Author Topic: Unix.Penguin  (Read 1637 times)

fuckoffmicrosoft

  • Member
  • **
  • Posts: 73
  • Kudos: 0
    • http://jeujeu.ath.cx
Unix.Penguin
« on: 28 September 2002, 05:23 »
LMFAO that server wasnt up 3 hours before i foubd this on my wifes pc and i figure that the only i couldve gotten it was by the distro ftp site i downloaded from http://securityresponse.symantec.com/avcenter/venc/data/unix.penguin.html is there a way to further prevent this from happenig?

fuckoffmicrosoft

  • Member
  • **
  • Posts: 73
  • Kudos: 0
    • http://jeujeu.ath.cx
Unix.Penguin
« Reply #1 on: 28 September 2002, 05:25 »
found the culprit "The compressed file WRITING-PURECFG within C:\Documents and Settings\lee\Desktop\redhat\kcmpureftpd-0.6.tar within C:\Documents and Settings\lee\Desktop\redhat\kcmpureftpd-0.6.tar.gz is infected with the Unix.Penguin virus."

[ September 27, 2002: Message edited by: fuckoffmicrosoft ]

[ September 27, 2002: Message edited by: fuckoffmicrosoft ]


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Unix.Penguin
« Reply #2 on: 28 September 2002, 06:19 »
Maybe if you wouldn't run Windows you wouldn't have to worry about these things.
Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Unix.Penguin
« Reply #3 on: 28 September 2002, 07:27 »
Thtas all i have to do from stop the daily re-isntallation of windows?!!! Why didnt anyone tell me this sooner. And to think of all those viru and hardrive image saving. The answer all along was to simply get rid of windows!!!!!.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

lazygamer

  • Member
  • **
  • Posts: 1,146
  • Kudos: 0
Unix.Penguin
« Reply #4 on: 28 September 2002, 07:58 »
Now that's what I call a pathetic virus. The author is so sure of his inability to do REAL damage in Linux that he has to hope someone mails out the root password? Now that's what I call secure!
For every hot Lesbian you see in a porno video, there is a fat, butch-like, or just downright ugly lesbian beeyotch marching in a gay pride parade, or bitching about same sex marriages. -Lazygamer on homosexuality

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Unix.Penguin
« Reply #5 on: 28 September 2002, 08:01 »
of course, there is no way to do damage with a virus. Luckily most recent distros use shadowed passwords so mailing out /etc/passwd wont really gain them anything.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Bazoukas

  • Member
  • **
  • Posts: 866
  • Kudos: 140
    • http://whitehouse.com
Unix.Penguin
« Reply #6 on: 28 September 2002, 13:28 »
Who the hell will send out their root password?

 That script kiddie must have been smoking some realy cheap ass weed.
Yeah

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Unix.Penguin
« Reply #7 on: 28 September 2002, 17:58 »
its a fucking trojan. Someone runs a script that happens to have a line that will mail /etc/passwd to the script kiddie. The fucking owner of the computer has no idea that the script he just ran sent out his root passowrd (unless he is smart and checks logs).
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Unix.Penguin
« Reply #8 on: 28 September 2002, 20:48 »
The owner of this computer (me) would never run a script sent to him in an email. Surely without first looking at the code. You gotta be some kinda stupid to fall for something like this.
Someone please remove this account. Thanks...

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Unix.Penguin
« Reply #9 on: 29 September 2002, 02:21 »
Yeah, who (besides a Lindows user) would read their email as root, not that a script can be automatically executed anyway.  You need root access to view /etc/shadow which is where the encrypted passwords reside.
Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Unix.Penguin
« Reply #10 on: 29 September 2002, 06:35 »
it would only work if it were an older distro that didnt have shadowed passowrds then? (just like i mentioned in my previous post).
It would be a script that is on a site that looks legitimate and is supposed to (and does) something useful like an administration script but also sends out your /etc/passwd but most people wouldnt run a script they thought to be legitamite anyway without looking at the code first.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Unix.Penguin
« Reply #11 on: 29 September 2002, 07:46 »
Linux has been using shadowed passwords for years. I missed your previous post that mentioned it. Sorry bout that!
Someone please remove this account. Thanks...