The point is that I was dumb enough to think that Ubuntu was secure enough out here in the Linux wonderland that I love so much that I ended up on gnome-look downloading everything that looked cool without examining everything first.
The point is that I was dumb enough to think that Ubuntu was secure enough out here in the Linux wonderland that I love so much that I ended up on gnome-look downloading everything that looked cool without examining everything first.
Another day has passed and I'm just a little bit smarter.
That is evidence that it was working, because I do not think there is a legitimate "gnome.sh".
There is not a clear connection between this person and http://05748.t35.com/; they have different IP addresses.
However, he does appear to download lil' script packs as well, and is a ubuntu user...somebody should register for the site and investigate, I guess. And of course phishing is very bad.
Last edited by dmizer; December 9th, 2009 at 02:11 AM. Reason: removed hyperlink
(\ /)
(O.o)
(> <)This is Bunny. Copy Bunny into your signature to help him on his way to world domination.
http://05748.t35.com/
That's just a convenient holding bucket, probably another innocent party.
Last edited by dmizer; December 9th, 2009 at 02:11 AM. Reason: removed hyperlink
mtr 05748.t35.com comes up with a couple of IPs that all point to Interserver, Inc.
you can report abuse to them at abuse@trouble-free.net if you want.
That is good, it isn't downloaded until it runs.
Nowhere in official repos at least:
It's gone from gnome-look.org already. That was quick...Code:$ apt-file search /etc/profile.d gvfs-bin: /etc/profile.d/gvfs-bash-completion.sh speech-dispatcher: /etc/profile.d/speechd-user-port.sh
Yup, looks like a DDOS (distributed denial of service) setup. A bunch of computers repeatedly pinging an address can possibly bring down a server. It seems unlikely and naieve, as a clever ip address will either deny pings or deny repeated pings from the same address. They can point the gun at whoever they will by changing the ip address, currently pointed at the world of warcraft site.
Also, all I have in my /etc/profile.d/ is gvfs-bash-completion.sh and speechd-user-port.sh of which only the first has execute permissions (probably due to me disabling user accessibility features). So if you have other crazy nonsense there you can dump it. Of course the easy way would be to look at when the file was created and just delete recent stuff.
I'm suggesting something like
find /etc/profile.d/ -mtime 2 | xargs -n 1 sudo rm -i
Last edited by hwttdz; December 8th, 2009 at 09:24 PM.
xubuntu minimal, extensive experience, lshw: http://goo.gl/qCCtn
blog: http://goo.gl/yLg78
Linux viruses: http://goo.gl/6OCKA
Bookmarks