A Carafe of Ubuntu
Thanks to all the people that shared their knowledge and created scripts advice etc, Just goes to show how quickly a rogue can be squished here.
I'm off to bed now (it's like 6.05am here) but I'll check back in the morning to see if any response was received from t35.com. Hopefully the whole thing just died away.
Talk Later
Conor.
Iced Blended Vanilla Crème Ubuntu
Yes, as far as I can tell. IF there are any more problems, we'll get them fixed as soon as possibleOriginally Posted by witeshark17
Just Give Me the Beans!
I was the first one to download this thing and install it. I have obviously been following this thread. I went to bed around 8:00 PM est. Has their been anything new figured out that I should remove from my computer since then?
I have already run this:
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552
Another day has passed and I'm just a little bit smarter.
Just Give Me the Beans!
Guys I just attempted run the above code a second time and I received this warning message:
dpkg: warning: ignoring request to remove app5552, only the config
files of which are on the system. Use --purge to remove them too.
Should I purge them or just leave it alone?
Another day has passed and I'm just a little bit smarter.
Don't PANIC!
Well, the package doesn't install any config files, but just in case run:
for more info see:Code:sudo dpkg -P app5552
Code:man dpkg | less --pattern\= "--purge"
Last edited by sisco311; December 9th, 2009 at 02:57 PM. Reason: command fixed
Just Give Me the Beans!
OK I went ahead and purged the thing. It wouldn't let me do both -r and -P at the same time because of conflicts, which makes sense seeing how they do the same thing except Purge is more thorough.
Another day has passed and I'm just a little bit smarter.
I Ubuntu, Therefore, I Am
what would you detect? this file has no disctict executable footprint since it itself is not executable. it just uses parts of the OS to do it's job. I think it would take behavioral detection to turn it up, and any app that uses wget on a timed loop would probably be detected as well.
Has an Ubuntu Drip
Its a scary thought that as the script could of been updated to do anything bad at any time , i think the rm command was done wrong on purpose just to prove a point.
if he had included a screen saver with this file then people wouldnt of noticed atal, then he could of just changed the download script in 5 or 6 months, causing problems , by which time most people would of forgot about the screen saver they installed.
even if the update he did didnt cause problems on the computer, he could of used it to do illegal things droping users in the ****.
he could of used it to add a user to the system, and install ssh.
Desktop:i7 875k|4gb OCZ platinum ddr3 2000|Evga P55 LE mobo|OCZ RevoDrive 50gb|ATI 5850 Black Edition|Silverstone FT02|corsair tx650
Portable: 13" Macbook Pro 2.8ghz i7 16gb RAM | Asus EEE TF101 | Samsung Galaxy S2
Frothy Coffee!
Same attack with "Ninja Theme" from gnome-look.org, the bad boys seems to keep trying...
Theme already delete, please verify the "includes files" tab when you are going to install an untrusted deb.
Iced Blended Vanilla Crème Ubuntu
It should be fine. All fixed now
Adv Reply
Bookmarks