Malware Found Hidden In Screensaver On Gnome-Look

AndGodSed writes "OMG! UBUNTU! Reports the following: 'Malware has been found hidden inside an innocuous 'waterfall' screensaver .deb file made available on popular artwork sharing site Gnome-Look.org. The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads. The dodgy screensaver in question has since been removed from gnome-look, and this incident was a very basic, if potentially successful, attempt.'" A similar report at Digitizor.com says that similar malware was also found in a theme called Ninja Black. For those affected, both sites also provide instruction on cleansing your system.

Re:Not more safe

[_merlin]

It looks like it's following the same pattern as Windows malware, too: make a cool screensaver, post it to sharing sites, hope people tell their friends about it. That was a common malware vector for Windows in the early part of this decade. Next there'll be dodgy "codecs" on pr0n sites, and once people start using malware scanners for Linux, they'll make dodgy fake antivirus software to con gullible users. Netbooks may be great for attracting attention to Linux, but we have to remember that this will include the kind of attention that no-one wants.

Re:Not more safe

You kind of have a point, but the fact is, you need root privileges to install a .deb, and I have quite successfully installed gtk/gtk2 themes/icons/etc without admin privileges. If I downloaded a .deb from a random site and then installed it, it would be just like running a .exe on windows, but for most things I need to do on linux, I don't actually have to take that risk, while on Windows it seems everything is a .exe. Not sure about screensavers, but it seems this was, like 90% of viruses for any platform, a hack relying on stupid users elevating the virus to root authority themselves.

Repositories are getting a lot better too, I don't use ubuntu any more but when I left the PPA was in ascendancy, which seemed to allow a much better enforcement of security while still letting 3rd party stuff in.

Re:Not more safe

[nurb432]

Except one would hope that you could trust what you get from a site like this. Not everyone can scour the source/binary of every app they get from a 'trusted' site.

And if you cant trust the 'trusted' sites for the free stuff, then the entire FreeOS movement is dead in its tracks.

Re:Not more safe

[digitalunity]

Here's an idea. Feel free to agree, disagree, tear it apart, whatever...

Why not have a kernel network access logging module with a userland process that periodically reports to users which programs are accessing the TCP/IP network? Say once a week or once a month or something. The number of programs that do this for many users is quite low. Probably Firefox, Thunderbird, Opera, uTorrent, a short list of other programs. Users then have an opportunity to ignore those programs on future reports. Users now have a good idea if there are changes to their system that might affect security.

There would still be opportunity for malware to access the internet, but users would either 1) notice it or 2) it would make the malware work in very complicated, noticeable ways(like uploading data to a website using a URL).

Re:Not more safe

[Thinboy00]

My mother managed to get some nearly-impossible-to-remove scareware on her (Windows) netbook. She swears up and down that she never visited any sketchy sites, had AV (but no anti-malware), etc. She was basically using it for several things:
1) Visiting various newspapers' websites
2) Webmail (a dedicated server for her business)
3) Word processing (OpenOffice.org)
4) Spider Solitaire
5) A few online games (jigsaw puzzles, sudoku, presumably flash-based) she found on Google. I think this is the most likely vector, but she uses the same websites all the time.
6) Visiting certain reputable, ad-free (AFAIK) sites.
She is smart enough to never download/run/open suspicious programs/files/etc and she was using Firefox 3.5. This thing was able to prevent itself from being uninstalled easily. On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries. On Windows, we eventually had to use "System restore" (an OS feature) -- which the program could potentially have disabled had the malware author thought to do so (it was totally rooted -- the malware was preventing the installation of some anti-malware programs) and then download the anti-malware program that had previously failed to install. Windows Vista/7 are probably more secure than XP which she has, but I'm still reluctant to blame all Windows security issues on user stupidity. Now I have her running Firefox+NoScript so that it (hopefully) won't happen again, but that's mostly because she refuses to switch to Linux. Most users would be running IE7 or so... not Firefox+NoScript. This is clearly not just "user stupidity" -- it's a windows genuine advantage^H^Hbug.

Re:Not more safe

[mjwx]

Open source or not, you can't fix that unless the whole system is totally locked down like iPhone

No, even the iphone has vulnerabilities. Locking down a system does not fix vulnerabilities, it only hides them from public view. An open system is more secure as everyone know when a vulnerability is discovered and syadmin's can make work arounds (or even pull the system down) until a patch is developed. With a closed system there is less chance of an exploited vulnerability being discovered by the people who want to fix it or are affected by it.