Is Ubuntu 16.10 vulnerable to the Linux.proxy.10?

Question

A new trojan horse was discovered affecting Linux users in January 2017. It's called Linux.Proxy.10

Here is a tech article regarding it :

https://www.socpedia.com/linux-proxy-10-trojan-infects-a-few-thousand-linux-machines-and-turns-them-into-proxy-servers

My question is the following:

1. Ubuntu 16.10 does not seem to have OpenSSH installed by default is this correct (unless I made a command error)?

2. If Ubuntu 16.10 has no OpenSSH command installed by default, do I need to worry about some hacker/ bot SSH-ing me?

3. Ubuntu 16.10 does have openSSL installed by default, does this affect the linux.proxy.10 trojan in any way?

Answer 1

Ubuntu's desktop flavours don't have an SSH server installed by default. The OpenSSH client is installed, however that doesn't enable remote login to your system.

That said, this malware seems to infecting IoT devices, which are notorious for extremely poor default security settings (like using simple passwords by default, not disabling root access, etc.).

Even if you install SSH on Ubuntu, you will have to use common usernames and poor passwords to be vulnerable. It's not SSH or Ubuntu that's vulnerable, but your crappy passwords. Also, by default, SSH doesn't allow password login for root on Ubuntu.

OpenSSL is a different thing altogether. It has its own vulnerabilities.

Answer 2

On Ubuntu Desktop when you run Ufw with default setting that are refusing incoming connections, you are not vulnerable to this. However the article does not explain, how the new account is created. In order to check your system is to use users command and look for a user named mother.

Different situation might be on server edition. I guess your only option is to use strong password.