Security :: Gmail And Winnow.compromised.ts.jsexploit.5.UNOFFICIAL Malware?

Apr 26, 2010

second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?

View 9 Replies


ADVERTISEMENT

Fedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?

Apr 13, 2011

this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]

[code]....

View 5 Replies View Related

Security :: Signs Of Getting Compromised

Jan 25, 2010

Today any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.

View 5 Replies View Related

Ubuntu Security :: Chkrootkit Log, Compromised Box?

Mar 28, 2011

Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected

[code]....

View 6 Replies View Related

Security :: Savannah GNU Site Compromised

Dec 1, 2010

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.

View 4 Replies View Related

Security :: Fedora System Compromised But No Changes Made?

Jan 25, 2011

The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.

The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.

View 2 Replies View Related

Ubuntu Security :: Replacing A Possibly Compromised OpenSSH Key?

Sep 22, 2010

I have an OpenSSH server running on Ubuntu 10.04, and it works fine.

I'm concerned that my SSH key may have been compromised and would like to replace it.

I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.

Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls

[Code]....

So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?

View 9 Replies View Related

Security :: Compromised Systems Notify Hacker They Are Infected

Dec 4, 2010

I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?

View 4 Replies View Related

Security :: Honeynet Challenge Results: Forensic Analysis Of A Compromised Server

May 7, 2011

I just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.

View 2 Replies View Related

Security :: Malware Scanner For Mint?

Mar 24, 2010

I realize that FF 3.6 was referred to near the end of this thread? Most Ubuntu based distros (Mint, Gosalia, Ubuntu, Xubuntu) are shipped with FF 3.5.8, are there any reported problems with this version of FF? Mint does offer Opera, I really don't care about installing Wine to gain access to IE6, you open the browser, there are two critical updates that shows, but on three occasions, I left the desktop for an hour, and the two updates still never applied. I have installed Clam AV, is there a malware scanner for Mint, too? I do want to be secure, but don't wish to run two AV's, have four separate malware scanners, and scan every piece of everything the way you must do in Windows. With Windows, you spend more time scanning than browsing. I don't want to have to do this with Mint, too.

View 5 Replies View Related

Ubuntu Security :: Malware + MBR - How To Discover/remove

Feb 28, 2010

Can a virus survive a reformat, running bootrec /fixmbr (both from the install CD), and then installing Ubuntu? Reformat meaning from the windows disk recovery console, using the format command for all partitions. Likewise, would a virus be capable of surviving just the first two steps alone without installing Ubuntu, just re-installing windows?

If one were to have an MBR virus on Windows or Linux, how abouts would you find or remove it without doing an entire disk wipe? And before someone goes "Linux is immune" take into consideration vulnerabilities on the user end.

View 9 Replies View Related

Ubuntu Security :: Malware Alert In Chromium?

May 20, 2010

I was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.

View 2 Replies View Related

Fedora Security :: Bestlifeusa Malware Script - What Precautions To Take

Jan 2, 2010

A forum that I visit with Firefox has a message that says the following: Quote: I've detected a bestlifeusa.ru script that tries to run of this server, I've reported this, but I'm pretty sure most of you get this one too, I was just protected so I'm fine - you may not be so lucky, so I'm asking you guys to get your system checked immediately.

If you use firefox - install the No Script extention after you have cleaned your system for all worms, viruses and spyware. And make sure that the bestlifeusa.ru script can't execute on your system from this site. If you don't have any "anti script" "no script" "script stopping" system installed with your browser, you will likely not notice this script, I suspect it's a spy-script that spies on you - and you most certainly have it! I think the measures recommended might be Windows oriented.

View 12 Replies View Related

Ubuntu Security :: Possible For Malware To Survive Full Reformat

Mar 22, 2010

is it possible for malware to survive a full reformat (ie... dd /dev/zero,urandom,zero?I'm for some reason worried that my android based phone, PS3, XBox 360, Routers, and/or TV can somehow be infected with malware as they were hooked up to my network..Is this possible? And does Factory Resetting or Hard Resetting clear all data on the device and reset it entirely? If so, how does that work? Is there a specific storage chip on the device that cannot be written to and only read for when a hard reset is requested?

I'm aware that this sounds outlandish but I've got a severe paranoia for some reason and would like peer advice on how to resolve this and get some peace of mind.

View 9 Replies View Related

Ubuntu Security :: Malware Scanner For The Firefox Browser?

May 21, 2010

So I downloaded a movie from megaupload and a pop up came up with [URL]....that bounced me to[URL]..but that webpage did not display. Normally, on Windows, I would have an anti-virus that would likely give me some sense of good or bad websites. On Ubuntu, I am not quite sure. Do I need a malware scanner for the firefox browser? I have the standard package from the 10.04 distro with the latest updates...

View 5 Replies View Related

Ubuntu Security :: How To Insert Malware Block Lists

Sep 8, 2010

today is my second week using ubuntu , my question is how can i insert malware block list on ubuntu? as my regular win user i always put the list in dirrectory x: winblows system32 drivers etc hosts[URL]

View 9 Replies View Related

Ubuntu Security :: Decide If A New Program Have Installed Is Malware Or Not?

Aug 5, 2011

In Ubuntu 10.04 LTS, I have downloaded and installed texlive (2011). They have issued the following warnings:

1. "To the best of our knowledge, the core TEX programs themselves are (and always have been) extremely robust. However, the contributed programs in TEX Live may not reach the same level, despite everyone�s best efforts. As always, you should be careful when running programs on untrusted input; for maximum safety, use a new subdirectory."

What does this exactly mean? The installed program has already created own directories and subdirectories (e.g. /usr/local/texlive/2011/bin/i386-linux). Am I supposed to create a new subdirectory in home to write files and run latex program? Exactly how do I know that the downloaded and installed program is not malicious?

2. "Finally, TEX (and its companion programs) are able to write files when processing documents, a feature that can also be abused in a wide variety of ways. Again, processing unknown documents in a new subdirectory is the safest bet."

what is implied by "a feature that can also be abused in a wide variety of ways".

View 6 Replies View Related

Ubuntu Security :: Check Integrity Of .deb And Freedom From Malware Before Installing It?

Feb 25, 2010

I have been using the new ocr app 'cuneiform' that has appeared in the Lucid repo.It is command line and works very well.However, the rest of the household would like to use it and desire a gui front-end.Mepis has this and it is called YAGF. Works well.We are told to install only from trusted sources.how can I check the integrity of this .deb and freedom from malware before installing it?

View 5 Replies View Related

Ubuntu Security :: User Uploaded File Malware Scanner?

Mar 18, 2010

Alright running a ubuntu based webserver. The app will be accepting user uploaded files from my client's clients. My client will then need to download an access the files. I'm looking for a solution to scan for windows malware at the time of upload so I never expose her machine directly to her client's uploads.

View 2 Replies View Related

Ubuntu Security :: Malware-gen In Class Files With Latest Java?

Apr 4, 2011

I browse with Firefox and I had been running a pretty vanilla install of Ubuntu 10.4 (with a few things like tomcat and mysql) I supposed the repos kept everything (like java) up to date.

Some time ago I replaced OpenJDK with SunJDK.
java -version is "1.6.0_24"
which java is /usr/bin/java

Yesterday, for the first time, I downloaded and ran an Avast! scan. It complains of "Malware-gen" in several class files in what I think is the java cache. Does anyone know how this could be?

View 2 Replies View Related

Security :: Cmos - Disabled Hard Drives Still Be Accessed By Malware ?

Jul 23, 2009

I was thinking of physically removing the hard drive and use the computer only with a liveCD for security. But is disabling the hard drive in the cmos just as secure, or does software exist that can still access the hard drive?

View 12 Replies View Related

Security :: Pruned TFH-based Posts From Malware Scanner Thread?

Dec 12, 2010

Originally Posted by smokerSuch things can happen on linux. But try googling for actual occurrences.Greetings SmokerWith no prejudice sir: I've got a personal list of at least 75 such occurrences, just this year alone in Linux-OS's... If the Blacks wants to mess-up your OS, they do it as easy as microstuf could nuke any target Windows-98 OS today... Linux is web-page secure, only... You may think Linux is impervious to hack-attack, but it's definitely Not!.. It's just that you haven't been extremely noisy on the internet about how humanity should change its bad-attitudes towards Life and Love, before it's too late... In and from your "safe little box" you are 99.99% safe from the Blacks, IF your are silent and compliant to "North American peasant control policy".. but start doing a little "Al Gore and Greenpeace style bitching noise", and very quickly you'll discover just how unprotected your Linux powered PC really is... Ask Greenpeace and Al Gore about the max-attacks to their computer systems... I had to reinstall the OS about a hundred times this year.. Seems the big money world didn't like that I published, that "to save humanity from its impending early extinction, Money needs be extincted and replaced with something conducive to life and living and love".. They Freaked!, and slammed my PC's repeatedly, hard... Sure, Linux is reasonably secure, but it ain't perfect.

View 5 Replies View Related

Security :: Malware Potentially Implicated In 2008 Fatal Plane Crash?

Aug 25, 2010

Malware Potentially Implicated in 2008 Fatal Plane Crash in SpainQuote:Investigators looking into the crash of Spanair Flight 5022 at Madrid International Airport on August 20, 2008, killing 154, found that the airline's central computer system used to monitor technical problems in its fleet was infected with malware, according to this news report. The central computer system should have warned the airline that Flight 5022, an MD-82 aircraft, was having repeat mechanical problems.[URL]

View 7 Replies View Related

Fedora Security :: "Your System May Be Seriously Compromised"

Feb 21, 2010

I just found these in my setroubleshoot logs and what the hell is going on:

Quote:

Summary:

Your system may be seriously compromised!

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux has prevented semodule from modifying $TARGET. This denial indicates semodule was trying to modify the selinux policy configuration. All applications that need this access should have already had policy written for them. If a compromised application tries to modify the SELinux policy this AVC will be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context staff_u:staff_r:staff_t:s0
Target Context system_u:object_r:semanage_store_t:s0
Target Objects modules [ dir ]

[code]....

This isn't even the half of it either, there are other warnings in between them about netfilter_contexts unlink operations and /usr/sbin/semodule "rmdir" operations on modules.

All I can remember doing earlier was switching into permissive mode to change the type of a WINE application, the legitimacy of which - for system security purposes - I don't doubt. That, and generating policy for it which I tried running the install script for after changing the type didn't work. Neither of those actions seem like they'd try to remove the modules directory.

View 3 Replies View Related

Ubuntu Security :: Anti Malware Filtering Works In Open Dns Works?

Jan 13, 2010

using ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.

View 4 Replies View Related

Ubuntu :: Unofficial Purged Package Still Appears In Synaptic?

Jun 11, 2010

I added a third-party repository and installed a package (that is not in the official repos).After some minutes I decided to uninstall the package (apt-get remove package), remove the repository and execute apt-get update.All went without problems.But if I open synaptic the uninstalled package is still listed as an available package. If I right-click it->properties->versions shows the already removed repository.If I execute apt-cache search package, no results are shown, but synaptic stills lists it.

View 1 Replies View Related

Security :: How To Block Attachments To Gmail

May 7, 2010

I was wondering how to block attachments to gmail. I am running squid 2.7 stab9 with dansguardian 2.10, users authenticated from LDAP. I have configured the POST restrictions in Dansguardian which does block all attachments to hotmail/yahoo etc etc but attachments to gmail continue to upload.

View 1 Replies View Related

Security :: Can't Open Gmail / Certificate Error?

Jan 5, 2011

The problem is here:When I was open gmail in my system Certificate Error is coming. The error details:

This Connection is Untrusted You have asked Firefox to connect securely to url, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
code....

View 7 Replies View Related

Security :: Gmail Chat Block By Squid?

Jan 17, 2010

how to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.

[Code]...

View 1 Replies View Related

Security :: Block Only Gmail Access Through Https?

Nov 5, 2010

My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal http://gmail.com is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY MY COMPANY GOOGLE MAIL PROGRAM.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved