create and, to use your own phrase, "present" your posts. That's not so much to ask, is it? Do you feel you NEED instructions to follow?

In all my years online, you're one of only a handful of people I've come across who cannot seem to handle the slightest bit of criticism; you take a simple request & manage to manipulate it into a massive, direct, personal attack..!

Most of us are not 'mind-readers', Clarity. Please remember, too, that we're not there with you all the time, looking over your shoulder, and thus privy to what is going through your head at any given moment.

Nobody with a whiff of common sense will take anything said online "to heart"; nobody is "having a go" at you about intentions and/or source material. My only concern is the smooth running of this forum, and is the one thing I will pull anybody up about, be they a veteran member OR a raw 'noob'. As such, member's posting styles and/or content & behaviour are always going to be at the forefront of my mind.

All I did was to make a polite request. YOU are the one who has blown this up into something it never was.

I've said my piece. I'm outta here.....and that's the end of it. I'm not responding any further on the matter, which as far as I'm concerned has run its course.

Mike.

[snoring_cat]

Clarity,

Thanks for the post. For starters, this malware can put rootkits into fake binary files such as cat, kill or sshd..." I guess it's a good thing that Puppy Linux doesn't do background weekly system updates as much as other Linux distributions.

As a suggestion for future posts, you could just post what is the main title on the web page you link. This is similar to an RSS feed entry. For example, just add to your post:

FontOnLake malware strikes Linux systems in targeted attacks
The malware is accompanied by a rootkit to sink its claws firmly into vulnerable machines.

[Clarity]

New announcement of a Linux kernel BUG that takes over your ...

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel ...

FYI