Ubuntu Security :: How To Insert Malware Block Lists
Sep 8, 2010
today is my second week using ubuntu , my question is how can i insert malware block list on ubuntu? as my regular win user i always put the list in dirrectory x: winblows system32 drivers etc hosts[URL]
Can a virus survive a reformat, running bootrec /fixmbr (both from the install CD), and then installing Ubuntu? Reformat meaning from the windows disk recovery console, using the format command for all partitions. Likewise, would a virus be capable of surviving just the first two steps alone without installing Ubuntu, just re-installing windows?
If one were to have an MBR virus on Windows or Linux, how abouts would you find or remove it without doing an entire disk wipe? And before someone goes "Linux is immune" take into consideration vulnerabilities on the user end.
I was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.
I realize that FF 3.6 was referred to near the end of this thread? Most Ubuntu based distros (Mint, Gosalia, Ubuntu, Xubuntu) are shipped with FF 3.5.8, are there any reported problems with this version of FF? Mint does offer Opera, I really don't care about installing Wine to gain access to IE6, you open the browser, there are two critical updates that shows, but on three occasions, I left the desktop for an hour, and the two updates still never applied. I have installed Clam AV, is there a malware scanner for Mint, too? I do want to be secure, but don't wish to run two AV's, have four separate malware scanners, and scan every piece of everything the way you must do in Windows. With Windows, you spend more time scanning than browsing. I don't want to have to do this with Mint, too.
is it possible for malware to survive a full reformat (ie... dd /dev/zero,urandom,zero?I'm for some reason worried that my android based phone, PS3, XBox 360, Routers, and/or TV can somehow be infected with malware as they were hooked up to my network..Is this possible? And does Factory Resetting or Hard Resetting clear all data on the device and reset it entirely? If so, how does that work? Is there a specific storage chip on the device that cannot be written to and only read for when a hard reset is requested?
I'm aware that this sounds outlandish but I've got a severe paranoia for some reason and would like peer advice on how to resolve this and get some peace of mind.
So I downloaded a movie from megaupload and a pop up came up with [URL]....that bounced me to[URL]..but that webpage did not display. Normally, on Windows, I would have an anti-virus that would likely give me some sense of good or bad websites. On Ubuntu, I am not quite sure. Do I need a malware scanner for the firefox browser? I have the standard package from the 10.04 distro with the latest updates...
In Ubuntu 10.04 LTS, I have downloaded and installed texlive (2011). They have issued the following warnings:
1. "To the best of our knowledge, the core TEX programs themselves are (and always have been) extremely robust. However, the contributed programs in TEX Live may not reach the same level, despite everyone�s best efforts. As always, you should be careful when running programs on untrusted input; for maximum safety, use a new subdirectory."
What does this exactly mean? The installed program has already created own directories and subdirectories (e.g. /usr/local/texlive/2011/bin/i386-linux). Am I supposed to create a new subdirectory in home to write files and run latex program? Exactly how do I know that the downloaded and installed program is not malicious?
2. "Finally, TEX (and its companion programs) are able to write files when processing documents, a feature that can also be abused in a wide variety of ways. Again, processing unknown documents in a new subdirectory is the safest bet."
what is implied by "a feature that can also be abused in a wide variety of ways".
I have been using the new ocr app 'cuneiform' that has appeared in the Lucid repo.It is command line and works very well.However, the rest of the household would like to use it and desire a gui front-end.Mepis has this and it is called YAGF. Works well.We are told to install only from trusted sources.how can I check the integrity of this .deb and freedom from malware before installing it?
Alright running a ubuntu based webserver. The app will be accepting user uploaded files from my client's clients. My client will then need to download an access the files. I'm looking for a solution to scan for windows malware at the time of upload so I never expose her machine directly to her client's uploads.
I browse with Firefox and I had been running a pretty vanilla install of Ubuntu 10.4 (with a few things like tomcat and mysql) I supposed the repos kept everything (like java) up to date.
Some time ago I replaced OpenJDK with SunJDK. java -version is "1.6.0_24" which java is /usr/bin/java
Yesterday, for the first time, I downloaded and ran an Avast! scan. It complains of "Malware-gen" in several class files in what I think is the java cache. Does anyone know how this could be?
A forum that I visit with Firefox has a message that says the following: Quote: I've detected a bestlifeusa.ru script that tries to run of this server, I've reported this, but I'm pretty sure most of you get this one too, I was just protected so I'm fine - you may not be so lucky, so I'm asking you guys to get your system checked immediately.
If you use firefox - install the No Script extention after you have cleaned your system for all worms, viruses and spyware. And make sure that the bestlifeusa.ru script can't execute on your system from this site. If you don't have any "anti script" "no script" "script stopping" system installed with your browser, you will likely not notice this script, I suspect it's a spy-script that spies on you - and you most certainly have it! I think the measures recommended might be Windows oriented.
I was thinking of physically removing the hard drive and use the computer only with a liveCD for security. But is disabling the hard drive in the cmos just as secure, or does software exist that can still access the hard drive?
second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?
Originally Posted by smokerSuch things can happen on linux. But try googling for actual occurrences.Greetings SmokerWith no prejudice sir: I've got a personal list of at least 75 such occurrences, just this year alone in Linux-OS's... If the Blacks wants to mess-up your OS, they do it as easy as microstuf could nuke any target Windows-98 OS today... Linux is web-page secure, only... You may think Linux is impervious to hack-attack, but it's definitely Not!.. It's just that you haven't been extremely noisy on the internet about how humanity should change its bad-attitudes towards Life and Love, before it's too late... In and from your "safe little box" you are 99.99% safe from the Blacks, IF your are silent and compliant to "North American peasant control policy".. but start doing a little "Al Gore and Greenpeace style bitching noise", and very quickly you'll discover just how unprotected your Linux powered PC really is... Ask Greenpeace and Al Gore about the max-attacks to their computer systems... I had to reinstall the OS about a hundred times this year.. Seems the big money world didn't like that I published, that "to save humanity from its impending early extinction, Money needs be extincted and replaced with something conducive to life and living and love".. They Freaked!, and slammed my PC's repeatedly, hard... Sure, Linux is reasonably secure, but it ain't perfect.
Malware Potentially Implicated in 2008 Fatal Plane Crash in SpainQuote:Investigators looking into the crash of Spanair Flight 5022 at Madrid International Airport on August 20, 2008, killing 154, found that the airline's central computer system used to monitor technical problems in its fleet was infected with malware, according to this news report. The central computer system should have warned the airline that Flight 5022, an MD-82 aircraft, was having repeat mechanical problems.[URL]
I wouldn't call myself paranoid, but I do try to keep reasonably secure on my home network (WPA encryption, router firewall, etc.). I also occasionally use nmap to make sure I don't see any unknown computers logged into my network. The problem is I have five computers that all use DHCP on the network and they are not all up all of the time. At most, there are two to three online at any one time.
So, my question is: Do any of the IP addresses remain in the router's database for a computer that has gone offline (shutdown)?
The reason for my question is that today I ran nmap on my home network and noted an IP address that was not currently up on the network. It is, however, an address that is frequently assigned to one of the computers when it is online, but that address was not up at the time I ran nmap. Just trying to make sure my network is not being used by some nearby computer.
I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
I'm trying to block an incoming URL. My ISP is hijacking 404 pages and annoyingly changing the URL line in the browser and flashing all sorts of popup ads. I just need it for incoming URLs which my router doesn't seem to handle. I'd prefer something packaged with Ubuntu 8.04, but anything simple will do. I know in KDE I could edit the kdeglobals file with:
Is it possible to list/find/compare the program versions on a Centos system, against Redhat/Centos Errata/Security/Bug lists? Sort of looking for a way to make sure that all the packages on a system are ok, and not a security risk-- Without having to update every package. A pseudo code, in my mind is:
My question is how to block a subdomain of a site. To make it as clear as possible, I'll give an example. I am regularly entering this arbitrary site [URL] which redirects me to this page [URL] and this index.html takes an image from a subdomain which is a subfolder of itself, that is: [URL]. What I am asking is blocking the images to be taken, but not the main page itself, i.e. to block www.somesite.abc/images/ without blocking the overall www.somesite.abc.
My idea was to use the /etc/hosts file by redirecting to loopback address: Code: 127.0.0.1 www.somesite.abc/images But it looks as if it doesn't affect things at all. Should I use it another way? Modifying /etc/hosts.deny maybe useful?
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
on my linux server i have many websites but with difrent ips address, is some way to i can block all the ips with many connection (100+) just from my website not from all websites
now still don't know how to use that properly.now after a quick sudo tcpdump -n -i eth0 > tcpdump.txtits obvious to me at least that anything 85.9.102.* is not to be trusted.see attached.how do i ban everything and anything from that block, pref without upsetting firehol. whats opinions of ipcop, btw.