Social engineering (trojan) via gnome-look.org

[pbrane]

Quote:

Originally Posted by Enlightened Shadow The point is that I was dumb enough to think that Ubuntu was secure enough out here in the Linux wonderland that I love so much that I ended up on gnome-look downloading everything that looked cool without examining everything first.

Ubuntu is secure. We are the ones who make it un-secure by installing something using our root password. I didn't think about the fact that a .deb file from a trusted site would be malicious. Thanks for the lesson.

[meho_r]

Quote:

Originally Posted by pbrane Ubuntu is secure. We are the ones who make it un-secure by installing something using our root password. I didn't think about the fact that a .deb file from a trusted site would be malicious. Thanks for the lesson.

You consider gnome-look a trusted website? Stick with official repos and PPAs and you'll be fine.

[hwttdz]

Aren't PPA's only as far as you trust the owner, as in anyone can get one.

[pbrane]

Quote:

Originally Posted by meho_r You consider gnome-look a trusted website? Stick with official repos and PPAs and you'll be fine.

I didn't say I considered it a trusted site. I just meant it is a good idea not to assume it's safe to install debs. I think your advise is good.

[MC707]

Muahaha could this be the first semi-massive Linux virus/trojan? Either way, I agree with pbrane, even for windows to a certain extent (at least in my PC):

Quote:

Originally Posted by pbrane Ubuntu is secure. We are the ones who make it un-secure by installing something using our root password. I didn't think about the fact that a .deb file from a trusted site would be malicious. Thanks for the lesson.

[NoaHall]

Read this thread - http://ubuntuforums.org/showthread.php?t=1349678

Basically, there's someone who put a .deb on gnome-look, users installed it, and now he's hacked their systems to perform a DDoS attack.

Lesson : Don't install .deb files from unreliable sources. We have repos for a reason. Use them. And for crying out loud, screensavers don't use .deb files.

Oh, and here's the fix(in case someone browsing might want to check)

Code:

sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552

[dragos240]

Well crap!

EDIT: It's been removed.

[conorsulli]

Quote:

Originally Posted by running_rabbit07 This is what this link (http://05748.t35.com/) says when opened via FF.

well I dont want a congrats...

Keep viruses in the windows world

Thank you

[doas777]

Quote:

Originally Posted by conorsulli well I dont want a congrats... Keep viruses in the windows world Thank you

just a point of terminology (not trying to be a jerk), but this is not a "virus". viruses spread, and exploit vulns in applications to perform their dirtywork.
what yo have there is a trojan.

sorry, it's jsut that everytime the word "virus" is used on this forum, it gets ugly from there. everyone would alternate between telling you that your issue never happened, or that you are the problem (neither of which is constructive.). i hate those threads...zealots vs zealots

[running_rabbit07]

Quote:

Originally Posted by doas777 just a point of terminology (not trying to be a jerk), but this is not a "virus". viruses spread, and exploit vulns in applications to perform their dirtywork. what yo have there is a trojan. sorry, it's jsut that everytime the word "virus" is used on this forum, it gets ugly from there. everyone would alternate between telling you that your issue never happened, or that you are the problem (neither of which is constructive.). i hate those threads...zealots vs zealots

Do you think the referenced link could have a negative effect when visited via FF? I've been watching conky since the visit and haven't seen anything new happening, but I am not the brightest at spotting orc mischief in Linux, yet.