| View previous topic :: View next topic |
| Author |
Message |
detlef
Tux's lil' helper
Joined: 04 Dec 2002
Posts: 116
Location: Kassel
|
 Posted: Fri Apr 02, 2004 4:36 pm Post subject: [OT]Linux-VIRUS |
 |
|
Hi,
Aufgrund der Meldung von http://www.pro-linux.de/news/2004/6651.html hab ich mal mein System gescannt. Der Hammer ist, dass ich hier kein Filesharing betreibe... Schaut nicht wirklich gut aus:
| Code: |
/etc/bootsplash/gentoo/images/bootsplash-800x600.jpg: Seems to be infected with Lirpa
.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean
it.
/etc/bootsplash/gentoo/images/gentoo-cad.jpg: Seems to be infected with Lirpa.A. Plea
se see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/silent-800x600.jpg: Seems to be infected with Lirpa.A.
Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/bootsplash-1024x768.jpg: Seems to be infected with Lirp
a.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clea
n it.
/etc/bootsplash/gentoo/images/silent-1600x1200.jpg: Seems to be infected with Lirpa.A
. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean i
t.
/etc/bootsplash/gentoo/images/bootsplash-1600x1200.jpg: Seems to be infected with Lir
pa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to cle
an it.
/etc/bootsplash/gentoo/images/gentoo-kde.jpg: Seems to be infected with Lirpa.A. Plea
se see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/gentoo-kdm.jpg: Seems to be infected with Lirpa.A. Plea
se see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/silent-1280x1024.jpg: Seems to be infected with Lirpa.A
. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean i
t.
/etc/bootsplash/gentoo/images/bootsplash-1280x1024.jpg: Seems to be infected with Lir
pa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to cle
an it.
/etc/bootsplash/gentoo/images/gentoowired.jpg: Seems to be infected with Lirpa.A. Ple
ase see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/gentoo-cycle.jpg: Seems to be infected with Lirpa.A. Pl ease see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/silent-1024x768.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it .
/etc/bootsplash/gentoo/images/gentoo-ice-light2.jpg: Seems to be infected with Lirpa. A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/etc/bootsplash/gentoo/images/gentoo-ice.jpg: Seems to be infected with Lirpa.A. Plea se see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Web/images/h_rgfx.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Web/images/h_logo.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Music/KR-DM1.ogg: Seems to be infected with Lirpa.A. Please see http ://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Music/KR-Tomb-Of-Horus.ogg: Seems to be infected with Lirpa.A. Pleas e see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Music/KR-UT2003-Menu.ogg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Music/KR-From-Below-V2.ogg: Seems to be infected with Lirpa.A. Pleas e see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/ut2003-demo/Music/KR-Infiltrate.ogg: Seems to be infected with Lirpa.A. Please s ee http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/RealPlayer9/Help/pics/unixplay.jpg: Seems to be infected with Lirpa.A. Please se e http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/FileChooserDemo/images/jpgIcon.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/raspberry.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/apple.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/broccoli.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/strawberry.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/kiwi.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/pickle.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/corn.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
/opt/blackdown-jdk-1.4.1/share/demo/jfc/SwingSet2/resources/images/ImageClub/food/banana.jpg: Seems to be infected with Lirpa.A. Please see http://www.st.ryukoku.ac.jp/~kjm/security/memo/ for hints how to clean it.
[...]
|
Jetzt geht der Schei* hier auch schon los...
Gruß
Detlef |
|
| Back to top |
|
 |
spitzwegerich
l33t
Joined: 04 Mar 2003
Posts: 697
Location: Lower Bavaria, Central Europe
|
| Posted: Fri Apr 02, 2004 4:39 pm Post subject: |
|
|
Linux-Virus, mach Witze! Da glaub ich doch noch eher an einen Aprilscherz von pro-linux.de...
_________________
"Work is the curse of the drinking classes."
-Oskar Wilde |
|
| Back to top |
|
|
sOuLjA
Guru
Joined: 26 Jul 2002
Posts: 366
Location: germany - hannover
|
| Posted: Fri Apr 02, 2004 4:43 pm Post subject: |
|
|
mit welchem prog hast du denn dein rechner gescaned?
_________________
Gentoo Linux / gentoo-sources 2.6.28-r1 / fluxbox 1.1.1
Nexoc Osiris S602 / Pentium M 1,4GHZ / 1024 MB RAM / Intel 855GME 64 MB
www.gentooforum.de |
|
| Back to top |
|
|
detlef
Tux's lil' helper
Joined: 04 Dec 2002
Posts: 116
Location: Kassel
|
| Posted: Fri Apr 02, 2004 4:48 pm Post subject: |
|
|
| spitzwegerich wrote: | | Linux-Virus, mach Witze! Da glaub ich doch noch eher an einen Aprilscherz von pro-linux.de... |
Ooops, hast Recht. Die Meldung ist von gestern- hab ich übersehen. Lirpa rückwärts = April.
Trozdem finde ich solche Meldungen auch als April-Scherz ziemlich bescheuert!
Gruß
Detlef |
|
| Back to top |
|
|
sOuLjA
Guru
Joined: 26 Jul 2002
Posts: 366
Location: germany - hannover
|
| Posted: Fri Apr 02, 2004 4:55 pm Post subject: |
|
|
hehe, gibt noch viel bescheuerte dinge
_________________
Gentoo Linux / gentoo-sources 2.6.28-r1 / fluxbox 1.1.1
Nexoc Osiris S602 / Pentium M 1,4GHZ / 1024 MB RAM / Intel 855GME 64 MB
www.gentooforum.de |
|
| Back to top |
|
|
NueX
Apprentice
Joined: 19 Jun 2003
Posts: 196
Location: Germany
|
| Posted: Fri Apr 02, 2004 5:36 pm Post subject: |
|
|
Ist es nicht allein schon sehr merkwürdig, dass die Viren in *.jpg-Dateien stecken sollen? Ich meine dafür bräuchte man ja ne Software, die jpg nicht richtig verarbeitet und man somit Code einschleusen kann. Ich hab noch nie ne ausführbare jpg-Datei gesehen!  |
|
| Back to top |
|
|
siliconburner
Guru
Joined: 02 May 2003
Posts: 300
|
| Posted: Fri Apr 02, 2004 6:12 pm Post subject: |
|
|
bei videos, kann dioch auch ne html datei gatsrtet werde, ich hatte es schonmal. video abgespielt, und da ging der browser auf. da kann es doch sein, dass es bei bildern auch noch kommt
_________________
living in /dev/null |
|
| Back to top |
|
|
pablo_supertux
Advocate
Joined: 25 Jan 2004
Posts: 2931
Location: Somewhere between reality and Middle-Earth and in Freiburg (Germany)
|
| Posted: Fri Apr 02, 2004 6:29 pm Post subject: |
|
|
| sOuLjA wrote: | | mit welchem prog hast du denn dein rechner gescaned? |
Auf den Link von prolinux gibt es ein SH Skript zum Runterladen. su eingen und laufen lassen.
Ich hoffe nur, dass das nur ein "Lirpa"-Scherz ist und dass Lirpa nicht ein Zufall ist 
_________________
A! Elbereth Gilthoniel!
silivren penna míriel
o menel aglar elenath,
Gilthoniel, A! Elbereth! |
|
| Back to top |
|
|
Deever
Veteran
Joined: 06 Jul 2002
Posts: 1354
Location: Zürich / Switzerland
|
| Posted: Fri Apr 02, 2004 11:04 pm Post subject: |
|
|
| NueX wrote: | | Ist es nicht allein schon sehr merkwürdig, dass die Viren in *.jpg-Dateien stecken sollen? Ich meine dafür bräuchte man ja ne Software, die jpg nicht richtig verarbeitet und man somit Code einschleusen kann. Ich hab noch nie ne ausführbare jpg-Datei gesehen! |
Gehört zwar nicht hierher, aber die Winzigweichlinge haben IIRC mal so eine innovative Sicherheitslücke gebaut. Wüsste aber nicht, wo suchen! 
*SCNR*
dev |
|
| Back to top |
|
|
moe
Veteran
Joined: 28 Mar 2003
Posts: 1289
Location: Potsdam / Germany
|
| Posted: Sat Apr 03, 2004 7:08 pm Post subject: |
|
|
| Quote: | | Ich hoffe nur, dass das nur ein "Lirpa"-Scherz ist und dass Lirpa nicht ein Zufall ist |
Steht doch im von dir geposteten Link auf prolinux in fett (Achtung Aprilscherz!)
Gruss Maurice
_________________
Signaturen sind doof. |
|
| Back to top |
|
|
spitzwegerich
l33t
Joined: 04 Mar 2003
Posts: 697
Location: Lower Bavaria, Central Europe
|
| Posted: Sat Apr 03, 2004 8:43 pm Post subject: |
|
|
| moe wrote: |
Steht doch im von dir geposteten Link auf prolinux in fett (Achtung Aprilscherz!) |
Das wurde erst nachträglich eingefügt, glaube ich.
_________________
"Work is the curse of the drinking classes."
-Oskar Wilde |
|
| Back to top |
|
|
moe
Veteran
Joined: 28 Mar 2003
Posts: 1289
Location: Potsdam / Germany
|
| Posted: Sat Apr 03, 2004 11:25 pm Post subject: |
|
|
Mich würd ja mal interessieren, wieviele aufgrund dieses Scherzes harmlose jpg-Dateien gelöscht haben.. Aber wird wohl kaum einer zugeben
Ganz in Ordnung find ich das aber auch nicht, sicher hätt es vielen Leuten klar sein müssen dass ein jpg (zumindestens unter Linux) keinen ausführbaren Code enthalten kann, aber manchen geht Sicherheit vor evtl. gefährliches Halbwissen..
Da hätt ich ne Story dass z.B. SCO jetzt auch Rechte am Kernel von Win NT hat viel lustiger gefunden..
Gruss Maurice
_________________
Signaturen sind doof. |
|
| Back to top |
|
|
Fibbs
Guru
Joined: 26 Jan 2003
Posts: 448
Location: Forstern near Munich / Germany
|
| Posted: Sun Apr 04, 2004 3:18 am Post subject: |
|
|
Herrlich,
hab das Posting und die Antworten erst jetzt gelesen und mich prächtig amüsiert... Danke! |
|
| Back to top |
|
|
|
Deutsches Forum (German) 
