Malicious Screensaver: Malware on Gnome-Look.org
A screensaver from Gnome-Look.org at closer look revealed itself to be malware.
When installing an innocuous "waterfall" screensaver from Gnome-Look.org, an Ubuntu user noticed something strange: apart from the screensaver not being on GNOME's approved list, it also contained a script that performed some peculiar substitutions.
Among other things, it took a file named auto.bash from the server and installed it on /user/bin/, along with a file named gnome.sh that it put in the /etc/profile.d/ directory. The script then issued ping requests to send very large packages to a particular server. The script presumably helped serve in a denial-of-service (DoS) attack against other servers that provide exploits for huge multiplayer games such as World of Warcraft.
The user posted his discovery in the Ubuntu Forums and the screensaver has since disappeared from the Gnome-Look.org site. The guesswork as to what the script exactly did and how to remove was batted about in the forum. Apparently the Debian package installed under the name app5552. It was determined that removing the malware together with the malicious script required the command
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh /usr/bin/index.php /usr/bin/run.bash && sudo dpkg -r app5552
In general the lesson to be learned is if you want a secure system, don't download any software outside the official package sources without at least looking at the source code first.
Comments
comments powered by Disqus
Issue 43_SI: LibreOffice Expert/Special Editions
Buy this issue as a PDF
News
-
EndeavorOS 21.4 Has Arrived
Arch-based EndeavorOS 21.4 is finally available for download with plenty of new features and improvements.
-
NixOS 21.11 Now Available for Download
NixOS “Porcupine” has been made available for installation and includes numerous improvements.
-
KDE Plasma Developers Introduce a GNOME-Like Overview
A new overview effect makes it easier for users to interact with both Plasma Activities and Virtual Desktops.
-
Rocky Linux 8.5 Now Available with Secure Boot Support
The latest iteration of CentOS alternative, Rocky Linux has arrived and includes numerous updates as well as support for Secure Boot.
-
System76 Developing a New Desktop Environment
The makers of Pop!_OS are currently in the early stages of creating a brand new, non-GNOME, desktop environment.
-
Hetzner Opens New Location in the USA
The Hetzner cost-effective Cloud solution has arrived in the United States to offer cloud servers that offer solid performance without a high price.
-
KDE Plasma 5.24 Introduces Fingerprint Reader Support
The next release of the KDE Plasma desktop environment will include support for fingerprint readers for session authentication and more.
-
Ubuntu 21.10 Released and Finally Includes Gnome 40
The most anticipated update to Ubuntu is finally here and the workflow couldn't be better.
-
Linux Can Now Run on Apple’s M1 Chipset
Linux users looking to take advantage of Apple Silicon are about to get their wish with the M1 chipset.
-
MX Linux 21 RC Candidate Available For Testing
The MX Linux development team has released the RC images for MX Linux 21 for testing purposes.
Reflections on Trusting Trust