Apparently, the problem was a vulnerability in Java SE 6 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3560 exploitable by the trojan . This has been fixed in Lucid https://lists.ubuntu.com/archives/lucid-changes/2010-October/011816.html by October 19 .
The issue itself is pretty weird, however not that big of a deal. What it actually shows is that Java technology is pretty insecure in its nature, mostly redundant, that is why fortunately not installed on most Linux distros by default. As far as the OS security question is concerned, although not completely infallible, most Linux/*BSD/Solaris platforms are more protected from malware and viruses than MS Windows is. Actually, this page http://www.ubuntu.com/desktop/why-use-ubuntu claims that the risk is intangible for Ubuntu users. And the statement is true. The reasons lie in the fundamental difference between open source unix-like and ms windows os'es. The old but still mostly valid article http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/ by Nicholas Petrely talks just exactly about that. Most article's points (if not all) still apply now. BRW, Linux/*BSD is the most popular server OS, especially web server, which is verifiable. MS Windows has no more than 30% of the Internet domains (mostly parking ones). So, HacKurx and all of us, we are indeed more secure than our Windows-using counterparts. Just do not install an unsigned, binary-only, unverified pieces of software Ubuntu repos have tons of applications, more than enough for everyone. Get a strong account password and do not run "sudo rm -rf /*" on your machines too often :-) ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3560 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/668314 Title: Trojan under Linux passing by Java ! ! ! -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
