On 13:46 Wed 23 Mar , Lindsay Haisley wrote:
> With perhaps a very few exception these exploits are aimed at MS
> Windows boxes. Recent Flash vulnerabilities, for instance, are listed
> as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for
> Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player
> 10.1.92.10 for Android" but the report goes on to say that "There are
> reports that this vulnerability is being actively exploited in the
> wild against Adobe Flash Player on Windows." No mention of Linux, and
> I can find no references to a web or email borne exploit found in the
> wild that actually generates an *infection* on a Linux box. Consider
> this a challenge, if you will, since I'd love to be proved wrong on
> this last point and learn something.
It's called reverse shellcode. One would exploit a vulnerability in your
web browser, email reader, or integrated apps/libraries (primarily
Flash, Evince/libpoppler, or Java) that provides the ability to run
arbitrary code as the local user to get the shellcode onto your system
and run it. Reverse shellcode then connects from your computer to a
remote server and provides them with a login shell. At that point, they
still need to come up with a local root vulnerability or use a keylogger
till they get you becoming root.
I'm not going to go into any more detail on it, but you can find it if
you do some searching.
Desktop project lead