» »

Končno. Na mojem računalniku z linuxom sem odkril virus.

Končno. Na mojem računalniku z linuxom sem odkril virus.

frke ::

Do sedaj na linuxu še nisem imel virusa. Končno sem ga našel: thebe.844
Odkril ga je antivirusni program f-prot
Žal ne morem več ugotoviti od kje se je virus prikradel v moj sistem.

Kakšne so vaše izkušnje?

Gost ::

8-O Ja valda. Pa zakaj "končno"?!? Si si virus želel?

Jaz še nisem imel problemov z virusi. Sploh pa nimam protivirusnega programa.

Zgodovina sprememb…

  • spremenil: Gost ()

ganzi ::

To pišeš kot da si vesel da si ga odkril?
Končno.. a si komaj čakal al kaj?
LP

Gost ::

Po mojem mnenju bo zdaj lahko trobil naokoli, da tudi za linux obstaja(jo) virus(i) in zato je windows boljši. :D Joke.

frke ::

"Končno" zato, ker antivirusni program po več kot enem letu delovanja ni nikdar našel ničesar.

Linux postaja čedalje bolj popularen. Zanima me, če se bodo virusi tako razpasli kot v windows okolju ko bo na trgu dobil pomemben delež uporabnikov.

alum ::

res nimas srece...celo leto si ga iskal, pa si ga komaj zdaj nasel?>:D

Gandalfar ::

kje si ga pa staknu?

overlord_tm ::

verjetn ga je posebi zdownloadu |O

satfinder ::

:D :D :D :D :D Pa dlihkar Knoppik /install as Debian na nou lzalaufal :D Grem nazaj na *plastiko od CDja pa u Ram:D Zanimivo Povj kje bi su mal knoppix firewall, f-prot kea stejstat ke :D Sj tut tle se mora enkrat zacet
sluzt s *kramo* ala antivirusniki, antispaji ....in podobno saro.:D
Korak do konca in Naprej :).

Gandalfar ::

Kaj si pa ti hotu povedat? Imam obcutek da se je ideja izgubila v mnozici smajlijev.

suse80 ::

Pa saj to ni nič takega.
meni F-prot vsak dan odkrije kake 3. Vse dobim po mailu od uporabnikov, ki sploh ne vejo, da imajo virus in se jim nevede pošta razpečuje po vsem svetu, ker pač imajo windows... Jaz imam linux in me razni Črvi in Virusi kot bagle In kaspersky ne prizadenejo. Skoraj v vsakem mailu, ki ga dobim od win uporabnikov je pirpeta še kaka datotka *.scr ali *.pif ali *.bat...
N asrečo imam Filter v Kmailu dobro poštiman, da tak file kar odbijem nazaj k pošiljatelju...
Sem pa malo jezen na tiste, ki imajo windows pa si ne priskrbijo niti free antivirus programa, da ne bi ogrožali drugih.

Sem imel tudi thebe.844 virus, ja. Ampak, povsem nenevaren je, dokler striktno uporabljaš pc kot user in dosledno vsak dan pred ugašanjem compa zaženeš: fprot /home/user -disinf

in virus odkriješ in zbrišeš.
Tak scan traja samo nekaj sekund ampak ti lahko reši veliko težav oziroma jih prepreči..
Obiščite stran o astronomiji ijn astrologiji http://www.mojevesolje.org

Gandalfar ::

suse80: kje si ga staknu?

suse80 ::

tale pošiljatelj ga je prinesel s sabo:

zjajbb@Goldrushdiscounts.net

Ime zjajbbje seveda naključno generirano, Goldrushdiscounts.net pa mi pogosto pošilja maile, tako da imam že kakih 6 filtrov na njegovo temo...

nazadnje sem ga dobil pred kakimi tremi tedni,

sicer pa dobivam čudne maile vedno kadar vpišem svoj mail naslov v kake Linux novičarske forume ali podobno. se pravi, da so ti virusi točno usmerjeni in tisti ki hoče, ve komu ga mora podtakniti. najbolj nevarni so po moje Dual boot userji, ki srfajo za informacijami z Win brskalniki in pošiljajo maile tistim, ki imamo linux.
Obiščite stran o astronomiji ijn astrologiji http://www.mojevesolje.org

roscha ::

Sam moraš bit pa REEEES smotan, da tegale Thebe-ja sploh zakurblaš!
Več v nadaljevanju:


I. ELF Infectors:
Abulia, Bliss, Cassini, Cron, Dido, Diesel, Dummy, Eriz, Gildo, Henky, Jac, Kagob, Kaot, Mandragore, Nel, Neox, Nuxbee, Obsidian.E (Obsid), OSF, Ovets, Pavid (Alfa.dr), Penguin, Quasi, RST = Remote Shell Trojan (Vit), Radix, RcrGood, Rike (Rike.1627), Satyr, Sickabs, Siilov, Silvio, Simile (Etap, MetaPHOR), Staog, Svat, Telf, Thebe, Winter (Lotek), Winux (Lindose, PEElf, Pelf), Wozip, Xone, Ynit, and Zipworm (distinctive only in that it likes to infect ELF files in Zip archives).

These are all "ELF infectors", where "ELF" is the standard Unix binary format. To activate these, you must literally decide to run a binary infected with them, e.g., someone mails you a binary file and says "Please run this not-especially-trustworthy binary executable." Doing so would of course be really dumb; the consequence of being dumb in that particular fashion is that some number of Linux executable binaries set to be writable by the user's account would get modified to include a copy of the virus ("infected"). Note that the user is thereby enabled only to shoot at his/her own foot: No regular installed applications could be affected, because those are not writable by regular users: Only binary executables in that specific user's /home/username/bin/ and such could be affected (and seldom do users have any).

And, perhaps needless to say, anyone who runs untrustworthy binary executables using the root account is a dumb cluck, and hopeless. Further, you really, really have to go out of your way to run them at all: For example, literally none, zero, nada of the more than 100 e-mail clients for Linux auto-execute received executable attachments on the user's behalf. The user would have to save the attachment to /tmp, run "chmod u+x" on it to make it executable, and then manually run it — in order to (finally) shoot himself/herself (but not his/her system) in the foot.

Even though the category of "attack" is slightly different, the epic degree of inventive and energetic haplessness that would be required to actually hurt a system with one of these was nicely illustrated by my summaries (1, 2) of the October 2004 "phishing attack" aimed at Red Hat users.

One last observation about ELF infectors: They're all fundamentally identical, and might as well all be the same virus. Seen one, seen 'em all. (More to the immediate point: Easily avoid running one, easily avoid running 'em all.)

Vir: http://www.nuneaton.lug.org.uk/modules....

Zgodovina sprememb…

  • spremenil: roscha ()

suse80 ::

Evo spodaj recimo en scan zipane datoteke iz mojega backup seta:

Virus scanning report - 13 February 2005 @ 18:18

F-PROT ANTIVIRUS
Program version: 4.5.3
Engine version: 3.16.1

VIRUS SIGNATURE FILES
SIGN.DEF created 3 January 2005
SIGN2.DEF created 3 January 2005
MACRO.DEF created 31 December 2004

Search: /home/ph
Action: Disinfect/Query
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER

/home/ph/Desktop/mailback260105.zip->Mail/trash/cur/1106580643.3944.ndwwg:2,S->T
oy.exe Infection: W32/Bagle.Z@mm
Virus-infected files in archives cannot be disinfected.
/home/ph/Desktop/mailback260105.zip->Mail/trash/cur/1106592492.16970.pjMxz:2,S->
Information.vbs Infection: VBS/Bagle.AA@mm
Virus-infected files in archives cannot be disinfected.
shell.sh/home/ph/Desktop/mailback260105.zip->Mail/trash/cur/1106247250.4813.R384j:2,S->.
shell.sh Infection: Unknown virus
Virus-infected files in archives cannot be disinfected.
/home/ph/Desktop/mailback260105.zip->ouigyy.exe could be a suspicious file (enc rypted program in archive)
/home/ph/Desktop/mailback260105.zip->Mail/trash/cur/1106159374.3866.DrVX3:2,S->. xx.pif Infection: W32/Netsky.X@mm
Virus-infected files in archives cannot be disinfected.
/home/ph/Desktop/mailback260105.zip->Mail/sent-mail/cur/1106592531.16970.n3Ud4:2 ,S->Information.vbs Infection: VBS/Bagle.AA@mm
Virus-infected files in archives cannot be disinfected.

Results of virus scanning:

Files: 5085
MBRs: 0
Boot sectors: 0
Objects scanned: 4132
Infected: 5
Suspicious: 1
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 0:43

No, virusi so v glavnem v trashu, ker pač filter avtomatsko zbriše sumljivi mail ali ap v sent mailu, ko filter "Bounce" mail nazaj k zlonamernemu pošiljatelju.

Prav iz radovednosti sem šel zdaj pregledat eno backup kaseto s streamerja in sem en backup skopiral nazaj na desktop, samo da ga skeniram z f-protom. Rezultat je zgoraj...

Če bi jaz forwardal tak message ki ima virus naprej drugim... Očitno smo linuxovci za zdaj bolj prenašalci virusa kot tarče...
Obiščite stran o astronomiji ijn astrologiji http://www.mojevesolje.org

Gandalfar ::

kaj je ta shell.sh na katerega si se spravil. To je cisto genericno ime in nic ne pove.

po tej logiki je tudi

#!/bin/bash
rm -rf /


v datoteki shell.sh virus? :)

Zgodovina sprememb…

suse80 ::

Čuj , jaz nisem delal F-prota...
Dejstvo pa je, da je javil virus v datoteki, ki je bila v mojem mail arhivu in je imela priponko shell.sh

Navsezdnje bi to lahko bila kaka skripta, ne?

sam veš, koliko je na svetu norcev, ki dobijo v Mailu pošto s headerjem " Re: your Document"

pa vseeno kliknejo nanjo in si ogledajo, kaj so dobili v pripeti datoteki text.doc.vbs....

Verjetno so tudi med Linuxovci taki, ki bi npr datoteko virus.i386.rpm veselo instalirali... ali pa
razpakirali virus.i386.beta.release.tar.gz in pognali ./configure in make....
Obiščite stran o astronomiji ijn astrologiji http://www.mojevesolje.org


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Izsiljevalski virus Petya padel

Oddelek: Novice / Kriptovalute
1510206 (7356) Laskota
»

Computer infected

Oddelek: Pomoč in nasveti
81761 (1572) boss-tech
»

100%Cpe + ostalo

Oddelek: Pomoč in nasveti
112160 (1830) postar_si
»

Kako se znebit tega virusa?

Oddelek: Pomoč in nasveti
111251 (987) bobby
»

Previdno!

Oddelek: Omrežja in internet
81302 (1129) Loki

Več podobnih tem