konrad6
March 14th, 2015, 02:59 PM
Hi all,
So I had Linux Mint running on my laptop, it's similar enough to Ubuntu so I'll ask here :p
It has a small hard drive, just 160gb, and I noticed shortly after installing the system, it ballooned to 80-some gigabytes full, even though I only installed a few common programs and had a few files, maybe 1-2gb worth. I looked through my home folder but there wasn't anything near that size. So over the past few weeks, I've noticed the hard drive getting more full on the order of tens of gigs, even though I wasn't downloading much of anything, and I clear my browser cache and other such files regularly.
I was determined to discover what was going on with the system, so I dug through all the directories the other day. I found in /root three suspicious folders with salted titles, that I knew nothing about. Here's a screenshot:
260612
It looks as if two of the files are folders that appear to have 0 bytes with hundreds of thousands of items (????). I tried opening them, but after leaving my computer working on opening them for over an hour, it still hadn't loaded, meaning that there's some absurd number of files there. The third file shows 77.9gb, and it appears to be some sort of binary.
My working theory is that this has to be some sort of malware that is saving keystrokes / screenshots / whatever to the disk, storing them encrypted, for later retrieval. I check my packets with Wireshark from time to time, and I haven't noticed anything abnormal, but sophisticated malware would stop transmitting as soon as Wireshark is turned on....
Does anybody have a better explanation as to what might be going on?
So I had Linux Mint running on my laptop, it's similar enough to Ubuntu so I'll ask here :p
It has a small hard drive, just 160gb, and I noticed shortly after installing the system, it ballooned to 80-some gigabytes full, even though I only installed a few common programs and had a few files, maybe 1-2gb worth. I looked through my home folder but there wasn't anything near that size. So over the past few weeks, I've noticed the hard drive getting more full on the order of tens of gigs, even though I wasn't downloading much of anything, and I clear my browser cache and other such files regularly.
I was determined to discover what was going on with the system, so I dug through all the directories the other day. I found in /root three suspicious folders with salted titles, that I knew nothing about. Here's a screenshot:
260612
It looks as if two of the files are folders that appear to have 0 bytes with hundreds of thousands of items (????). I tried opening them, but after leaving my computer working on opening them for over an hour, it still hadn't loaded, meaning that there's some absurd number of files there. The third file shows 77.9gb, and it appears to be some sort of binary.
My working theory is that this has to be some sort of malware that is saving keystrokes / screenshots / whatever to the disk, storing them encrypted, for later retrieval. I check my packets with Wireshark from time to time, and I haven't noticed anything abnormal, but sophisticated malware would stop transmitting as soon as Wireshark is turned on....
Does anybody have a better explanation as to what might be going on?