Malicious Screensaver: Malware on Gnome-Look.org
A screensaver from Gnome-Look.org at closer look revealed itself to be malware.
When installing an innocuous "waterfall" screensaver from Gnome-Look.org, an Ubuntu user noticed something strange: apart from the screensaver not being on GNOME's approved list, it also contained a script that performed some peculiar substitutions.
Among other things, it took a file named auto.bash from the server and installed it on /user/bin/, along with a file named gnome.sh that it put in the /etc/profile.d/ directory. The script then issued ping requests to send very large packages to a particular server. The script presumably helped serve in a denial-of-service (DoS) attack against other servers that provide exploits for huge multiplayer games such as World of Warcraft.
The user posted his discovery in the Ubuntu Forums and the screensaver has since disappeared from the Gnome-Look.org site. The guesswork as to what the script exactly did and how to remove was batted about in the forum. Apparently the Debian package installed under the name app5552. It was determined that removing the malware together with the malicious script required the command
sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh /usr/bin/index.php /usr/bin/run.bash && sudo dpkg -r app5552
In general the lesson to be learned is if you want a secure system, don't download any software outside the official package sources without at least looking at the source code first.
Comments
comments powered by Disqus
Issue 45_SI: LibreOffice Expert 2022/23 Edition/Special Editions
Buy this issue as a PDF
News
-
System76 is Skipping Pop!_OS 22.10
In a move that is sure to raise some eyebrows, System76 has chosen to concentrate on COSMIC Desktop instead of staying in step with Ubuntu releases.
-
System76 Refreshes its Thelio Desktop Computer
System76 has given their already stellar Thelio desktop computer a redesign by way of the chassis accent panel.
-
Ubuntu Software Store Rumored to Replace Gnome Software
An alternative to GNOME Software has been written, using Flutter, and it’s making enough noise that Canonical is rumored to be considering using it as the default.
-
A New Arch-Based Linux Distribution Has Arrived
Crystal Linux is a new distribution with the goal of bringing the power of Arch Linux to the masses.
-
Fedora 37 Beta Available
The Fedora development team announced the beta for version 37 of the open-source operating system would be released on time on September 13, 2022.
-
Salix 15.0 Offers Updates and a Modernized Look
Salix is a Slackware-based Linux distribution with a new look and a goal of being fast, user-friendly, and highly stable.
-
Ubuntu 20.04.5 LTS Release Now Available
The latest point release of the Ubuntu 20.04 LTS distribution is now available and sports kernel 5.15.
-
MX Linux 21.2 Offers Improvements and Bug Fixes
MX Linux 21.2, aka “Wildflower,” is now officially available and is the second refresh of the MX-21 release.
-
Gnome Project Releases New Telemetry Data Collection Tool
The GNOME developers have announced the release of a new tool to collect anonymous information about your system.
-
Kubuntu Focus Announces New Desktop Model
The Kubuntu Focus team has announced their newest system would be a small form factor desktop optimized for Kubuntu 22.04.
Reflections on Trusting Trust