You are Here:
Linux Lite 6.6 FINAL Released - Support for 22 Languages Added - See Release Announcement Section



Image magic Malware on 3.4

Author (Read 7010 times)

0 Members and 1 Guest are viewing this topic.

Re: Image magic Malware on 3.4
« Reply #18 on: August 01, 2017, 07:14:06 AM »
 

trinidad

  • Platinum Level Poster
  • **********
  • 1463
    Posts
  • Reputation: 212
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 5.x
The bug was about dirty video files. If the system vulnerability is patched the USB that caused the DOS should not be able to cause it again. Video files often have UI controls written into them. This is technically not malware, but something that has the potential to be malware. You should be fine to run the USB again. Save your session before you do, and don't sudo to use the USB. There is a chance that the USB will no longer work for you too.

TC
« Last Edit: August 01, 2017, 07:18:44 AM by trinidad »
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

Re: Image magic Malware on 3.4
« Reply #17 on: July 31, 2017, 10:41:53 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Hope it is help you solve that. :)
 

Re: Image magic Malware on 3.4
« Reply #16 on: July 31, 2017, 10:21:13 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
Have look into further.

Thanks,
Computer is patched but what about this infected drive I need to recover data from?
Thanks,
Shannon

I am unsure how to do it. It is likely you can use a "sandbox" to open the usb stick in and inspect the files.

Update -
It has some methods how to here -  https://security.stackexchange.com/questions/67001/how-to-use-a-found-usb-key-safely
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #15 on: July 31, 2017, 06:20:19 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Computer is patched but what about this infected drive I need to recover data from?
Thanks,
Shannon

I am unsure how to do it. It is likely you can use a "sandbox" to open the usb stick in and inspect the files.

Update -
It has some methods how to here -  https://security.stackexchange.com/questions/67001/how-to-use-a-found-usb-key-safely

« Last Edit: July 31, 2017, 06:44:58 PM by bitsnpcs »
 

Re: Image magic Malware on 3.4
« Reply #14 on: July 31, 2017, 04:29:41 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
Computer is patched but what about this infected drive I need to recover data from?

Thanks,
Shannon


Hello,
glad you happy and feeling comfortable in knowing your system is patched. :)
Issues on Linux get patched much quicker than Windows, with update regularly.
Generally at computer, to make a small routine, basic checks like above.
Do Systemback backup and ISO backup before is any kind of problem, such as hardware issues.
Do data back up often add any new files copy/paste it to portable hdd or usb stick.
Not to use usb you found, not to loan it.

The advanced users will know more efficient checks and detailed than I do.

If there is malware designed for Linux mostly it will not run at Windows7, and those huge numbers of Windows malware, virus mostly wont affect Linux.
I don't know if maybe some it can be multi-platform.

If you happy now with the update patch, can you click modify and choose SOLVED please.
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #13 on: July 31, 2017, 04:20:41 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
I have been using LL for a couple of years and until then never had any issues. What is still puzzling is the fact I distinctly remember doing an update before i plugged in the drive. I am still reluctant to plug in this drive but don't want to lose data either. There may be files on there I don't have on DVD. Don't know what to do with this drive. My system is patched but afraid to plug in the infected drive. Maybe have a someone with a WIN machine to scan the disk? Need to keep a close eye on that computer and not plug drives into unknown environments like Windows networks :0 Meanwhile keep building more computers with linux.

Thank you,
Shannon


This particular bug is just that. A bug. It was discovered largely because of the other software involved. There is not any malware in the other software just a Debian system vulnerability to the other software whereby malware could be written to control the desktop GUI (denial of service vulnerability) If you are upadated via the Lite updater I'm sure you are fine. It was discovered precisely in the way you discovered it, loss of GUI control. The vulnerabitily was patched in less than week. It was never malware, just a potential vulnerability that allowed for the possibility of a denial of service hack.

TC
« Last Edit: July 31, 2017, 04:26:52 PM by Redchief »
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #12 on: July 31, 2017, 09:41:01 AM »
 

trinidad

  • Platinum Level Poster
  • **********
  • 1463
    Posts
  • Reputation: 212
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 5.x
This particular bug is just that. A bug. It was discovered largely because of the other software involved. There is not any malware in the other software just a Debian system vulnerability to the other software whereby malware could be written to control the desktop GUI (denial of service vulnerability) If you are upadated via the Lite updater I'm sure you are fine. It was discovered precisely in the way you discovered it, loss of GUI control. The vulnerabitily was patched in less than week. It was never malware, just a potential vulnerability that allowed for the possibility of a denial of service hack.

TC
« Last Edit: July 31, 2017, 09:43:30 AM by trinidad »
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

Re: Image magic Malware on 3.4
« Reply #11 on: July 31, 2017, 08:10:26 AM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Hello,
glad you happy and feeling comfortable in knowing your system is patched. :)
Issues on Linux get patched much quicker than Windows, with update regularly.
Generally at computer, to make a small routine, basic checks like above.
Do Systemback backup and ISO backup before is any kind of problem, such as hardware issues.
Do data back up often add any new files copy/paste it to portable hdd or usb stick.
Not to use usb you found, not to loan it.

The advanced users will know more efficient checks and detailed than I do.

If there is malware designed for Linux mostly it will not run at Windows7, and those huge numbers of Windows malware, virus mostly wont affect Linux.
I don't know if maybe some it can be multi-platform.

If you happy now with the update patch, can you click modify and choose SOLVED please.
 

Re: Image magic Malware on 3.4
« Reply #10 on: July 31, 2017, 03:07:49 AM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
I think the current version i'm running is ok. Still shy about plugging in drive. I left somewhere overnight plugged into a Win7 machine :0 No telln what got on it.

Funny thread.

Thank you.


Yes it is preinstalled. There is some info here about it and dependencies on it. https://askubuntu.com/questions/794588/how-to-remove-imagemagick-without-breaking-its-dependencies
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #9 on: July 31, 2017, 02:45:39 AM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
"For the oldstable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u10."

Looks like this distro install shows imagemagick ubuntu package list as version 8.6.8.9.9-7

Accordingly this version should be ok?
Also, previously did updates either the same day before or the same day event occurred not sure. Puzzling.

Thank you,

Fresh reinstall from DVD with updates. This package is pre-installed in synaptic. My guess may be off but believe this malware can leave code on hdd the stays there after reinstall. When first compromised had fresh updates also.

Hmm.
Thank you.

https://www.debian.org/security/2017/dsa-3914

This is a modern (recently discovered hack) that was not possible on older versions of Deb. As systems evolve new features new ways to compromise them evolve as well. The best reason to run stable systems linked to the security update path. LL has a simple efficient update application. Don't disable it.

TC
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #8 on: July 30, 2017, 10:33:20 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Yes it is preinstalled. There is some info here about it and dependencies on it. https://askubuntu.com/questions/794588/how-to-remove-imagemagick-without-breaking-its-dependencies
 

Re: Image magic Malware on 3.4
« Reply #7 on: July 30, 2017, 07:48:19 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
Frankly, I was not willing to connect this machine back up to the internet other than for system updates. After that I pull cable and look for things, ask questions here and maybe try to understand what happened before attempting any fixes. Not a pro IT guy to say the least. I guess what my first question should be is should this image magic package be preinstalled? Another question should be what packages rely on image magic software that I cannot do without? If possible remove completely would be a better option if possible.

Thanks,
Shannon


Hello,

check after a while for new updates, regularly do updates.

Menu>System>Resource usage

Observing the activity for "command", Time+, cpu usage, memory usage, to do this with no Firefox/browser and no web apps open, observe few minutes, repeat with web apps open, report back any unusual observances/the details of command being used, and % of resource use.

Hold down Ctrl and Alt keys press T (ctrl+alt+t) to open your terminal.

enter this

Code: [Select]
sudo ufw status verbose
does the reply confirm UFW is running with these settings ? -

Code: [Select]
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

If no enter into your terminal -

Code: [Select]
sudo ufw enable
repeat
Code: [Select]
sudo ufw status verbose
If UFW firewall is not enabling correctly report back this details.

If yes close terminal and check this -
 
Menu>Settings>Firewall Configuration
tab "log" look for unusual
tab "Report" application column, does it show imagemagic ?
If it shows in application column imagemagic , report back port number and protocol it is using.

It shall match from Resource Usage and application column, if only resource usage and not report UFW needs adjusting the logging to high to find its port use and protocol.
Then we to block/deny it next.
« Last Edit: July 30, 2017, 08:11:12 PM by Redchief »
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #6 on: July 30, 2017, 03:40:40 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Hello,

check after a while for new updates, regularly do updates.

Menu>System>Resource usage

Observing the activity for "command", Time+, cpu usage, memory usage, to do this with no Firefox/browser and no web apps open, observe few minutes, repeat with web apps open, report back any unusual observances/the details of command being used, and % of resource use.

Hold down Ctrl and Alt keys press T (ctrl+alt+t) to open your terminal.

enter this

Code: [Select]
sudo ufw status verbose
does the reply confirm UFW is running with these settings ? -

Code: [Select]
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

If no enter into your terminal -

Code: [Select]
sudo ufw enable
repeat
Code: [Select]
sudo ufw status verbose
If UFW firewall is not enabling correctly report back this details.

If yes close terminal and check this -
 
Menu>Settings>Firewall Configuration
tab "log" look for unusual
tab "Report" application column, does it show imagemagic ?
If it shows in application column imagemagic , report back port number and protocol it is using.

It shall match from Resource Usage and application column, if only resource usage and not report UFW needs adjusting the logging to high to find its port use and protocol.
Then we to block/deny it next.
« Last Edit: July 30, 2017, 04:52:35 PM by bitsnpcs »
 

Re: Image magic Malware on 3.4
« Reply #5 on: July 30, 2017, 02:08:35 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
Fresh reinstall from DVD with updates. This package is pre-installed in synaptic. My guess may be off but believe this malware can leave code on hdd the stays there after reinstall. When first compromised had fresh updates also.

Hmm.
Thank you.

https://www.debian.org/security/2017/dsa-3914

This is a modern (recently discovered hack) that was not possible on older versions of Deb. As systems evolve new features new ways to compromise them evolve as well. The best reason to run stable systems linked to the security update path. LL has a simple efficient update application. Don't disable it.

TC
Linux enthusiasts don't care about the lame stream.
 

Re: Image magic Malware on 3.4
« Reply #4 on: July 30, 2017, 02:02:09 PM »
 

Redchief

  • Merchandise Supporter
  • New to Forums
  • *****
  • 23
    Posts
  • Reputation: 1
  • Linux Lite Member
    • View Profile

  • CPU: Pentium N3700 Quadcore 1.6ghz

  • MEMORY: 4Gb

  • VIDEO CARD: On board

  • Kernel: 5.x
Fresh reinstall from DVD with updates. No software was installed after reinstall. Nothing in list firewall.

Thank you,

Hello Shannon,

I dont know if it is preinstalled, it does come with openshot I installed. It has info here of the patches for it, https://usn.ubuntu.com/usn/usn-3363-1/
If you have used Menu>Install Updates it should be patched, you can check the updates and do a file search for the file names on the link.
Recommended check you Firewall rules Menu>All>Firewall Configuration  delete any rules shown under "rules tab" it should be blank, unless you chose to add a rule. If you didnt choose to add a rule or agree to a rule it is the classic definition of a backdoor, delete it.

Don't need to buy new hdd for this, unless you want a new one.
Linux enthusiasts don't care about the lame stream.
 

 

-->
X Close Ad

Linux Lite 6.6 FINAL Released - Support for 22 Languages Added - See Release Announcement Section