Recent malware Affecting Ubuntu and Firefox
Hi; I'm not very good with forums and so those who read my comments here will have to forgive my ineptitude with html, etc.
In the past two weeks my Ubuntu machine, running Ubuntu v18.04.2 has been hit with multiple examples of malware that is being lodged in Firefox and appears to be write-protected so that Bleachbit cannot delete it.
I will list below some of the objects removed this past week by ClamTK:
Win.Trojan.Xored-1 (8-7)
Js.Coinminer.Generic-7104549-0 (8-8)
Win.Exploit.CVE_2012_1461-1 (8-6)
Win.Exploit.CVE_2012_1461-1 (8-4)
Win.Exploit.CVE_2012_1461-1 (8-2)
[email protected] -- Js.Coinminer.Generic-7-10459-0 8-8-19
Win.Exploit.CVE_2012_1461-1 -- 8-9-19
[email protected] -- Js.Coinminer.Generic-7104549-0 -- 2 examples 8-9-19
Firefox/ok1tk16v.default/cache2/doomed/1964705863 -- Win.Exploit.CVE_2012_1461-1
Some of the malware objects being removed by Clam were received DIRECTLY from the Raymond Hill ad blocker upon installation. Following scans using ClamTK the Raymond Hill object was deleted, which also deletes the ad blocker. Vicious circle. I've been forced to stop using the latter because of this. My second choice in ad blockers remains AdBlock Plus, which is now running in my Firefox.
Linux is no longer impervious to attacks, which thing is made clear by the foregoing.
My advice is to use caution browsing and run frequent scans with an antivirus/anti-malware program.
So far the only antivirus I've ever used has been the Cisco Systems' ClamAV.
I hope this helps.
Comments
-
Greetings everyone!
There is some good news to report. After installing the rootkit remover, chkrootkit and running scans in Terminal i was able to identify a number of malware 'sniffers' living in the usr/lib and other associated folders, and restore my machine!
I'd suspected that something was cohabiting in my laptop with me that you wouldn't want to introduce to Mama, and i'm very pleased that my old install of Ubuntu is now back up to par (although i'm definitely knocking on wood).
Ubuntu is generally worry free where it comes to unwanted gifts of the malware kind, but one can easily encounter such gremlins via downloads.
The best policy is to avoid ALL downloads that can't be accessed through the devs and easily installed via Terminal by entering sudo apt-get install (software name), or by running Synaptic Package Manager, one of the most useful tools the Ubuntu user can install.
ClamTK is apparently unable to detect sniffers so if you suspect your machine may have a hitch-hiker you are advised to run chkrootkit, which can be installed via terminal.
All the removal work you do once the latter discovers something must be performed manually, and this can be accomplished by:
1) Disconnecting from WAN (Pull the cat5 en cable or disconnect the fone wire on DSL systems; if using WiFi turn it OFF and in cable systems unscrew the WAN connector from the modem)
2) R-click in desktop field and select Terminal from the drop-down menu
3) 'Come big' by acting as ROOT: type sudo -i, enter (or you'll be denied access)
4) Type nautilus, enter
5) When you do the above a 640x480-ish copy of your Files program (the actual name of Files is Nautilus, as you see in the glyph of a file cabinet on Desktop) will appear. Use this to navigate sequentially to every 'suspect' file Chkrootkit lists in its summary and delete the final item in each line from the summary, leaving predecessor files in the tree intact
6) You should have a backup of Ubuntu to fall back on, and one can usually be made by slipping a postage-stamp SIM card into your machine's slot and using Terminal for the backup, by typing sudo deja-dup --backup and allowing the process to run.
If deja-dup isn't installed you can easily set it active by clicking the tic-tak-toe icon on your Desktop labeled, 'Show Applications,' then navigating to (what is usually the third page) Utilities/Backups and clicking Backups.
It's all self-explanatory from there.
7) Once all the sniffers and malware files are removed type: sudo reboot and enter.
Start pressing the Shift key as the system begins coming back up and when the Grub screen appears (in pink, no less) press the down arrow and select the dialog, *Advanced options for Ubuntu; enter, and upon redirect to a second Grub page use your arrows array to drop down one line and select Recovery mode for the kernel of your choice.
Allow the process to run; you will be required to enter your sda5_crypt password to continue, and when the process stops use your arrows again to scroll down to the line, 'Drop to root shell prompt,' press enter and then press enter again at the prompt; type sudo reboot and your machine will reboot, which is a good idea because it allows you to avoid level5 graphics issues following the second login.
I sincerely hope this verbose summary helps newbies and others struggling to master the many Linux processes.0
Categories
- 9.9K All Categories
- 29 LFX Mentorship
- 82 LFX Mentorship: Linux Kernel
- 465 Linux Foundation Boot Camps
- 266 Cloud Engineer Boot Camp
- 94 Advanced Cloud Engineer Boot Camp
- 43 DevOps Engineer Boot Camp
- 29 Cloud Native Developer Boot Camp
- 1 Express Training Courses
- 1 Express Courses - Discussion Forum
- 1.6K Training Courses
- 18 LFC110 Class Forum
- 4 LFC131 Class Forum
- 19 LFD102 Class Forum
- 132 LFD103 Class Forum
- 9 LFD121 Class Forum
- 60 LFD201 Class Forum
- LFD210 Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- 23 LFD254 Class Forum
- 544 LFD259 Class Forum
- 100 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 1 LFS145 Class Forum
- 20 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 1 LFS203 Class Forum
- 36 LFS207 Class Forum
- 295 LFS211 Class Forum
- 53 LFS216 Class Forum
- 45 LFS241 Class Forum
- 39 LFS242 Class Forum
- 33 LFS243 Class Forum
- 10 LFS244 Class Forum
- 27 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- 131 LFS253 Class Forum
- 964 LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 85 LFS260 Class Forum
- 124 LFS261 Class Forum
- 29 LFS262 Class Forum
- 78 LFS263 Class Forum
- 15 LFS264 Class Forum
- 10 LFS266 Class Forum
- 17 LFS267 Class Forum
- 16 LFS268 Class Forum
- 14 LFS269 Class Forum
- 194 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- 206 LFW211 Class Forum
- 148 LFW212 Class Forum
- 890 Hardware
- 212 Drivers
- 74 I/O Devices
- 44 Monitors
- 115 Multimedia
- 206 Networking
- 99 Printers & Scanners
- 85 Storage
- 747 Linux Distributions
- 88 Debian
- 64 Fedora
- 13 Linux Mint
- 13 Mageia
- 24 openSUSE
- 133 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 354 Ubuntu
- 468 Linux System Administration
- 38 Cloud Computing
- 67 Command Line/Scripting
- Github systems admin projects
- 93 Linux Security
- 77 Network Management
- 107 System Management
- 48 Web Management
- 61 Mobile Computing
- 22 Android
- 25 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 525 Off Topic
- 127 Introductions
- 211 Small Talk
- 19 Study Material
- 782 Programming and Development
- 256 Kernel Development
- 492 Software Development
- 919 Software
- 255 Applications
- 181 Command Line
- 2 Compiling/Installing
- 76 Games
- 316 Installation
- 46 All In Program
- 46 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)