Security threat.

[kc1di]

You may be interested in this threat.

Chinese hackers use DNS-over-HTTPS for Linux malware communication

The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers.

www.bleepingcomputer.com

 

[KGIII]

Thanks for posting. It's a pretty good article, but I have some thoughts.

As is often the case in these articles, you get stuff like. "... a custom privilege elevation tool ..." without any details. The overlooked bit, perhaps intentionally for the sake of clicks, is how such a tool ends up on the compromised machine in the first place and what it's using to get said elevated privileges.

I went through both the links in the article, at least reading the relevant sections, and it's never disclosed (from what I see) how you ended up installing the malware in the first place - or how they got initial access to load the tool in the first place.

So, the same rules apply.

Don't download dodgy things unless you trust them completely. When possible, consider verifying the file's integrity. Don't enter your password if you don't know why you're being prompted. Apply security updates ASAP.

That sort of stuff. Operating systems are pretty secure today, but we must still use our heads. The most significant security vulnerability is sitting right there in the seat.

 

[PuppyHome]

Use common sense and stay vigilant.

Thx for the link @kc1di

 

[The Duck]

Which is better for normal web browsing DNS Cloudflare or HTTPS and can both be used together.
I'm using Chromium and in settings I can enable either or I can enable both.

 

[KGIII]

Which is better for normal web browsing DNS Cloudflare or HTTPS and can both be used together.
I'm using Chromium and in settings I can enable either or I can enable both.

Oh, DNS over HTTPS is still superior. Just because there's a potential security vulnerability doesn't mean you're affected. Also, from what I can see, the exploit isn't about what you use in your browser - it's an application running behind the scenes. What your browser is using has no relevance here.

So, secure DNS is still better (if you want some level of privacy from your ISP and, perhaps, the government). I think you'll find all the major browsers offer "secure DNS" as an option.

 

[The Duck]

Oh, DNS over HTTPS is still superior. Just because there's a potential security vulnerability doesn't mean you're affected. Also, from what I can see, the exploit isn't about what you use in your browser - it's an application running behind the scenes. What your browser is using has no relevance here.

So, secure DNS is still better (if you want some level of privacy from your ISP and, perhaps, the government). I think you'll find all the major browsers offer "secure DNS" as an option.

Thanks for the clarity.
I don't understand what I read about the security confusing sometimes in Linux or Windows but I figured DNS was the better choice.

 

[KGIII]

I don't understand what I read about the security confusing sometimes in Linux or Windows but I figured DNS was the better choice.

When you visit a website, you first query the DNS records. Think of DNS records as being like an old phone book. The records tell your computer which IP address to head to. (Then the server itself, which often has multiple sites on the same IP address, will send you to those files - sort of like a telephone extension.)

In the past, those DNS queries were made in plain text. Your ISP (and by extension the government or anyone capable of monitoring this) would be able to see which specific websites you visited. Anyone capable of being a man-in-the-middle (MITM) would be able to record which sites you visited.

If the site is HTTP (and not HTTPS) those same people can see what you're doing on those sites, which is why we've adopted HTTPS to a large extent. Well, that and it was made both easy and free by Let's Encrypt.

With DNS over HTTPS there's essentially nobody looking over your shoulder watching which phone numbers you're looking up. Further, with HTTPS, there's nobody looking over your shoulder to see what you and the third party said over the phone line.

The above assumes a perfect world, where there are no holes in the system and no exploits in the system. You can generally assume it's working and a modern browser will likely give warnings when the site isn't a secure (HTTPS) site.

This is all true even when it's not your browser making these queries. Tools like wget will be doing the same thing behind the curtains. Your system has all sorts of things that query the 'net, besides your browser. This involves something other than your browser and your browser settings don't really matter for this.

Make sense?

Also, assuming you're reasonably safe (practicing safe-hex, as they say), you don't have much to worry about. This is also likely aimed at servers or IoT devices - often running with unpatched exploits. You can even monitor your network traffic to look for unexplained behavior but that's probably just a waste of time for most of us.

 

[The Duck]

Make sense?

It actually does.

Thanks.

 

[KGIII]

It actually does.

Excellent. They say to know that you understand something, you should be able to explain it to someone else. They, for some subset of 'they', also suggest that you can explain everything with a crayon and a single 8.5" x 10" piece of paper (slightly less than A4, for our friends across the oceans).

There's more to it, such as the hostname. You have one of those that shows up every time you open your terminal. Servers (and you) can have multiple hostnames. That information is forwarded along with the rest of the data, which is how servers that serve multiple domain names manage to do so with one IP address for all of them.

Depending on your distro's configuration, you can possibly substitute 'localhost' for '<hostname>.local'.

But, all in all, that's not really information that was needed for the above. There are also different types of DNS queries, from MX to A records and even CNAME records. It sounds a bit overwhelming, but it really isn't and most folks don't really need this information for anything - even if they have a website. That sort of stuff has all been hidden behind the curtains for many years, making things much more user-friendly. You can happily get web hosting that lets you point and click your merry way through all of that with little to no domain-specific knowledge.

 

[The Duck]

The first time I had to set up a modem with a router I was confused as hell but I finally got it working.
Although it worked I kept getting kicked offline.
Someone told me to make the router the smart device and bridge the modem which made the modem stupid and everything worked.
I didn't really understand the how and the why but it all worked and everyone in the house was happy.
That was back in the day when one computer per household still worked unlike now everyone has their own desktop or laptop and cell phone.

One thing I have to say about using Windows is there is always someone somewhere that can give a solution to solve a problem.
Using Linux when you ask for help people give you that deer in the headlights look.

 

[Condobloke]

that deer in the headlights look.

I get the same reaction when people ask which version of windows I use......and my standard reply is..."windows?....what's that??"

 

[bob466]

There are threats everywhere these days...https://www.scamwatch.gov.au/types-of-scams

I wish I had a dollar for every time I got a phone call saying my phone and internet were being cut off.

 

[KGIII]

I wish I had a dollar for every time I got a phone call saying my phone and internet were being cut off.

I don't know why, but I never get those calls.

Try as I might, I haven't even had someone call to claim my Windows-based computer is broken or insecure. I'm actually hoping to get that call. I plan on having a whole lot of fun with the caller. I plan on keeping them on the phone for hours, all for my own amusement.

Nobody ever calls.

I get calls asking for donations. Man, I get a lot of those calls. I get some political calls as well, which are also asking for donations in one way or another. They either want my money or my attention - or both.

But, well aside from the political calls which we'll avoid discussing, I don't get any spam calls.

Man, I'd love to be told my Windows computer has been hacked and that the nice person with the heavy accent is there to save me (for a 'reasonable' sum of money). I'm gonna have so much fun with them when they do.

 

[bob466]

One thing I have to say about using Windows is there is always someone somewhere that can give a solution to solve a problem.
Using Linux when you ask for help people give you that deer in the headlights look.

A lot of the problems in Linux are user created and it's very hard to work out what the user did to fix it eg...I can't burn the ISO to my Flash Drive or I deleted something now my computer wont boot and many more.

 

[bob466]

I don't know why, but I never get those calls.

Try as I might, I haven't even had someone call to claim my Windows-based computer is broken or insecure. I'm actually hoping to get that call. I plan on having a whole lot of fun with the caller. I plan on keeping them on the phone for hours, all for my own amusement.

Nobody ever calls.

You're very lucky...in 6 mths I got 30 calls from "Nicole" from the NBN (National Broadband Network) or as we call it No Bloody Network saying as the NBN in now in your area your phone and internet will be cut off in 24 hrs...thinking we still have the copper cable Ha Ha Ha.

We also get charities who waste time ringing us at least 3 times a week...we don't answer them. A few months back I got a call saying will you accept the charge of $1400 on your credit card...press 1 to accept or 2 two decline...of cause I did nothing.

I got a call once from someone claiming to be from a service provider I'm not with...saying my phone is going to be cut off...still waiting for them to cut me off...when will it end.

 

[The Duck]

A lot of the problems in Linux are user created and it's very hard to work out what the user did to fix it eg...I can't burn the ISO to my Flash Drive or I deleted something now my computer wont boot and many more.

I'll agree with that I created a lot of the problems I first had using Linux because I didn't know what I was doing.
I've had problems with Linux that I didn't create newer Linux kernels not supporting older Nvidia graphics drivers for older Nvidia graphics cards.

 

[bob466]

I'll agree with that I created a lot of the problems I first had using Linux because I didn't know what I was doing.
I've had problems with Linux that I didn't create newer Linux kernels not supporting older Nvidia graphics drivers for older Nvidia graphics cards.

You're not the only one to cause problems...I once managed to wipe my Drive while playing with Gparted...lucky for me I have an image that I create every few months and it's a simple matter of Re-Installing it.

Another time I was stupid enough to ran this command from the internet which killed my system but if we learn from out mistakes we will be fine and always have an Image stored on an External HDD and a Timeshift snapshot too just in case.

 

[The Duck]

I don't know why, but I never get those calls.

Try as I might, I haven't even had someone call to claim my Windows-based computer is broken or insecure. I'm actually hoping to get that call. I plan on having a whole lot of fun with the caller. I plan on keeping them on the phone for hours, all for my own amusement.

Nobody ever calls.

I get calls asking for donations. Man, I get a lot of those calls. I get some political calls as well, which are also asking for donations in one way or another. They either want my money or my attention - or both.

But, well aside from the political calls which we'll avoid discussing, I don't get any spam calls.

Man, I'd love to be told my Windows computer has been hacked and that the nice person with the heavy accent is there to save me (for a 'reasonable' sum of money). I'm gonna have so much fun with them when they do.

The Microsoft callers are wise to the people who are wise to them.
I kept one on the line for maybe 10 minutes before he figured I was wise to him and he just hung up.
I have a landline and two cell phones one cell phone is for medical stuff the other cell phone is for everyday normal use.
I get calls from bots and some humans looking for the person who used to have these numbers.
I have to say some of the calls are interesting and some of the calls are pure crap.
Phone soliciting is part of today's modern mobile media society and seems like everywhere I go everyone is on their phone except me.

 

[MikeRocor]

The Microsoft callers are wise to the people who are wise to them.
I kept one on the line for maybe 10 minutes before he figured I was wise to him and he just hung up.
I have a landline and two cell phones one cell phone is for medical stuff the other cell phone is for everyday normal use.
I get calls from bots and some humans looking for the person who used to have these numbers.
I have to say some of the calls are interesting and some of the calls are pure crap.
Phone soliciting is part of today's modern mobile media society and seems like everywhere I go everyone is on their phone except me.

I think I've been blacklisted by the callers from "Microsoft" after keeping not one but a -pair- of them, "Mike" and his supervisor, "Jim", on the line for over an hour. They only caught on to me because my son, listening in, couldn't stop laughing (I was having a hard time controlling my own laughter, so I really couldn't blame him). When they realized they'd been had, they became angry, as if - I - were the bad guy, and they said mean things about my mother. Sadly, I didn't think to start recording until about 15 minutes into the call.

These days it's all about "the warranty on your car" and they mention my "2015 Pontiac". I went to craigslist to see if I could find some plausible details to make up about my 2015 Pontiac. That's when I realized the last Pontiac was built in January of 2010. Don't these guys do -any- research?

 

[sphen]

I live in California in the US. We are one of the few who still have a POTS landline phone, so we get spam phone calls. I can recognize most of them from the caller ID display. They rarely leave messages. When I must pick up because I am expecting a call from an unknown number, the calls follow easily recognized patterns. I won't bother with the details.

The flood of spam phone calls that we have in this country come from a small number of sources, but they are prolific.

These days, I am so rude. Sometimes I am in the mood to answer calls with "Good morning! Tell me why you are not a spam phone call?"