General > Security & Bug Fixes
I think I Might Have Russian Trojan Fysbis on my computer
stop0x0000000a:
I live in Russia and despite being not a fun of Yandex I really doubt they infects their users with any kind of trojans.
if they would do that they simply lost the market.
I would suspect overheating, motherboard capacitors, power supply or something similar, i.e. start with memory test for instance.
It is always possible to reinstall the OS if the hardware is ok.
Jerry:
This article here will tell you if you have that specific Trojan - http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ just look at Root install desc and Install as non-root file names.
Sent from my Nexus 6 using Tapatalk
Jan:
I write this from my Windows 7 laptop as my desktop that has both Linux Lite and Linux Mint 17 has now become so slow over the past week that its almost unusable - and both systems are affected (or should I say, infected?). Like most people, I thought I didn't have to worry about viruses and Trojans with Linux - but I see from these recent postings that a very nasty Trojan virus out of Russia is affecting Linux systems everywhere.
Those reading this may wonder why do I suspect I might have Fisbis? Well, the most obvious is the very sudden slow down in both Linux Lite and Linux Mint over the past week or so and all three browsers (firefox, midori, and tor) are constantly crashing even though I have only an ad-blocker add-on. My computer is behaving like it has a virus or some type of malware - and I think it might be Fisbis.
So how did I get Fisbis? Well, on Feb 11, 2016, an article came out extolling the features of the free email service called Yandex - that comes out of, you guessed it, Russia. (On Feb 15th, news hit the internet about the Fisbis Trojan - but of course I didn't know about this at the time.) In the process of testing out Thunderbird on Linux Lite I didn't want to use my official email account, so i thought I would set up a separate free email account on Yandex using a POP3 on Thunderbird email. Meanwhile, on the Linux Mint OS, I set up a Yandex free email account using a POP3 on Evolution email.
The server for Yandex email - as well as their free Yandex web browser, unlimited online storage starting at 10 GB, integration with Yandex Disk, e-Cards, and a whole bunch of other goodies - it all comes out of Russia. I have to admit, two weeks ago, as I was setting up the free email service (which was all I wanted anyway), I had a twinge of "Gee, should I be doing this????" Of course, in the process of setting up your free email account you get to choose your wallpaper ....."Oh boy, what a swell looking picture of the Kremlin....." - and now my feet are getting cold, but I'm too far in, though I have to admit, the beautiful pictures of deep outer space - probably from the Russian Space Station - did make me feel slightly better and set my geekly heart a flutter. Yup, they sure do know how to reel ya in.....
Of course, the easiest way to get rid of this would be to do a fresh install of both Linux Lite and Linux Mint and totally nix Yandex altogether - which is probably what I will do eventually.
However, before taking this final step, is there any way to test my suspicion that I've been infected with Fisbis (or something else equally nasty)?
Also, other than avoiding anything coming out of Russia, how can Linux users protect themselves from these kinds of threats?
Navigation
[0] Message Index
[*] Previous page
Go to full version