Ubuntu-based malware

Christopher Lees christopher_lees at iprimus.com.au
Mon Dec 14 10:20:55 GMT 2009


On Mon, 2009-12-14 at 02:59 +0000, Paul wrote:

> Just a quick follow-up from our previous discussions about viruses on
> Linux.  This is why we still need to be careful:
> 
>     * http://digitizor.com/2009/12/10/ubuntu-malware-for-ddos-attack-found-in-screensaver/
>     * http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
> 
> Backups and common sense are your most valuable allies!
> 
> Paul

Actually, the openness of Linux is also useful in detecting threats from
Debian packages. You can open Debian packages in File Roller / other
archive manager. Then you can see the preinst, postinst and prerm
scripts and you can have a look at where the package will put files.

Then if it's all okay, you can install the package.

I'm thinking of writing a program to help audit the control scripts and
where files get placed; you know, raising a warning if anything get put
into your init scripts or Upstart and raising a warning if "wget" or
"rm" get used inside the control scripts.

Anyone else interested in this?

Chris




More information about the ubuntu-au mailing list