You are Here:
Download Linux Lite 5.6 Final today - See Release Announcements



X Close Ad
X Close Ad
Virus Detected on Lite 2.6 Wallpapers

Author (Read 13846 times)

0 Members and 1 Guest are viewing this topic.

Virus Detected on Lite 2.6 Wallpapers
« on: September 04, 2015, 02:44:03 PM »
 

vagnerafonso

  • New to Forums
  • *
  • 5
    Posts
  • Reputation: 2
  • Linux Lite Member

  • CPU: Core2Duo

  • MEMORY: 4Gb

  • VIDEO CARD: ATI Radeon HD
Greetings,

I recently downloaded Lite 2.6 32Bit and booted it up in Virtual Box.  I grabbed all of the wallpapers located in /usr/share/backgrounds/xfce and created a .zip archive.  When I went to email that archive to myself via Gmail, Google warned me that there was a virus detected. I wanted to bring this up with the community and hopefully someone would have an answer as to why this occurred.

Thank you

ScreenShots



Last Edit: November 04, 2017, 06:27:31 PM by vagnerafonso
 


Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #1 on: September 04, 2015, 03:10:29 PM »
 

torreydale

  • PayPal Supporter
  • Platinum Level Poster
  • *****
  • 1575
    Posts
  • Country: us
  • Reputation: 259
  • * Forum Moderator *

  • Linux Lite: 4.8 64bit

  • CPU: Intel Core i5-5300U (-HT-MCP-)

  • MEMORY: 8Gb

  • VIDEO CARD: Intel Broadwell-U Integrated Graphics

  • Kernel: 4.x
You should probably include screenshots of the warning and of the actual archive.
Want to thank me?  Click my [Thank] link.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #2 on: September 04, 2015, 03:35:14 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1255
    Posts
  • Country: us
  • Reputation: 138

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Gmail gives false positives to err on the side of caution.  They would not take zome zipped up text files of mine for Icewm folder in ~/.icewm that I tried to save.

Gmail is weird like that.

I am not saying there might be a virus embedded in the image since I do not know yet.

https://www.virustotal.com/
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #3 on: September 04, 2015, 03:49:25 PM »
 

vagnerafonso

  • New to Forums
  • *
  • 5
    Posts
  • Reputation: 2
  • Linux Lite Member

  • CPU: Core2Duo

  • MEMORY: 4Gb

  • VIDEO CARD: ATI Radeon HD
Greetings,

Thank you for this information.  I've uploaded the wallpaper archive using my outlook.com account and it uploaded without issue. I appreciate the feedback and information.

Thanks
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #4 on: September 04, 2015, 07:05:55 PM »
 

avj

  • Gold Level Poster
  • *******
  • 530
    Posts
  • Country: us
  • Reputation: 110
  • Linux Lite Member

  • Linux Lite: 2.8 64bit

  • CPU: Dual core Intel Pentium D 2.80GHz

  • MEMORY: 2Gb

  • VIDEO CARD: AMD/ATI RC410 Radeon Xpress 200/1100
I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                           20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                 W32.HfsJPEG.D0FF                                       20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                   Trojan.Html.Heuristic-script.cadouz                 20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d430d3ce9d90784f88bbe8e1aa056631e67de66072d03e6331e51f0d9d6cb/analysis/1441406529/
I have not failed. Ive just found 10,000 ways that wont work. - Thomas Edison
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #5 on: September 04, 2015, 07:25:13 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1255
    Posts
  • Country: us
  • Reputation: 138

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Weird how comodo, AVG,Avast,ClamAV, Eset-Nod 32, among others give a green check and pass on that file.
Not being a virus expert myself.

With the r/h devel scale practically in the middle with 0   0 on the guage.
No wonder I only use Windows to tune Motorcycles and only for that purpose.

LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #6 on: September 04, 2015, 07:53:44 PM »
 

misko_2083

  • Gold Level Poster
  • *******
  • 687
    Posts
  • Reputation: 191
  • Linux Lite Member

  • CPU: Dual core Pentium E5700 3GHz

  • MEMORY: 3Gb

  • VIDEO CARD: GeForce GT 430
I have been able to verify this as being flagged by https://www.virustotal.com/en/

The file in question is :  /usr/share/backgrounds/xfce/Entrance.jpg

it was identified by 7 of the 56 scans at virus total as the following:

AVware                              Trojan.Win32.Jpgiframe (v)                           20150901
AhnLab-V3                          HEUR/Iframe                                              20150904
Bkav                                 W32.HfsJPEG.D0FF                                       20150904
Cyren                                HTML/IFRAME.gen                                        20150904
F-Prot                                HTML/IFRAME.gen                                        20150904
NANO-Antivirus                   Trojan.Html.Heuristic-script.cadouz                 20150904
VIPRE                                Trojan.Win32.Jpgiframe (v)                            20150904

more info at:

https://www.virustotal.com/en/file/650d430d3ce9d90784f88bbe8e1aa056631e67de66072d03e6331e51f0d9d6cb/analysis/1441406529/
From that list I've heared about F-prot and VIPRE.
I'm not an expert on viruses. Could be false positive.
Did the check on LL 2.2 also.
https://www.virustotal.com/en/file/1dc15dfe32b6e563024a77cdd15a3de194d4756ce720d83b39417e19fa872b7f/analysis/1441398029/
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #7 on: September 04, 2015, 08:12:33 PM »
 

avj

  • Gold Level Poster
  • *******
  • 530
    Posts
  • Country: us
  • Reputation: 110
  • Linux Lite Member

  • Linux Lite: 2.8 64bit

  • CPU: Dual core Intel Pentium D 2.80GHz

  • MEMORY: 2Gb

  • VIDEO CARD: AMD/ATI RC410 Radeon Xpress 200/1100
If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.
I have not failed. Ive just found 10,000 ways that wont work. - Thomas Edison
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #8 on: September 04, 2015, 08:50:06 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1255
    Posts
  • Country: us
  • Reputation: 138

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Trying a different route with

http://scanthis.net/

which uses

Quote
ScanThis is powered by the open source and industry-recognised Clam AV software.

because the file info is not informative at all to me . There is no .exe in it just for starters.
Since the file in question is entrance.jpg.
I am only uploading that one to be scanned presently.
It is still scanning as I type this post out. So will wait to see what is what for sure.
That injected code the other site showed was just jumbled html code which I cannot decipher.

Sure is taking a long long time to scan one .jpg. Must be a zillion virus signatures to look for I guess.



Ok. Got tired of waiting so went to

https://www.metascan-online.com/#!/results/file/c15d48726a80498490d8b8b1e8cfe6da/regular



So my uneducated conclusion is that entrance.jpg in /usr/share/backgrounds/xfce/entrance.jpg is tainted somehow since double checked on another site  and I am going to delete it of all my boxes/installs.

It can't hurt to do so. Plus. If you look at my screenshots. I never use the default stuff anyways.


Up to the team to decide where to take this from here. I can only speak for myself.


Because. Even after all that. You still get


Quote


Only a few scan engines detected this file as a threat. If you think it might be a false positive, find out how to contact the engine vendor on our blog


Edit> I am closing the scan this tab open right now. It is still not done scanning and my patience aint what it used to be.



Last Edit: September 04, 2015, 08:58:50 PM by rokytnji
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #9 on: September 04, 2015, 09:04:15 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1255
    Posts
  • Country: us
  • Reputation: 138

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Code: [Select]
[email protected]:~$ sudo -s
[sudo] password for harry:
[email protected]:~# cd /usr/share/backgrounds/xfce
[email protected]:/usr/share/backgrounds/xfce# ls
Car.jpg        Linux-Lite-Bridge.png          Lite-Coral.png      Stadium.jpg
Cubes.jpg      Linux-Lite-Coast.png           Lite-Gold.png       Thames.jpg
Entrance.jpg   Linux-Lite.jpg                 Lite-Grey.png       Winter.jpg
Gaming.jpeg    Linux-Lite-Mountains-Gold.png  Lite-Lite-2.2.jpg   xfce-blue.jpg
Kids.jpg       Linux-Lite-Sand-Feather.jpg    Lite-Parchment.png
Landscape.jpg  Linux-Lite-Simple-Gray.png     River-Dock.jpg
Liberty.jpg    Linux-Lite-Waves.png           Sea-House.jpg
[email protected]:/usr/share/backgrounds/xfce# rm -f Entrance.jpg
[email protected]:/usr/share/backgrounds/xfce# ls
Car.jpg                Linux-Lite.jpg                 Lite-Lite-2.2.jpg
Cubes.jpg              Linux-Lite-Mountains-Gold.png  Lite-Parchment.png
Gaming.jpeg            Linux-Lite-Sand-Feather.jpg    River-Dock.jpg
Kids.jpg               Linux-Lite-Simple-Gray.png     Sea-House.jpg
Landscape.jpg          Linux-Lite-Waves.png           Stadium.jpg
Liberty.jpg            Lite-Coral.png                 Thames.jpg
Linux-Lite-Bridge.png  Lite-Gold.png                  Winter.jpg
Linux-Lite-Coast.png   Lite-Grey.png                  xfce-blue.jpg
[email protected]:/usr/share/backgrounds/xfce# exit
exit
[email protected]:~$
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #10 on: September 04, 2015, 09:58:53 PM »
 

misko_2083

  • Gold Level Poster
  • *******
  • 687
    Posts
  • Reputation: 191
  • Linux Lite Member

  • CPU: Dual core Pentium E5700 3GHz

  • MEMORY: 3Gb

  • VIDEO CARD: GeForce GT 430
If you click on the link I provided for more info, and then click on the "File detail" tab it states:  The file being studied is an image file! More specifically, it is a JPEG. The image has been injected with malicious web content.

In the box right below that statement is what appears to be the code that was injected into the file.
Oh I see. It's in Entrance.jpg, that image is from LL 2.0 not sure about the previous ones.
Looking at the code. as far as I can see there is a code that opens a webpage. I don't see how would xfce or ristereto image viewer be affected.
Tested on Firefox and it it looks it is not affected. Could possibly target some vulnerability in windows applications.
It appears that the image originates from some website. Anyway the threat seems minimal as many major antiviruses neglect this.
I'll wait to see what Jerry has to say about this.
In the future I suggest that the images that are going to be added to distro be uploaded in Gimp's XCF image file format.
That way the images will be open source and easy to modify.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #11 on: September 04, 2015, 11:32:18 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8154
    Posts
  • Country: nz
  • Reputation: 761
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 5.6 64bit

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
Firstly, thank you for reporting this vagnerafonso and thank you to everyone else in this thread for providing additional information and taking the time to look into this. I take reports like this very seriously. I'm going to analyse this at my end and let you know soon what will happen.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #12 on: September 05, 2015, 12:06:43 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8154
    Posts
  • Country: nz
  • Reputation: 761
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 5.6 64bit

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
I've decided to err on the side of caution. Removing this wallpaper is the best solution despite the mixed results.
I've added a postinst script to lite-software that will remove Entrance.jpg.

Releases affected: 2.0, 2.2, 2.4, 2.6

Code of postinst:

Code: [Select]
#! /bin/sh
# A collection of postinst actions for Linux Lite

# postinst script for wallpaper removal
# Date: 04/09/15
# Time: 23:51 (EST)
# As reported here - https://www.linuxliteos.com/forums/other/virus-detected-on-lite-2-6-wallpapers/

set -e

cd /usr/share/backgrounds/xfce/

sudo rm -rf Entrance.jpg

This code will stay in LL until the end of Series 2.
Entrance.jpg will not appear in any more versions of LL and has been removed from the dev builds.

In future, all Wallpapers will be scanned before going into Linux Lite.

Social Media announcements have been placed informing the wider public.

Run Menu, Favorites, Install Updates and the wallpaper will be deleted.
Last Edit: September 05, 2015, 12:36:48 AM by Jerry
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #13 on: September 05, 2015, 04:20:30 AM »
 

Zead

  • Forum Regular
  • ***
  • 115
    Posts
  • Country: 00
  • Reputation: 20

  • Linux Lite: 2.6 64bit

  • MEMORY: 8Gb
I guess I'm going to test all of my pictures on VirusTotal now. ClamAV hasn't detect it. According to Microsoft website. MSE should detect it. But according to VirusTotal, Microsoft came up with clean file.

Malicious or not, there's a web injection for sure.
 

Re: Virus Detected on Lite 2.6 Wallpapers
« Reply #14 on: September 05, 2015, 10:19:45 AM »
 

Wirezfree

  • PayPal Supporter
  • Platinum Level Poster
  • *****
  • 1484
    Posts
  • Country: gb
  • Reputation: 405
  • Linux Lite "Advocate"

  • Linux Lite: 2.8 64bit

  • CPU: i7-4790S

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD4600 (Integrated)
Hi,

You may already know this.?
If you visit the clamtk webpage: https://code.google.com/p/clamtk/
Scroll down to downloads
There is a Thunar add-on for Ubuntu "thunar-sendto-clamtk"



[/size]It gives you a Right Click > Sendto > ClamTK option
Upgrades WIP 2.6 to 2.8 - (6 X 2.6 to 2.8 completed on: 20/02/16 All O.K )
Linux Lite 3.0 Humming on a ASRock N3070 Mobo ~ btrfs RAID 10 Install on 4 Disks :)

Computers Early days:
ZX Spectrum(1982) , HP-150 MS-DOS(1983) , Amstrad CPC464(1984) ,  BBC Micro B+64(1985) , My First PC HP-Vectra(1987)
 


Tags:
 

X Close Ad
X Close Ad

Download Linux Lite 5.6 Final today - See Release Announcements