Ubuntu Malware for DDoS Attack Found in Screensaver

Advertisements

ubuntu new logo

Update: It seems like another malware was found in a theme called “Ninja Black”.

A malware has been found in a .deb file claiming to be a screensaver from Gnome-Look. The malware appears to be an agent for a DDoS attack. This affects Ubuntu and other Debian based OS as well.

The .deb file in question is supposedly a screensaver of a waterfall. When installed, the “screensaver” installs some scripts with elavated privileges rather than the screensaver that is expected. The script is designed to auto-update itself and potentially to make the infected system take part in a DDoS attack.

The “screensaver” in question has been removed from Gnome-Look now. This incident highlights that fact that Linux, just like Windows, can be infected with malware if users are not careful while installing softwares outside of the official repositories and trusted PPAs.

Fix

If you have installed the malware, running the scripts given below in terminal should remove it.

sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash

sudo dpkg -r app5552

Additional help may be found in the Ubuntu Forum.


Tags: ddos, malware, ubuntu
Buzz This    



     Leave a Comment      Browse the Archives     


  • pekutin
    I think this is the biggest problem on all file sites, couse there is no need to authenticate users before they can upload their files.

    These downlaod sites should use "trusted user tags" like piratebay, couse that is really good idea and it can help.

    There is no need for malware scanner if there is chance to catch these malware "distributors".
  • Endless, Nameless
    Wow. Took someone long enough to pull this. Get with the programme, script kiddies!
  • evilghost
    There is no need for a "Malware" scanner, a competent administrator, prior to installing a package, should at least attempt to inspect the contents. Something like:

    dpkg --info {name of .deb}
    dpkg --contents {name of .deb}
  • Since it's possible, we can expect it to happen. Since .debs have to be installed as root, the usual *nix separation between user and administrative privileges isn't going to protect us.

    What to do about it?

    I think we're going to need malware scanners for Linux, hopefully ones with heuristics that'll catch the "zero-day" stuff.
  • Keyser Soze
    Cue Nelson Muntz quote from Windows fanbois
  • Haw Haw
    (And i'm a Bsd Fanboi thank you)
  • Anon Coward
    Do they have no Shame ?!? 0.0
blog comments powered by Disqus

Trackbacks