Possible infection of Linux.BtcMine.174
Any users found Linux.BtcMine.174 on their system? I got infected, but removed it by the use ov Comodo. Where the h* did it come from, which repo?
3 Answers
A crypto trojan with DDOS atacks? touching the kernel... Its bad! Do you installed a bundle binary, script, flatpak? Because a rpm is difficult hide a trojan... Avoid install/open from untrusted sources...
Here some news about the trojan in the next hours...
https://brica.de/alerts/alert/public/...
Comments
What makes you think you got this from the fedora repos?
To see if a particular file is provided by a package in the repos, use the provides option with dnf
sudo dnf provides \*/Linux.BtcMine.174ee
See https://ask.fedoraproject.org/en/ques...
And
https://dnf.readthedocs.io/en/latest/... for details and additional dnf features including search options and history.
As far as that file see https://sensorstechforum.com/cve-2013...
https://access.redhat.com/security/cv...
https://access.redhat.com/security/cv...
I am not sure from what you posted how you were affected by this, but the fedora repos are probably not the source
Comments
I ran " sudo dnf provides */Linux.BtcMine.174ee " No hits. But... snapd could be it... But no. Kismet most likely, because it will no longer load... after Comodo identified it, cleaned it, and removed it's directories. Kismet not installed from repo -ofcourse- Bye Kismet!
I was probably not too affected, since my box is a laptop and not a server, but I got a heads-up on the malware from a company I used to work for. Since I hate malware on my computer I run GNU/Linux on 3 out of 4 laptops ;) Hence I checked. I just don't like other ppl using my computer. Whithout my knowledge.
Just a huge wakeup-call for me, who was more or less relaxed about malware on GNU/Linux, this one got me! Big time. Anyway, thanks for tips and help. And good hunting, stay safe.
B4lder
Comments
1
Why did you install it not from Fedora repo in the first place? https://apps.fedoraproject.org/packag...
It would be also good if you reported or warned others about source through which you were infected.
Stats
Asked: 2018-11-26 14:50:16 -0600
Seen: 447 times
Last updated: Nov 27 '18
What Fedora version you running? What is your kernel version? can you provide a list of repositories you have installed?
Yeah sure. And the vector of this formidable, almost superhuman script is?
Fedora 29 workstation :)
That proofs you're trolling.
Well since you have Fedora 29, you may get the file but nothing else happen as this particular Trojan uses DirtyCow security issue to scale and get privileges, DirtyCow was patched on Fedora 10, it could get privilege. You should not install software from unreliable source, use or try to use official repositories. More information on this previews anwser