[ILUG-BOM] Viruses Anyone?
gnulinuxist at gmail.com
Sun Dec 2 20:09:19 IST 2007
> Besides sourceforge and similiar repos dont care whats on the server.
> You have to do the verification by checking the sigs. Debian uses md5
> hashes in a Release file and gpg for sigining the Release file. u can
> therfore be reasonably sure that what u download is ok. Similiar
> schemes should exist for other distros too.
This virus does not reach the stage of executing after download. As soon
as you click on the download link, instead of the file download
beginning, the system goes into a reboot. It has got infected. On
reboot, it brings in the bigger payload which causes irreversible damage
as it reboots everytime an admin command is run. If the net is shut off
just before the system boots again, the bigger payload is kept away and
the system can be restored to an earlier clean period. This is something
very recent so I was wondering if there has been some major attack on
the web servers.
Why does Linux save a .exe file as .exe.bin in the vfat partition when
downloading directly from Firefox? Is that an indication of the attacks
or is it normal?
More information about the Linuxers