Malicious Screensaver: Malware on Gnome-Look.org
A screensaver from Gnome-Look.org at closer look revealed itself to be malware.
When installing an innocuous "waterfall" screensaver from Gnome-Look.org, an Ubuntu user noticed something strange: apart from the screensaver not being on GNOME's approved list, it also contained a script that performed some peculiar substitutions.
Among other things, it took a file named auto.bash from the server and installed it on /user/bin/, along with a file named gnome.sh that it put in the /etc/profile.d/ directory. The script then issued ping requests to send very large packages to a particular server. The script presumably helped serve in a denial-of-service (DoS) attack against other servers that provide exploits for huge multiplayer games such as World of Warcraft.
The user posted his discovery in the Ubuntu Forums and the screensaver has since disappeared from the Gnome-Look.org site. The guesswork as to what the script exactly did and how to remove was batted about in the forum. Apparently the Debian package installed under the name app5552. It was determined that removing the malware together with the malicious script required the command
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh /usr/bin/index.php /usr/bin/run.bash && sudo dpkg -r app5552
In general the lesson to be learned is if you want a secure system, don't download any software outside the official package sources without at least looking at the source code first.
Comments
comments powered by Disqus
Issue 249/2021
Buy this issue as a PDF
News
-
Steam Deck Linux-Powered Gaming System Set to Take Over the Handheld World
A Linux and KDE-powered portable gaming platform is set to be released by Valve.
-
Linux Mint 20.2 Now Available and Better Than Ever
The developers of Linux Mint have gone a long way to perfecting the desktop experience.
-
Linux Foundation Forming the Open 3D Foundation
The Linux Foundation has announced they will be forming the Open 3D Foundation to accelerate developer collaboration on 3D games and simulations.
-
Nitrux 1.5 Ships with Kernel 5.13
Debian-based Nitrux Linux is the first distribution to ship with kernel 5.13
-
Slimbook Goes All in with a Linux Laptop that Focuses on the Display and the Power
Slimbook is now offering a Linux laptop geared for professionals, with the launch of a new lightweight ultrabook with plenty of power to spare.
-
KDE Plasma 5.22 Released with Better Stability and Usability Across the Board
The KDE Plasma desktop development has kicked into high gear and the latest release reflects newfound popularity and drive behind the open-source environment.
-
Nvidia and Valve Collaborate to Bring DLSS to Linux
Both powerhouses in the gaming industry are trying to make the experience on Linux much improved, by way of DLSS.
-
Kali Linux 2021.2 Official Release Now Available
The latest iteration of security fan-favorite Kali Linux has been released with new tools, themes, and plenty of improvements.
-
Entroware Unleashes a Beast of a Linux Laptop
If you're looking for a portable workhorse, look no further than the Entroware Proteus laptop.
-
System76 Unveils its “Launch” Keyboard
The open-source darling, System76, is about to launch the Launch keyboard and you can pre-order yours now.
Reflections on Trusting Trust