Show Posts

You can view here all posts made by this member. Note that you can only see posts made in areas to which you currently have access.


Messages - pooky2483

Pages: 1 [2] 3 4 ... 140
16
News and Events / Trojan miner for Linux removes antiviruses
« on: November 24, 2018, 04:52:52 am »
Found this story on exploit.in (a Russian site)

The Doctor Web specialists have discovered a trojan designed for the extraction of cryptocurrency, which can infect other network devices and remove antiviruses running in the system. The threat received the identifier Linux.BtcMine.174 and is a large script written in the command shell language containing more than 1000 lines of code.

Malware consists of several components. So, when launching, the trojan checks the availability of the server from which it subsequently downloads other modules, and searches for a folder on the disk with write permissions into which these modules will then be loaded. After this, the script is moved to a previously selected folder named diskmanagerd and re-launched as a daemon. For this, the trojan uses the nohup utility. If it is not in the system, it automatically downloads and installs the coreutils utilities package, including nohup.

If the installation is successful on the device, the malicious script downloads one of the versions of the Linux.BackDoor.Gates.9 Trojan. The backdoors of this family allow you to execute commands from attackers and carry out DDoS attacks.

After installation, malware looks for competing miners in the system and, upon detection, completes their processes. If the trojan was not launched on behalf of the superuser (root), it uses a set of exploits to escalate its privileges on the infected system. Analysts of Doctor Web have identified at least two problems exploited by him: these are CVE-2016-5195 (aka DirtyCow ) and CVE-2013-2094 . At the same time, the sources of the exploit for DirtyCow are downloaded from the Internet by the Trojan compiles directly on the infected machine.

After this, the malware tries to find antivirus services running under the names safedog, aegis, yunsuo, clamd, avast, avgd, cmdavd, cmdmgd, drweb-configd, drweb-spider-kmod, esets and xmirrord. If they are detected, the malware does not just end the antivirus process, but with the help of package managers, deletes its files and the directory in which the anti-virus product was installed.

Then the trojan registers itself at startup, downloads and launches a rootkit on an infected device. This module is also designed as a sh script and is based on source code that was previously published in the public domain. Among the functions of the rootkit module, you can highlight the theft of user-supplied passwords for the su command, hiding files in the file system, network connections and running processes. The trojan collects information about network nodes that were previously connected via the ssh protocol and tries to infect them.

After completing all these steps, the Trojan finally launches the miner, designed for the production of Monero cryptocurrency (XMR), in the system. At intervals of one minute, the malware checks to see if this miner is running, and automatically restarts it if necessary. It also connects to the managing server in a continuous loop and downloads updates from there, if they are available.

Source: https://xakep.ru/2018/11/20/linux-btcmine-174/

Source of the above story...
https://translate.google.com/translate?hl=en&sl=ru&u=https://exploit.in/&prev=search

17
That's strange as I've not forced  the installation of 16.04, it may be because I've got backports repo loaded, even then, the backports repo is installed on a fresh install. So, I'm stuck!!!

18
Is there a way I can force install the latest version of Dolphin. I've had a Google but I could not find any specifics on how to install other versions.

19
General Help & Advice / Re: Problem removing a source
« on: November 22, 2018, 01:51:35 am »
I get the error when I execute the following...
Code: [Select]
sudo apt-get update
(click to show/hide)

20
General Help & Advice / Re: Problem removing a source
« on: November 20, 2018, 12:55:39 am »
I'm not sure how to ask or do it, what I need to do is remove owncloud which is causing problems.

21
Lol Mark, you sound like my dad  ;)
The PPA's didn't cause the problem as they came after the installation of Dolphin as that was installed upon installation of the OS ages ago.

Recent versions don't have external PPA's, so what you're saying is that from version XX the dbg is built in?
So, if I want to escape this bug, how can I install the latest (or higher) version?

22
I have entered a bug report but it is incomplete due to Dolphin being unable to report its crash properly as the version of the dbg file is a lower version than the version of Dolphin I have installed, which is 4:16.04.3-0ubuntu2.1~ubuntu16.04~ppa1 and the repo version is 4:15.12.3-0ubuntu1

23
Does that put them in one single directory or nested as I'd prefer it to be nested.

Or another way I could do it would be to make a complete copy and then delete all but what I want, which is the zip & 7z files.

24
General Help & Advice / Re: Installed some books, now can't find them
« on: November 17, 2018, 11:05:07 pm »
I've had a look and they're not worth keeping, I thought they might be PDF's or epub's but they're just HTML's
I've removed them.

25
General Help & Advice / Re: Problem removing a source
« on: November 17, 2018, 10:54:23 pm »
BTW, there are no duplicates .. only the repos, and their backups (that end with .save).

So, to see if they're all needed, what's the command I use to get a list of the programs they update?

26
I'm having problems with the mv command in terminal.
Basically what I want to do is similar to a copy but only a certain file type and keeping the same directory structure.

27
General Help & Advice / Re: Problem removing a source
« on: November 17, 2018, 08:11:15 pm »
Code: [Select]
ls /etc/apt/sources.list.d
alessandro-strada-ubuntu-ppa-xenial.list
alessandro-strada-ubuntu-ppa-xenial.list.save
deadsnakes-ubuntu-ppa-xenial.list
deadsnakes-ubuntu-ppa-xenial.list.save
fengestad-ubuntu-stable-xenial.list
flexiondotorg-ubuntu-youtube-dl-gui-xenial.list
flexiondotorg-ubuntu-youtube-dl-gui-xenial.list.save
getdeb.list
getdeb.list.save
google-chrome.list
google-chrome.list.save
google-earth.list
google-earth.list.save
inkscape_dev-ubuntu-stable-xenial.list
inkscape_dev-ubuntu-stable-xenial.list.save
isv:ownCloud:desktop.list
isv:ownCloud:desktop.list.save
kubuntu-ppa-ubuntu-backports-xenial.list
kubuntu-ppa-ubuntu-backports-xenial.list.save
nilarimogard-ubuntu-webupd8-xenial.list
nilarimogard-ubuntu-webupd8-xenial.list.save
obsproject-ubuntu-obs-studio-xenial.list
obsproject-ubuntu-obs-studio-xenial.list.save
skype-stable.list
skype-stable.list.save
team-xbmc-ubuntu-ppa-xenial.list
team-xbmc-ubuntu-ppa-xenial.list.save

Re the number of PPA's, no not really, I noticed that too, arent there a lot identical, can we get rid of the unnecessary ones while were at it?

28
General Help & Advice / Re: Installed some books, now can't find them
« on: November 17, 2018, 08:05:18 pm »
PMSL

I love your reply to my question Mark, it made me laugh.

Anyway, the books/packages were

reference book for Debian users and system administrators
Free Python book for experienced programmers (zh translation)
book for learning Python 3
Hardware Book
free Ubuntu book for beginners

If you go into Synaptic and copy the titles, you should see  each one or just type in 'book' and they will show up in the list.

29
General Help & Advice / [SOLVED] Installed some books, now can't find them
« on: November 17, 2018, 01:48:30 pm »
I installed some 'books' from Synaptic but cant find them anywhere?
Does anyone know where they get 'installed'?

30
It was the power cable, more precisely, the bit that plugs into the laptiop, it's not a very good fit, slightly loose.

Pages: 1 [2] 3 4 ... 140

SimplePortal 2.3.3 © 2008-2010, SimplePortal