WikiLeaks releases Manual for Linux Implant "Aeris"

Discussion in 'Linux' started by Mr.X, Jul 29, 2017.

  1. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,996
    13,567
    180
  2. Superfly

    Superfly MDL Expert

    Jan 12, 2010
    1,141
    543
    60
    I don't get it.... planting binaries OK ... but how do they run without root access?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. TinMan

    TinMan MDL Member

    Jul 31, 2009
    116
    154
    10
    Interesting stuff... However, I don't think that most of us are affected, since "Aeris" targets Debian 7 based distributions, along with some others. I use Linux Mint 18.2, based on Debian stretch/sid - that is Debian 9...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,646
    3,941
    120
    It's important to read the comments at the bottom of the page. The posters there are reiterating the same words as the posts here.

    The best reply was the last post over there.

    "It didn't work 20 years ago. Why would it work now?"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,245
    11,059
    340
    It seems WikiLeaks has no more real stuff worth to leak and tries to attract attention anyway.
    Aeris is a part of project Imperial and quite outdated already. There is no details about an exploit / vulnerability and info HOW to infect the target.

    For me it's just like a brief manual of an application which can perform some communications once it's locally installed.

    Things would change if 'other hackers' would pick up the sources and use them to make recent malware out of it just some did with wannacry from the EternalBlue project.

    But the big difference is there is no word about getting benefit of a vulnerability.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    3,646
    3,941
    120
    Sad but true. There will come a time when they will have no credibility at all, and become nothing but a click-bait site.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. phijordz

    phijordz MDL Novice

    Aug 27, 2013
    8
    2
    0
    And what then is an implant, is it a virus or a rootkit? How does it behave or what will be the symptoms of an infected unit?
     
  8. Superfly

    Superfly MDL Expert

    Jan 12, 2010
    1,141
    543
    60
    #8 Superfly, Aug 11, 2017
    Last edited: Aug 11, 2017
    Anything written in C has to be compiled (i.e. binary)... any binary has to be initiated by the OS... any initiation has to be through root ... any root requirement has to be by the user (password)

    I can't see how this can be automated to send data across a network...without user ignorance (i.e willingly running it).

    PS: to answer your question...
    No, it's not a virus or rootkit... it's a "listener" which sends (like in steals) info to a server.. it's just there are uninformed/sensationalist sites comparing it (due to WannaCry)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. phijordz

    phijordz MDL Novice

    Aug 27, 2013
    8
    2
    0
    So that's just what it is. Thanks .

    Now I can continue reading the other interesting long threads in this MDL forums, with my linux box relieve of paranoia !
     
  10. cdavisdeco

    cdavisdeco MDL Senior Member

    Jul 8, 2015
    267
    52
    10
    So it's not totally worthless.
     
  11. Superfly

    Superfly MDL Expert

    Jan 12, 2010
    1,141
    543
    60
    Yes it is... please tell me how this will become a WannaCry? given the differences between Admin (an inheritance from Trusted Installer) and Root
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. cdavisdeco

    cdavisdeco MDL Senior Member

    Jul 8, 2015
    267
    52
    10
    This may not become a WannaCry. And actually I meant the leaks of WikiLeaks.