Matthew Moore gets a Virus on Arch.....?? :(

M

Mitt Green

Guest
I'm not sure how he got the malware. He was probably googling "windows viruses free download".
 


B

blackneos940

Guest
I just feel like he went out of his way to show the one of the few issues with the AUR. He doesn't really mention the large amount of safe packages nor how to spot unsafe packages or the huge RED WARNING about AUR packages. I have been using the AUR for years, even contribute a few packages, with absolutely no issue.
Yeah..... It may just be that..... :) But ryanvade..... :) I saw some of your contributions when I was using my Chromebook, which has Kubuntu, before my Charger broke (always with the Linux machines.... :()..... If I remember it correctly..... Wasn't it a Neon theme.....? :) It was a trip seeing my buddy's name on there..... :3 You BET I downloaded it..... :D But currently, my Kubuntu is all Strawberried UP..... :D Once I get a new Charger, and Update (probably 500 Megs or more, after all this time of my Chromebook being dead), I'll post a Screenshot..... :)
 
B

blackneos940

Guest
I'm not sure how he got the malware. He was probably googling "windows viruses free download".
Could be..... :) BTW, I might start a series on YouTube called: "fgoogle Roulette"..... It'll be in an XP VM..... Hosted on Linux..... :) What do you think.....? Sounds fun.....? :3 fgoogle.com is a trap or something, just WAITING for someone to press "f" along with "google.com"..... :D
 
B

blackneos940

Guest
I have a LOT of questions about this presentation!
  • What version of Imagination did he install?
  • Where did he obtain the installation from?
  • In Debian there is a version, 3.0-5
  • Another version on Sourceforge.net
  • Did the application originally work?
  • If so, what did he do AFTER it worked, and BEFORE it didn't?
  • What was the icon he clicked on linked to?
  • What else did he do BEFORE creating this video?
  • What created /var/tmp/Imagination, and put the .exe and .dll files in that directory?
  • Is tekdefense.dll in any way related to tekdefense.com?
  • 854137.exe IS available from the Maware-Samples page at tekdefense.com
I installed the Debian version and ran it. No .dll files, and no .exe files were created, and no "var/tmp/Imagination" was created.

I will hold back on my further opinions on this video, but...
It seems like your results pretty much said what was needed to be said..... :D But, he seems to like GNU/Linux, so I wonder why.....? :\
 
B

blackneos940

Guest
Hi,

Let's start with the malware. He showed us a couple of .dll's and an .exe. I.e. he showed us Windows malware on Linux. Yes, it is a malware but no, you don't have to worry about it. He didn't show a proof that these guys affect your Unix friend.

Defragmentation. From Wikipedia:

Reboot? No need to. You don't upgrade your kernel, libc or initscripts daily. Some even never upgrade it. Systemd has a lot of updates weekly-monthly and its components like udev too BUT this depends on whether you use it. And every system core update depends mostly on your distribution. Arch uses rolling-release model and this means that updates are frequent.

There's my two cents.
You know, you're pretty wise..... :) But, if I don't update my Kernel, like say in my Chromebook, because of Touchpad issues with new Kernels, I'm still secure.....? :)
 
R

ryanvade

Guest
You know, you're pretty wise..... :) But, if I don't update my Kernel, like say in my Chromebook, because of Touchpad issues with new Kernels, I'm still secure.....? :)
That depends. Most disributions backport security measures back to older kernels. For example, Ubuntu 14.04 has the 3.19 kernel and although the Linux Foundation is not going to be providing support since it is not an LTS kernel, Canonical will be. Or you could switch to an LTS Kernel which will receive security fixes directly from the Linux Foundation. Besides, the userland tools are the most vulnerable to viruses not the Kernel. ;)
 
R

ryanvade

Guest
I have really been digging into this and after about 4 hours I cannot infect a Manjaro system with the same malware. No other downloads have been found except for the one that @rstanley posted. The viruses Mr. Moore 'found' on his system do not run on Linux. With or without wine. I even did the worst thing anyone can do and deliberately ran the malware with root permissions. I received an error about invalid objects. Overall I think Mr. Moore was either distorting the truth or even worse was lying. He could have very easily created a script to cause the 'symptoms' of a virus.
Code:
if [ ! -f /var/tmp/imagination/teckdefense.dll ]; then
/usr/bin/imagination
fi
would be the most simple script. Then just edit the .desktop file... Why did he not just run the command in a terminal to see what is happening?
Without more information from Mr. Moore I cannot reproduce his results.
 
Last edited:
R

rstanley

Guest
I have really been digging into this and after about 4 hours I cannot infect a Manjaro system with the same malware. No other downloads have been found except for the one that @rstanley posted. The viruses Mr. Moore 'found' on his system do not run on Linux. With or without wine. I even did the worst thing anyone can do and deliberately ran the malware with root permissions. I received an error about invalid objects. Overall I think Mr. Moore was either distorting the truth or even worse was lying. He could have very easily created a script to cause the 'symptoms' of a virus.
Code:
if [ ! -f /var/tmp/imagination/teckdefense.dll ]; then
/usr/bin/imagination
fi
would be the most simple script. Then just edit the .desktop file... Why did he not just run the command in a terminal to see what is happening?
Without more information from Mr. Moore I cannot reproduce his results.
YES, EXACTLY!!!

I didn't want to put it in writing! ;^)
 
R

ryanvade

Guest
YES, EXACTLY!!!

I didn't want to put it in writing! ;^)
I wil say what I think. If he disagrees with what I said, he should make a video with more information . Or join the forum and defend his position. As you can probably tell, I am actually pretty mad about this.

That is a great question. Especially since he did not seem to have an aversion to using the terminal.
Well aparently his first reaction was to scan for viruses...instead of debug the program.
 
R

rstanley

Guest
As you can probably tell, I am actually pretty mad about this.
YOU, ME and probably many others as well!

Overall, I have not been pleased with many or most Youtube videos concerning Linux, and virtually ALL tutorial videos for the C Programming Language.
 
R

ryanvade

Guest
YOU, ME and probably many others as well!

Overall, I have not been pleased with many or most Youtube videos concerning Linux, and virtually ALL tutorial videos for the C Programming Language.
Oh most of the C videos are garbage unless you have some previous prgramming experience.
 
R

rstanley

Guest
That could explain it. But then why did it run after? I doubt Sophos would have flipped the executable flag by itself.
See the previous posting by @ryanvade for the probable reason it failed before the virus was removed, then did execute after removing the virus file. A VERY simple bash script called from the icon! He and I were thinking the exact same thing! ;^)
 
J

jerz4lunch

Guest
See the previous posting by @ryanvade for the probable reason it failed before the virus was removed, then did execute after removing the virus file. A VERY simple bash script called from the icon! He and I were thinking the exact same thing! ;^)
But why would he do that? For some attention? He sure got some.
 
R

rstanley

Guest
But why would he do that? For some attention? He sure got some.
For the same reason his videos are 3 times as long as was needed to say the same thing! "Look at me! See how smart I am! I know more than all of you! Aren't you impressed?"

NOT!

Just ignore any other postings by him!
 
J

jerz4lunch

Guest
For the same reason his videos are 3 times as long as was needed to say the same thing! "Look at me! See how smart I am! I know more than all of you! Aren't you impressed?"

NOT!

Just ignore any other postings by him!
Unsubscribed! (Don't know why I was in the first place).
 


Members online


Latest posts

Top