Software updater snuck in a package that is unwanted

Bret Busby bret at busby.net
Tue Oct 17 16:54:15 UTC 2017 

I have had to create this reply using the source code to the message to 
which I am responding, as the message to whioch I am responding, is not 
using plain text format, which is used by my email application, and, 
thence, the message to which I am responding, appears as an attachment 
to the reply that I am writing and posting.


On Tue, 17 Oct 2017, Oliver Grawert wrote:

> Return-Path: <ubuntu-users-bounces at lists.ubuntu.com>
> Delivered-To: bret at busby.net
> Received: from cp-41.webhostbox.net
>     by cp-41.webhostbox.net (Dovecot) with LMTP id Eeb5KGgv5lkR5goAzadgaQ
>     for <bret at busby.net>; Tue, 17 Oct 2017 16:27:20 +0000
> Return-path: <ubuntu-users-bounces at lists.ubuntu.com>
> Envelope-to: bret at busby.net
> Delivery-date: Tue, 17 Oct 2017 16:27:20 +0000
> Received: from huckleberry.canonical.com ([91.189.94.19]:53928)
>     by cp-41.webhostbox.net with esmtp (Exim 4.89)
>     (envelope-from <ubuntu-users-bounces at lists.ubuntu.com>)
>     id 1e4Ui8-002zml-0y
>     for bret at busby.net; Tue, 17 Oct 2017 16:27:20 +0000
> Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
>     by huckleberry.canonical.com with esmtp (Exim 4.86_2)
>     (envelope-from <ubuntu-users-bounces at lists.ubuntu.com>)
>     id 1e4UhL-0001es-QC; Tue, 17 Oct 2017 16:26:31 +0000
> Received: from mail-wm0-f44.google.com ([74.125.82.44])
>  by huckleberry.canonical.com with esmtps
>  (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
>  (envelope-from <oliver.grawert at GOOGLEMAIL.com>) id 1e4UhJ-0001dr-OJ
>  for ubuntu-users at lists.ubuntu.com; Tue, 17 Oct 2017 16:26:29 +0000
> Received: by mail-wm0-f44.google.com with SMTP id q132so5078522wmd.2
>  for <ubuntu-users at lists.ubuntu.com>; Tue, 17 Oct 2017 09:26:29 -0700 (PDT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>  d=googlemail.com; s=20161025;
>  h=sender:message-id:subject:from:to:date:in-reply-to:references
>  :mime-version; bh=t2FZYW1WimLY03LoNVOUJZpLFtzcqZ3AP+2RaXSJRSs=;
>  b=BEbnml/aekJduKVeMNqRkHIpvwgWCH/xhWObSTmwJy3OeBAFaK/75RYJ0Q/WltpAeL
>  9ujtyK3Kzl8A0mP4C7XTOM2u1Ii+KnIBjXgAInPsxoWb+XGroFjlCwAxsoqh/9lw3Tlz
>  1cgFdxRiz8CEg6f5vJmiECVbfN3Spf5Qtmio1Kqz++IJMeqIsLplFLj3UewidcPK57mY
>  RDoGGpLlDyTm7k+QsKdDcw+fwsCSbRBFKSZunfsMMJiADbUm8TsVBsKmRedq5j9ky4Ad
>  Da2KMRdl5CpCEsyrdwPxL9MUpFtpnCmG9Q3zju1DTes/lQ73nWwwCYb2f55yc6rwTAH6
>  kX6A==
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>  d=1e100.net; s=20161025;
>  h=x-gm-message-state:sender:message-id:subject:from:to:date
>  :in-reply-to:references:mime-version;
>  bh=t2FZYW1WimLY03LoNVOUJZpLFtzcqZ3AP+2RaXSJRSs=;
>  b=HzByEbKn+nUdy8MBauwB5kFwc2Oq0RvtzZZ6yBIi7MUb1kntWiTic/Lctl4lw8DX2t
>  jQ8B5CoeyjliLg9gSuLNwq4WK8FC3Qg+cZWJzGNPOq0eP2cgBb9i0yke7ya17/g9ovTD
>  /ToketRozHmnVoVtl30GDVZGSgSBOcH+I570UZSCVH1ayT/XmhknaQqcigm3EzYbAs52
>  a20NqTwZbPZZYaS8NEovKzrgtEUcNXereGEf0xYJF3OaExtQY8D/JfVjBGUN43gIvpgY
>  lAr+HLt94/sVxuwu96d0xdk8lc65yiv3T5g02HKehRDyY+pY19VVKmRzBw3bYiGcQoAz
>  vfCQ==
> X-Gm-Message-State: AMCzsaU1bVZxFOGznYs5m2k3ZserWC+x86i/DkJ8gtT6W9Bkw6HJCAu/
>  Uv3uxiThy8NmDPciQqO6M/bpGQ==
> X-Google-Smtp-Source:
>     ABhQp+Rs14iJbk1hvMJE5HRm99kEac890DYGWExCExrVRROVMt+zE6MvUgcyuSUdleQHcbSGGO
>     EE6Q==
> X-Received: by 10.28.16.209 with SMTP id 200mr4217275wmq.35.1508257589079;
>  Tue, 17 Oct 2017 09:26:29 -0700 (PDT)
> Received: from styx (p5B26E1BA.dip0.t-ipconnect.de. [91.38.225.186])
>  by smtp.googlemail.com with ESMTPSA id
>     e77sm15495835wmi.16.2017.10.17.09.26.27
>  for <ubuntu-users at lists.ubuntu.com>
>  (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>  Tue, 17 Oct 2017 09:26:27 -0700 (PDT)
> Message-ID: <1508257583.4339.13.camel at ubuntu.com>
> Subject: Re: Software updater snuck in a package that is unwanted
> From: Oliver Grawert <ogra at ubuntu.com>
> To: ubuntu-users at lists.ubuntu.com
> Date: Tue, 17 Oct 2017 18:26:23 +0200
> In-Reply-To:
>     <CACX6j8NGQyE5Eb2ytCj=Gu5tAmCf+XcYVW_9j7y5dWcfV3GUtw at mail.gmail.com>
> References:
>     <CACX6j8PdJKgqZfWC2HifharckT2vKGmUQ36gkLdJ8dA+mBnqyw at mail.gmail.com>
>  <1508235325.5783.66.camel at ubuntu.com>
>  <CAL=0gLutSgkp3w0pxhikTp5D2q4PUQV5ynxzgKz0gT-jHGSzcw at mail.gmail.com>
>  <1508249942.5783.72.camel at ubuntu.com>
>  <CACX6j8NGQyE5Eb2ytCj=Gu5tAmCf+XcYVW_9j7y5dWcfV3GUtw at mail.gmail.com>
> X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 
> Mime-Version: 1.0
> X-BeenThere: ubuntu-users at lists.ubuntu.com
> X-Mailman-Version: 2.1.20
> Precedence: list
> List-Id: "Ubuntu user technical support,
>  not for general discussions" <ubuntu-users.lists.ubuntu.com>
> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-users>,
>  <mailto:ubuntu-users-request at lists.ubuntu.com?subject=unsubscribe>
> List-Archive: <https://lists.ubuntu.com/archives/ubuntu-users>
> List-Post: <mailto:ubuntu-users at lists.ubuntu.com>
> List-Help: <mailto:ubuntu-users-request at lists.ubuntu.com?subject=help>
> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
>  <mailto:ubuntu-users-request at lists.ubuntu.com?subject=subscribe>
> Reply-To: "Ubuntu user technical support,
>  not for general discussions" <ubuntu-users at lists.ubuntu.com>
> Content-Type: multipart/mixed; boundary="===============7947734441914702480=="
> Errors-To: ubuntu-users-bounces at lists.ubuntu.com
> Sender: "ubuntu-users" <ubuntu-users-bounces at lists.ubuntu.com>
> X-Authenticated_sender: 
> X-Spam-Status: No, score=-4.5
> X-Spam-Score: -44
> X-Spam-Bar: ----
> X-Ham-Report: DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.8,
>     RCVD_IN_SORBS_SPAM=0.5, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001,
>     CMAE Analysis: v=2.2 cv=W/dIbVek c=1 sm=0 tr=0
>     a=RSixXwIyTxLBnG4oXgjTAQ==:17 a=02M-m0pO-4AA:10 a=WiVod9pSvdkA:10
>     a=e3ZuEKfNzSO8GI3mZr4A:9 a=QEXdDO2ut3YA:10 a=KzwPFWjq1abubmqm3bsA:9
>     a=ONNS8QRKHyMA:10 a=rtTQXnqWFP_xIA3BAu0A:9
>
>  *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
>  *       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
>  *      for more information.
>  *      [URIs: ubuntu.com]
>  *  0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
>  *      [74.125.82.44 listed in dnsbl.sorbs.net]
>  * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
>  *      medium trust
>  *      [91.189.94.19 listed in list.dnswl.org]
>  * -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
>  *      [91.189.94.19 listed in wl.mailspike.net]
>  *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
>  *      valid
>  *  0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
> X-Spam-Flag: NO
> 
> 
> --===============7947734441914702480==
> Content-Type: multipart/signed; micalg="pgp-sha512";
> 	protocol="application/pgp-signature"; boundary="=-wdquGcdH/RYBoUYk0Rnk"
> 
> 
> --=-wdquGcdH/RYBoUYk0Rnk
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> 
> hi,
> Am Mittwoch, den 18.10.2017, 00:03 +0800 schrieb Bret Busby:
> > On 17/10/2017, Oliver Grawert <ogra at ubuntu.com> wrote:
> >=20
> > <snip>
> >=20
> > >=20
> > > =C2=A0you can easily remove the package)
> > ?
> 
> ogra at styx:~$ sudo apt-get purge unattended-upgrades
> Reading package lists... Done
> Building dependency tree=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> Reading state information... Done
> The following packages will be REMOVED:
> =C2=A0 unattended-upgrades*
> 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
> After this operation, 315 kB disk space will be freed.
> Do you want to continue? [Y/n]=C2=A0
> ...
> 
> (just press Y there)
> 
>

"
:~$ sudo apt-get purge unattended-upgrades
[sudo] password for bret:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer 
required:
   libllvm3.8:i386 libllvm3.8 libudev1:i386 linux-headers-4.4.0-36 
linux-headers-4.4.0-36-generic
   linux-headers-4.4.0-38 linux-headers-4.4.0-38-generic 
linux-headers-4.4.0-43 linux-headers-4.4.0-43-generic
   linux-headers-4.4.0-45 linux-headers-4.4.0-45-generic 
linux-headers-4.4.0-47 linux-headers-4.4.0-47-generic
   linux-headers-4.4.0-51 linux-headers-4.4.0-51-generic 
linux-headers-4.4.0-53 linux-headers-4.4.0-53-generic
   linux-headers-4.4.0-57 linux-headers-4.4.0-57-generic 
linux-headers-4.4.0-59 linux-headers-4.4.0-59-generic
   linux-headers-4.4.0-62 linux-headers-4.4.0-62-generic 
linux-headers-4.4.0-63 linux-headers-4.4.0-63-generic
   linux-headers-4.4.0-64 linux-headers-4.4.0-64-generic 
linux-headers-4.4.0-66 linux-headers-4.4.0-66-generic
   linux-headers-4.4.0-72 linux-headers-4.4.0-72-generic 
linux-headers-4.4.0-75 linux-headers-4.4.0-75-generic
   linux-headers-4.4.0-77 linux-headers-4.4.0-77-generic 
linux-headers-4.4.0-78 linux-headers-4.4.0-78-generic
   linux-headers-4.4.0-79 linux-headers-4.4.0-79-generic 
linux-headers-4.4.0-81 linux-headers-4.4.0-81-generic
   linux-image-4.4.0-36-generic linux-image-4.4.0-38-generic 
linux-image-4.4.0-43-generic
   linux-image-4.4.0-45-generic linux-image-4.4.0-47-generic 
linux-image-4.4.0-51-generic
   linux-image-4.4.0-53-generic linux-image-4.4.0-57-generic 
linux-image-4.4.0-59-generic
   linux-image-4.4.0-62-generic linux-image-4.4.0-63-generic 
linux-image-4.4.0-64-generic
   linux-image-4.4.0-66-generic linux-image-4.4.0-72-generic 
linux-image-4.4.0-75-generic
   linux-image-4.4.0-77-generic linux-image-4.4.0-78-generic 
linux-image-4.4.0-79-generic
   linux-image-4.4.0-81-generic linux-image-extra-4.4.0-36-generic 
linux-image-extra-4.4.0-38-generic
   linux-image-extra-4.4.0-43-generic linux-image-extra-4.4.0-45-generic 
linux-image-extra-4.4.0-47-generic
   linux-image-extra-4.4.0-51-generic linux-image-extra-4.4.0-53-generic 
linux-image-extra-4.4.0-57-generic
   linux-image-extra-4.4.0-59-generic linux-image-extra-4.4.0-62-generic 
linux-image-extra-4.4.0-63-generic
   linux-image-extra-4.4.0-64-generic linux-image-extra-4.4.0-66-generic 
linux-image-extra-4.4.0-72-generic
   linux-image-extra-4.4.0-75-generic linux-image-extra-4.4.0-77-generic 
linux-image-extra-4.4.0-78-generic
   linux-image-extra-4.4.0-79-generic linux-image-extra-4.4.0-81-generic 
snap-confine ubuntu-core-launcher
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
   ubuntu-mate-core* ubuntu-mate-desktop* unattended-upgrades*
0 to upgrade, 0 to newly install, 3 to remove and 0 not to upgrade.
After this operation, 348 kB disk space will be freed.
Do you want to continue? [Y/n]
"

Therein lies the rub.

To remove the package;
:~$ sudo apt-get purge unattended-upgrades
requires the removal of the user interface.

That is why I regard the package as a trojan.

It can not be simply and easily and cleanly, removed.

Its design hooks it into other packages, to prevent its removal.

It is like a cancer with secondaries in the brain - attempts to remove, 
simply aggravate the damage.


--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
  you'll know what the answer means."
- Deep Thought,
   Chapter 28 of Book 1 of
   "The Hitchhiker's Guide to the Galaxy:
   A Trilogy In Four Parts",
   written by Douglas Adams,
   published by Pan Books, 1992
....................................................

More information about the ubuntu-users mailing list