FedoraForum.org - Fedora Support Forums and Community
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 16 to 30 of 33
  1. #16
    kyryder Guest

    Re: omg a virus in linux?

    Hello,
    I think it would be hard to report on since there is no "hot" evidence. If you ever have a similar problem again don't delete the files. Just pull the machine off line so things can be traced back to the issue. I know I have made the same mistake of fixing some issue instead of figuring out why but the only way to escalate a bug whatever the bug is, is to have the hot evidence.

    Ky

  2. #17
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    that is also true im gonna email him there's possibly still some files on his his portable drive and maybe his usb stick. ill try and infect a VM and see reproduce it and report it.

    another thing that fedora could do to handle that error in keyboard to chair interface is not allow .ini .db .MSF .ELF and any other things that can execute or that the user probably wont need to restore.

    im gonna keep posting
    and does anyone know wher i can send my findings?

  3. #18
    kyryder Guest

    Re: omg a virus in linux?

    If I am not mistaken, all bugs are to be reported to https://bugzilla.redhat.com/.

    Ky

  4. #19
    Join Date
    Aug 2009
    Location
    Waldorf, Maryland
    Posts
    7,345

    Re: omg a virus in linux?

    All that says is "Don't use root".

    Can't infect system binaries that way. Second, many of the important system binaries
    have MAC labels applied that also block modifications...

  5. #20
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    i did run it as root to give klamav unlimited access to fedora so it might have gust messed up system files but i also found one copy of .ELF for every .MSF file in the infected game and klamav detected trojan downloads in my copy of the game when i scanned it the scanner started to slow right down my buddy's windows computer crashed when he tried to scan his
    im gona post again tomorrow when i recreate it in a VM
    although im pretty sure this is a virus it could be a false alarm
    and besides #13 is coming out and this gives me a good reason to switch over to it
    and in the meantime does anybody know how to restore klamav so i can get stuff out of quarantine
    Last edited by noobusinglinux; 22nd April 2010 at 09:32 PM.

  6. #21
    Join Date
    Jan 2010
    Posts
    892

    Re: omg a virus in linux?

    On OS X that could be deployed by the AFP bug perhaps

    http://www.cqure.net/wp/2010/03/dete...533-with-nmap/

    http://nmap.org/nsedoc/scripts/x11-access.html

    In Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?
    No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux youíre talking about. The organizers donít choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.
    Source:
    http://www.oneitsecurity.it/01/03/20...iller-pwn2own/
    But really anyone viewing flash movies is a target.

    Some dudes want to make javascript more like flash and put in some perks like access to the file system, besides the "data" thingy there, that will open some doors for sure.

    Other entry points are VoIP, IM clients, P2P etc those are yummy!

    ---------- Post added at 01:03 PM CDT ---------- Previous post was at 01:02 PM CDT ----------

    http://www.weez.com/2010/03/linux-2-...uxapparmorlsm/

    Zero day exploit from march this year.

  7. #22
    Join Date
    Aug 2009
    Posts
    8,486

    Re: omg a virus in linux?

    well, the .msf files could be legitimate thunderbird mail files.
    and it looks like you have a lot of games.. the .elf files could be playstation II files or wii files (which would explain them being encrypted).

    but then again, the .elf files could be something nasty as well as legitimate linux code.

    without examining the files it would be hard to know what they are.

    ---------- Post added at 04:14 PM CDT ---------- Previous post was at 04:04 PM CDT ----------

    thanks BugRocks!

    The selinux exploit was patched in the 2.6.30.2 kernel right after the exploit was released, so that's not really a problem.

    and the X11 access bug is a prime example why you should never run a GUI as root..

    and javascript used to have access to the filesystem in it years ago and was removed due to security risks.

  8. #23
    Join Date
    Jan 2010
    Posts
    892

    Re: omg a virus in linux?

    Wasn't there a firstaidkit deployed in fedora around the 9?

    https://fedorahosted.org/firstaidkit/

    I think it runs a lot of test on the machine, I didn't play with it this time around to see what it got.

    ---------- Post added at 01:36 PM CDT ---------- Previous post was at 01:20 PM CDT ----------

    The selinux exploit was patched in the 2.6.30.2 kernel right after the exploit was released, so that's not really a problem.

    and the X11 access bug is a prime example why you should never run a GUI as root..

    and javascript used to have access to the filesystem in it years ago and was removed due to security risks.
    That I didn't know, I'm glad some people in the past had some good sense

  9. #24
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    thanks i checked my games folder none of those existed but my emulator games were fine
    they could probably implement an SElLinux policy to contoll what folders you can browse and then use that program module like the one you use to attach files to an email when the usur enters
    and a sortaa sand box setup with se linux and the file system to prevent behaviour like hidden files copying over with other files exept when a executable explicitly needs copy it or move it and then you can make it so that the file canot specify when it needs to coppyed the executable program needs to specify each one so you cant just use ~ without the program expecting it and then the program has to expect one of a list of other file locations this information stored in the executable
    that might be a litlle bit elaborate and difficult to enforce but it would isolate and possibly neutralize some viruses

  10. #25
    Join Date
    Aug 2009
    Posts
    8,486

    Re: omg a virus in linux?

    Quote Originally Posted by BugRocks1
    Wasn't there a firstaidkit deployed in fedora around the 9?

    https://fedorahosted.org/firstaidkit/

    I think it runs a lot of test on the machine, I didn't play with it this time around to see what it got.

    ---------- Post added at 01:36 PM CDT ---------- Previous post was at 01:20 PM CDT ----------



    That I didn't know, I'm glad some people in the past had some good sense
    I played around a little with firstaidkit on F10 and it does some nice things, like scan your entire filesystem for world writable files and such. Was a pretty nice tool that I had forgotten about when I upgraded to F11, and now F12. I need to go and grab it again and take a closer look at it.

    ---------- Post added at 05:00 PM CDT ---------- Previous post was at 04:50 PM CDT ----------

    I was trying to find out about when the file access was removed from javascript but can't find anything right off hand. I think it was patched in IE4 but can't be sure. They are still finding ways to get it to work by embedding javascript into PDF files though.(think that bug was fixed within the past year)

  11. #26
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Lightbulb Re: omg a virus in linux?

    interesting how do i get first aid kit to run
    i installed it and got it to run with a gui but i got this <see attached> i ran the start button twice
    itt also said something about madadm.con being misconfigured
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Screenshot-First Aid Kit failed.png 
Views:	100 
Size:	15.8 KB 
ID:	19410  

  12. #27
    Join Date
    Aug 2009
    Posts
    8,486

    Re: omg a virus in linux?

    Did you install the plugins along with firstaidkit? There are 5 other plugin packages, or you can get them all by installing firstaidkit-plugin-all.noarch

    here are the 5 separate packages:

    firstaidkit-gui.noarch
    firstaidkit-plugin-mdadm-conf.noarch
    firstaidkit-plugin-grub.noarch
    firstaidkit-plugin-xserver.noarch
    firstaidkit-plugin-passwd.noarch

  13. #28
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    yes i installed plugins-alll pluggin xserver was nort called due to unsatisfied dependencies (tsk interpreter)

  14. #29
    Join Date
    Jan 2010
    Posts
    892

    Re: omg a virus in linux?

    Try searching for the dependency it is complaining:

    yum provides tsk
    Probably a dev package that it is missing, this should be reported on bugzilla so people can add that to the package.

  15. #30
    Join Date
    Oct 2008
    Location
    canada alberta
    Posts
    223

    Re: omg a virus in linux?

    ok i tryed that couldnt quite figure it out
    Code:
    [root@localhost robert]# yum provides tsk
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Warning: 3.0.x versions of yum would erroneously match against filenames.
     You can use "*/tsk" and/or "*bin/tsk" to get that behaviour
    No Matches found
    [root@localhost robert]# yum provides tsk interpreter
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    Warning: 3.0.x versions of yum would erroneously match against filenames.
     You can use "*/tsk" and/or "*bin/tsk" to get that behaviour
    Warning: 3.0.x versions of yum would erroneously match against filenames.
     You can use "*/interpreter" and/or "*bin/interpreter" to get that behaviour
    No Matches found
    [root@localhost robert]# yum provides tsk /interpreter
    Loaded plugins: presto, refresh-packagekit, remove-with-leaves
    fedora/filelists_db                                      |  15 MB     00:35     
    google-chrome/filelists                                  |  12 kB     00:00     
    rpmfusion-free/filelists_db                              | 336 kB     00:01     
    rpmfusion-free-updates/filelists_db                      | 228 kB     00:00     
    updates/filelists_db                                     | 7.1 MB     00:17     
    Warning: 3.0.x versions of yum would erroneously match against filenames.
     You can use "*/tsk" and/or "*bin/tsk" to get that behaviour
    No Matches found
    [root@localhost robert]# yum provides tsk interpreter ()
    bash: syntax error near unexpected token `('
    [root@localhost robert]# yum provides tsk interpreter
    then i dissabled the dependency mechen inisim
    <see attached>
    it found some problembs
    se also the configuration
    sorry i cant get ahold of the hard disk i need to prove it until Monday
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Screenshot-First Aid Kit.png 
Views:	79 
Size:	22.4 KB 
ID:	19414   Click image for larger version. 

Name:	Screenshot-First Aid Kit-1.png 
Views:	63 
Size:	23.5 KB 
ID:	19415   Click image for larger version. 

Name:	Screenshot-First Aid Kit-2.png 
Views:	70 
Size:	20.6 KB 
ID:	19416  
    Last edited by noobusinglinux; 23rd April 2010 at 11:41 PM.

Page 2 of 3 FirstFirst 1 2 3 LastLast

Similar Threads

  1. Can Linux get a Virus? YES!
    By Magickman in forum Security and Privacy
    Replies: 60
    Last Post: 8th June 2009, 03:41 AM
  2. Replies: 0
    Last Post: 22nd September 2008, 06:48 AM
  3. Virus in Linux?
    By offcenter77 in forum Linux Chat
    Replies: 14
    Last Post: 14th May 2007, 02:20 AM
  4. Virus Scanner for Linux
    By tamilian in forum Using Fedora
    Replies: 11
    Last Post: 25th July 2004, 12:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •