Ubuntu: Malware for DDoS Attack CodeUnit 18 DEC 2009

Tux the PenguinAs Linux slowly gains more and more of a foothold in the personal computer market, this sort of thing is bound to happen more often. Last week it was reported that malware was found hidden within a popular (on Gnome-look.org at least), rather innocuous ‘waterfall’ screensaver .deb file, as well as buried in a theme entitled “Ninja Black”.

The code essentially installs a couple of scripts with elevated privileges, with the ability to auto-update themselves and which have the potential to force the system to take part in DDoS attacks.

Needless to say, the malware-infected software has since been removed from the site they were discovered on, though you would still need to clean your machine in the event that you already installed the affected items on your personal computer. Just goes to show, if you don’t know the true source of a piece of software, you’ve got to take precautions when choosing to install it – just like you would on a Windows box!

A solution that has been offered by the way is this:

sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash

sudo dpkg -r app5552

Run it at your own risk (but only if you have in fact installed one of the infected scripts on your machine. Additional help may be found in the Ubuntu Forum.

About Craig Lotter

South African software architect and developer at Touchwork. Husband to a cupcake baker and father to two little girls. I don't have time for myself any more.