Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware’s author and handing you the power-bill.
Google has removed 41 Android apps from the official Play Store. The apps were infected with a new type of malware named Judy, and experts estimate the malware infected between 8.5 and 36.5 million users.
Rootkit Hunter is a Unix-primarily based scanning tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of vital files with known good ones in online database, looking for default directories (of rootkits), improper permissions, hidden records data, suspicious strings in kernel modules and particular tests for Linux or FreeBSD. Most instances rootkits are self-hiding toolkits utilized by blackhats, crackers and script kiddies, to keep away from the attention of the system admin. If you’re unsure as to whether your system is compromised, you will get a second opinion from sources such as Linux-oriented forum. If your system is contaminated with a rootkit, cleaning it up will not be an option. Restoring can be not an option unless you might be expert, and have autonomous and an impartial means of verifying that the backup is clear, and does not include misconfigured or stale software. Never trust a potentially compromised machine! Basically a clean install of the OS is always advisable after backing up the system.
This week, in our Linux Page (in Spanish) we have posted a quick guide to rapidly install ClamAV: one of my favourite and open source antivirus for Linux. We have already written some notes in our previous post “Security package (Rev. 1.2) for Ubuntu: antivirus, firewall and P2P stealth” and in that occasion we decide to suggest an external link. This time we reinstalled a fresh new Ubuntu 8.10 and decided to directly add ClamAV. First of all, it is necessary to run Synaptic Package Manager (in System – Administration) and to search Clam and select clamav and all the extra packages you prefer to install. Read very carefully the description that is visualized each time you click on one of them and select the extra feature you need. Then, with the right button of the mouse, select “mark for installation” and click on Apply in the upper menu bar. After few seconds ClamAV will be correctly installed. Now, if you check on Applications – System Tool you will find a new ClamAV icon whose name is Virus Scanner. Now, if you launch ClamAV you will discover that, unfortunately, it is not possible to upgrade the program without administrative privileges. I solved this “problem” dragging and dropping the ClamAV icon to the upper panel. Then I clicked on the icon using the right button of the mouse and selected the Properties panel. Then, in the “command” space I added sudo before the text clamtk %F that I found already written there (sudo clamtk %F). Now, when you click on the upper panel ClamAV icon, you are able to upgrade your new antivirus in a breeze. Recommended!
There are almost two different good reasons to install a sandbox on you Windows OS: email/internet security and the possibility of trying new software without risking to damage your OS configuration. About the first point we can say that it is useful to read the attachments of your emails or freely browsing the web without risking to infect the PC. I know, we all do not usually open attachments from unknown email senders but at least, once a month (for example when we are under pressure at work) it happens and then we have to scan the PC with antiviruses and antispywares to check if we have involuntary open one or more backdoors. Moreover, when we decide to test a new software we could prefer not to take unnecessary risks running them. This week, in our Freeware Page, we have tested Sandboxie, a freeware which allows you to use one or all the programs installed on your computer with no risks. In fact all the data are stored in a temporary area (sandbox) and not written on the hard disk of your PC and they are deleted as soon as you decide to quit them. You can legally use Sandboxie free of charge for any length of time that you desire but, after 30 days, the software will occasionally remind you to consider paying the 30 USD registration fee. Last but not least, Sandboxie is simple to install and after not more than one hour you will be able to use it in a complete way. Very useful!