A deb package claiming to be a screensaver is malicious

[Husse]

Found over at the Ubuntu forums
http://ubuntuforums.org/showthread.php?t=1349678
The key points here are
installed a deb from a site - only install from reliable sources
Installed with sudo - if you are root "everything" is possible
This is no screensaver but an app that connects to a site called mmowned.com and tries to download malicious code
However the code seems not to be working very well

[rich_roast]

Maybe I'm naïve but in almost a decade of using Linux on/off this is the first actual report of a specific malicious installer I've ever seen. First time for everything, I guess

[netguz]

All a little beyond me!

Does this help?

http://www.mywot.com/en/forum/4227-mmow ... -green-lit

[midas]

Isn't it generally spoken not tricky to download themes and packages from websites outside synaptic??
Even installing a downloaded theme requires to install in the root-system. The safest way is not downloading and installing something outside the official Mint-repo. By doing so you will keep linux as safe as possible...

[myspacecommassergio]

wierd...normally from what i hear linux doesnt have these kind of situations lol. Thanks for the heads up!

[Husse]

@ myspacecommassergio
You are right but if you install a .deb package as root you invite the package into your system

[myspacecommassergio]

@ myspacecommassergio
You are right but if you install a .deb package as root you invite the package into your system

oh wow im new to the community... so i gota install only trusted .debs then when using the Sudo command gotcha friend thanks for the warning i had no clue

I'm new to this ha xD

[Madel]

anyone how knows how to program can create a malicious program and make it a .deb file.
it's up to the users stupidity to install such untrusted program.(same applies to all other operating systems)

though, it's from gnome's site, which makes most user think it's safe.

[XidCat]

The URL given in the link has Bots in it? xxxxx05748.t35.com/Bots/xxxxx ? Also he used chmod 777 on a script, never a good idea to cough up universal access on anything much less a script. Lots of lessons to be learned here.

[clem]

DEB packages do not only contain data, they can also contain executable code. A lot of packages do, and this code is executed with root permission. So for instance, a DEB could contain "nothing" and have an "rm -rf /" as its post-installation script, and that would be run as root...

So be aware that debs aren't simply containers, they're very much like Windows self-installing .exe files, and they get run with full permissions. One of the main reasons why Linux is safer than Windows is because distributions package the available software themselves and so you rarely have to get .debs from untrusted sources, whereas Windows simply provide the OS and lets you browse the Web to get everything else... so most Windows users are used to install things they don't know without looking at where it came from. Don't be tempted to do the same under Linux as it's just as dangerous.

Clem.

[clem]

I have noticed a culture of 'selective reading' among newer users recently. i.e. they want results instantly
so will take the quickest path to...

Oh... I just selectively read that Ikey, and for a moment I thought you were talking about me

[ArcherSeven]

Lol, awesome.

[Husse]

[ipernar]

Its very hard to make any program that would run on all Linux machines without user's extra help. Thats why linux viruses have no chances. You have to be mad man to create such...

[markfiend]

A chain is only as strong as its weakest link, so they say. I think Linux users should still be aware that any system
is still fallible in some way or other. Just because Linux is fundamentally more secure, this does not mean that
users should throw all caution to the wind.

Or as the saying goes: the most common source of computer failure is between the keyboard and the chair...

[Husse]

Or as the saying goes: the most common source of computer failure is between the keyboard and the chair...

Also called SBS
If you don't know what SBS is try to figure it out

[myspacecommassergio]

anyone how knows how to program can create a malicious program and make it a .deb file.
it's up to the users stupidity to install such untrusted program.(same applies to all other operating systems)

though, it's from gnome's site, which makes most user think it's safe.

well... to me personally stupid is when you know it's going to terd in your cornflakes and then you do it on purpose anyways.

If you told some one hey "heres a virus that will KO your computer luanch it/run it" and the User says oh... a virus... how exciting let me run it *click*

Then thats what I'd call stupid.

Now if someone's new to this and they go to a website full of .exe files or for linux full of .deb files and this is theyre first time using either OS then I wouldn't call them stupid I would rather say thats a learning experience and to watch out next time. Becuase if you don't know dude then honestly your not stupid you just seriously didn't know.

[greyaxe90]

And this is why I can't help but to have some fun with the people who say that Linux/Mac can't get viruses. I emphasize on can't. Some people honest to God believe that just because they're on Mac or Linux, they are invincible from viruses. Then every now and then, something like this pops up. Although I've seen it happen more on Linux, I'm surprised it doesn't happen more on Mac. But I've seen the "screensaver" trick done on Mac too.

[Husse]

To get this "scary thing" to happen you had to trick the user to use sudo
When you're root lots of things can happen, that's why you should avoid it
But yes, viruses can infect Linux, but they have a much harder time than in Windows (don't know about Mac)

[greyaxe90]

Mac is about the same as Linux. Mac, in a sense, is comparable to Mint and Ubuntu where the user has to give permission for the software to run by inputing their password when they install it.