Linux Malware

[Stephen Reichow]

Well, I am basically a novice who has learned much recently, (many of my
describing terms may not be accurate, steep learning curve) but I have a
google drive page describing the infection:

I first noticed a self replicating infection on a Knoppix CD-ROM 7 months
ago.  Months Later I noticed the same symptoms when I booted UBCD Parted
Magic.

I know the hackers step up infection (they install zypper in OpenSuse for
example.) This is part rootkit similar to "flame" and part social
engineered artificial internet environment.


Note: click on malware symptoms for overview, also, the "beefpages" is now
a broken link.

https://drive.google.com/folderview?id=0B7Mx1oILAt8WRnpqa1l1bU1tMWc&usp=sharing


Please excuse the brevity, library closing in minutes

Thanks for your prompt response and help

-Steve





On Fri, Nov 15, 2013 at 7:41 PM, Jasper St. Pierre <jstpierre at mecheye.net>wrote:

> On Fri, Nov 15, 2013 at 6:10 PM, Stephen Reichow <
> stephen.reichow at gmail.com> wrote:
>
>> Hello, I have found some components of freedesktop.org are being abused
>> in conjunction with a rootkit infection.
>>
>> http://www.freedesktop.org/wiki/Software/PolicyKit/PluggableArchitecture/
>>
>> The pluggable architecture is the SSH component of a malware rootkit on
>> my computer, giving remote attackers access.
>>
>> Any help would be appreciated.
>>
>
>  I don't think PolicyKit is at fault, here. If you have permissions to
> write to /usr/lib, where the plugins are stored, you can do a lot of damage
> by installing a replacement glibc, for instance.
>
> Do you know how the infection started?
>
>
>> Thank You -Steve
>>
>>
>>
>> _______________________________________________
>> xdg mailing list
>> xdg at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/xdg
>>
>>
>
>
> --
>   Jasper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/xdg/attachments/20131116/8f7ce555/attachment.html>