Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 54

Thread: Cheese Webcam Booth - backdoor Trojan?

  1. #11
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Cheese Webcam Booth - backdoor Trojan?

    First off, how are you securing your wireless network? Are you using WPA/WPA2? Do you have it secured with a password?

    Secondly, is the other PC on your LAN also running Ubuntu? Are you using Samba? Is the other PC connected directly to the Internet?

    Third, are you running ssh?

  2. #12
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    Quote Originally Posted by mikewhatever View Post
    You can put it all into a text file and attach the file for review. Run the following command, then check for netstat.txt on the Desktop.

    netstat -a > ~/Desktop/netstat.txt
    But if I attach this information as you suggest, would that not give more information to a hacker when he sees it here and so make me more vulnerable.
    Ubuntu is computer speak for defenestration

  3. #13
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    Quote Originally Posted by rookcifer View Post
    First off, how are you securing your wireless network? Are you using WPA/WPA2? Do you have it secured with a password?

    Secondly, is the other PC on your LAN also running Ubuntu? Are you using Samba? Is the other PC connected directly to the Internet?

    Third, are you running ssh?
    I am using WEP with a secure password.....for somebody to hack into my wireless, they would have had to sit outside my house in 1 degree C last night....and as I say, I live in a remote area. It is possible, but unlikely that somebody could have been in a car and did it via a laptop.....but I am discounting that theory for now.

    The other PC on my LAN is also running 9.04. I have set it up so that my PC can access it remotely within the confines of the LAN. It is connected directly to the net as it sends weather information to WeatherUnderground every minute.The printer for the LAN is connected to the weather PC - so that is Samba.
    Ubuntu is computer speak for defenestration

  4. #14
    Join Date
    Oct 2005
    Location
    Davao, Philippines
    Beans
    4,830

    Re: Cheese Webcam Booth - backdoor Trojan?

    Quote Originally Posted by dunbrokin View Post
    But if I attach this information as you suggest, would that not give more information to a hacker when he sees it here and so make me more vulnerable.
    he could have obtain that least information ages ago if indeed your system has been compromised.

    where have you downloaded cheese? if you got it from the main repository then it sure isn't a trojan.

    you can install and use gufw to utilise the already installed ufw(uncomplicated firewall).

  5. #15
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    I installed it from the repositories.
    Ubuntu is computer speak for defenestration

  6. #16
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    These are the netstat results from both of my machines.
    Attached Files Attached Files
    Ubuntu is computer speak for defenestration

  7. #17
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Cheese Webcam Booth - backdoor Trojan?

    Quote Originally Posted by dunbrokin View Post
    These are the netstat results from both of my machines.
    Since you are concerned that someone *might* have infiltrated your box, then netstat might not be reliable (because an attacker could have installed a rootkit). A better way than using netstat is to port scan yourself with nmap.

    Code:
    sudo apt-get install nmap
    First, close your browser and other things that you know are connecting to the Internet.

    Then to do a scan, do:

    Code:
    sudo nmap -sT -v -p- localhost
    The output will show all listening ports and what services are listening on each open port. If for some reason, it doesn't list the service, then you can use lsof.

    Code:
    sudo lsof -i | grep <port number>
    Where "port number" is the number of the port.

    NOTE: if you are behind a router, don't scan the router. Only scan locally, or else it will take several hours. You can also try scanning both machines.

  8. #18
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    Thanks for that....here is the output...first of the main machine...then of the weather machine.

    ~$ sudo nmap -sT -v -p- localhost

    Starting Nmap 4.76 ( http://nmap.org ) at 2009-06-27 16:10 NZST
    Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
    Initiating Connect Scan at 16:10
    Scanning localhost (127.0.0.1) [65535 ports]
    Discovered open port 445/tcp on 127.0.0.1
    Discovered open port 139/tcp on 127.0.0.1
    Discovered open port 631/tcp on 127.0.0.1
    Completed Connect Scan at 16:10, 1.23s elapsed (65535 total ports)
    Host localhost (127.0.0.1) appears to be up ... good.
    Interesting ports on localhost (127.0.0.1):
    Not shown: 65532 closed ports
    PORT STATE SERVICE
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    631/tcp open ipp

    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds
    Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

    weather:~$ sudo nmap -sT -v -p- localhost

    Starting Nmap 4.76 ( http://nmap.org ) at 2009-06-27 16:20 NZST
    Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
    Initiating Connect Scan at 16:20
    Scanning localhost (127.0.0.1) [65535 ports]
    Discovered open port 631/tcp on 127.0.0.1
    Discovered open port 5900/tcp on 127.0.0.1
    Completed Connect Scan at 16:20, 7.48s elapsed (65535 total ports)
    Host localhost (127.0.0.1) appears to be up ... good.
    Interesting ports on localhost (127.0.0.1):
    Not shown: 65533 closed ports
    PORT STATE SERVICE
    631/tcp open ipp
    5900/tcp open vnc

    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 8.21 seconds
    Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
    Ubuntu is computer speak for defenestration

  9. #19
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Cheese Webcam Booth - backdoor Trojan?

    Everything looks fine on first machine (Samba and printer which should be bound locally). On the second machine, do you have that VNC server locked down with a strong password?

    Other than the VNC server, I don't see any way in.

  10. #20
    Join Date
    Apr 2008
    Location
    Otago
    Beans
    962
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Cheese Webcam Booth - backdoor Trojan?

    I appear to have caught a fish on my weather machine.....what do I do now? This is part of the output of chkrootkit.

    Checking `asp'... not infected
    Checking `bindshell'... not infected
    Checking `lkm'... You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    chkproc: Warning: Possible LKM Trojan installed
    chkdirs: nothing detected
    Checking `rexedcs'... not found
    Checking `sniffer'... lo: not promisc and no packet sniffer sockets
    eth1: PACKET SNIFFER(/sbin/wpa_supplicant[2662], /sbin/dhclient3[3257])
    Checking `w55808'... not infected
    Checking `wted'... chkwtmp: nothing deleted
    Checking `scalper'... not infected
    Checking `slapper'... not infected
    Ubuntu is computer speak for defenestration

Page 2 of 6 FirstFirst 1234 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •