Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,739,099 Members 45,754 Now Online
XDA Developers Android and Mobile Development Forum

rageagainstthecage-arm5.bin - Trojan?

Tip us?
 
guruleenyc
Old
#1  
guruleenyc's Avatar
Senior Member - OP
Thanks Meter 1
Posts: 255
Join Date: Aug 2010
Location: nYc/CT
Default rageagainstthecage-arm5.bin - Trojan?

My Kaspersky is detecting a trojan in this rooting file:

Exploit.Linux.Lotoor.g

See attached screen-shot;

Let me know if this is in fact a false positive...?
Attached Thumbnails
Click image for larger version

Name:	11-27-2010 8-45-52 PM.png
Views:	779
Size:	43.1 KB
ID:	451191  
 
shabbypenguin
Old
#2  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4757
Posts: 4,442
Join Date: May 2010

 
DONATE TO ME
RATC.bin is teh exploit used to root your phone...
If you feel as though my work is worth something, you can alwaysDonate
 
Geniusdog254
Old
#3  
Geniusdog254's Avatar
Retired Recognized Developer
Thanks Meter 166
Posts: 1,094
Join Date: Jan 2009
Location: St. Louis

 
DONATE TO ME
It's a false positive. Promise.
Follow me on Twitter @Geniusdog254

If you like my work, please buy one of my apps on the Market or donate!
  • Reflex-A-Tron - A colorful, addicting, & fun game to test yourself & challenge friends for only $.99!
  • Search2Play - Control your music with your device's buttons!
  • Task'd - A beautiful to-do list app!

Phones:
Android Dev Phone 1 - Dec. '08
Rogers HTC Dream - Sept. '09
AT&T Nexus One - March '10
Motorola Droid - Apr. '10
HTC Evo - Jun. '10
HTC Evo 3D - Jun. '11
Sprint Galaxy Nexus - May '12
 
styles420
Old
#4  
Senior Member
Thanks Meter 1252
Posts: 2,169
Join Date: Nov 2010
Quote:
Originally Posted by Geniusdog254 View Post
It's a false positive. Promise.
It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

That's right, viruses aren't necessarily bad - it just depends on how they're used
The Following User Says Thank You to styles420 For This Useful Post: [ Click to Expand ]
 
Kcarpenter
Old
#5  
Kcarpenter's Avatar
Senior Member
Thanks Meter 146
Posts: 3,343
Join Date: Nov 2009
Location: Clinton, TN
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
-----------------
-HTC EVO LTE - Stock ATM
Google+: Karl Carpenter
FaceBook: http://www.facebook.com/kcarpenter5407
Twitter: @KCarpenter528
 
newkidd
Old
#6  
Retired Recognized Developer
Thanks Meter 69
Posts: 304
Join Date: Nov 2009
Location: Midland

 
DONATE TO ME
yeah true true. virus by deffinition yes. but technically anything can be defined as a "virus" by allowing access to "alter" the original programming to allow access to functions other than what the manufacturer intended. dont worry. most antivirus's find a virus in anything. a key generator shows up as a virus. dont worry. your safe.
Im just a frog, tryin to get some wood.
 
richse
Old
(Last edited by richse; 28th November 2010 at 05:03 AM.)
#7  
Senior Member
Thanks Meter 26
Posts: 408
Join Date: Oct 2009
Quote:
Originally Posted by Kcarpenter View Post
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.
 
shabbypenguin
Old
#8  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4757
Posts: 4,442
Join Date: May 2010

 
DONATE TO ME
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
If you feel as though my work is worth something, you can alwaysDonate
 
richse
Old
#9  
Senior Member
Thanks Meter 26
Posts: 408
Join Date: Oct 2009
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
YES, but the reason I responded to that last post was because he was telling someone to switch from windows to linux in order to avoid a linux exploit. There are plenty of valid reasons to switch, but that would have to be the stupidest one I have ever seen put forth.
 
styles420
Old
#10  
Senior Member
Thanks Meter 1252
Posts: 2,169
Join Date: Nov 2010
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel

THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Browse the Internet with the Innovative Atlas Web Browser

For the most part, Chrome, Firefox, and Dolphin Browser have no real rivals among … more

Choose from Over a Thousand Battery Styles with 3Minit Battery Mod

The battery style in stock Android looks pretty dull. It doesn’t … more

Organize Your Cloud Storage Files with Unclouded

Cloud storage services like Dropbox or Google Drive have grown in popularity dramatically … more

XDA Xposed Tuesday: Blur Your System Notification Panel – XDA Developer TV

Listen, we love innovative applications and modules that … more