khea_actua
August 3rd, 2012, 06:56 PM
I recently installed Ubuntu 12.04 on my system over CentOS 5.7.
I later received a report from shadowserver.org that the system had accessed irc.undernet.org (IP 208.83.20.130 ) basically at the time the install likely finished. That IP is some system in Tampa, Florida, USA that seems well known on the internet to be malicious.
At this point, there were no user accounts on the computer other than mine (which had just been created), though files from the earlier system persisted.
I have no idea when or how my system could have been compromised.. I've even seen that IP show up on these forms ( http://ubuntuforums.org/showthread.php?t=1403787&highlight=208.83.20.130 )
I hate to suggest this, but is it possible that the image I used to install had code in it to access this IRC server? I only ask because it happened so soon after (minutes) the install.
I later received a report from shadowserver.org that the system had accessed irc.undernet.org (IP 208.83.20.130 ) basically at the time the install likely finished. That IP is some system in Tampa, Florida, USA that seems well known on the internet to be malicious.
At this point, there were no user accounts on the computer other than mine (which had just been created), though files from the earlier system persisted.
I have no idea when or how my system could have been compromised.. I've even seen that IP show up on these forms ( http://ubuntuforums.org/showthread.php?t=1403787&highlight=208.83.20.130 )
I hate to suggest this, but is it possible that the image I used to install had code in it to access this IRC server? I only ask because it happened so soon after (minutes) the install.