Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

Old Malware on Mint Distros

Discussion in 'Mint' started by Pyroplotter, Oct 11, 2017.

  1. Pyroplotter

    Pyroplotter New Member

    Joined:
    Jul 25, 2017
    Messages:
    1
    Likes Received:
    0
    I've noticed that when downloading Mint 18.2 ( any version), so far using four different mirrors plus the main source, that a malware trojan is installed. It's the same one that 17.2 had after the Mint hack. To check if it arrives I use etherape installed on, say, PcLinuxOS, or Ubuntu, on a separate system, and watch what the new install does after a fresh install on my target system. In a few mintues some rogue program on the Mint system starts to send udp packets to random addresses just like the 17.2 hack did. I've tested this using 5 different install disks now created from the above sources and the result is the same. None of the other 9 Linux distros I've used here so far have this problem. I have even had to use a firewall between my test system and the rest of the network since this malware snoops through the network also. Has anyone else noticed this and has there been a bug fix I don't know about?


     
  2. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    1,596
    Likes Received:
    1,636
    Hi @Pyroplotter, and welcome to the site!

    First off, the Mint hack was version 17.3, Cinnamon Edition only. Secondly, once it was known (which was very quickly) it was easily spotted because the checksum (MD5 or SHA256) of the .iso file did not match that provided by the Linux Mint team for that edition.

    If you have reproducible evidence of malware contained in a .iso file provided from linuxmint.com -- please notify those folks so they may investigate their product! Their Contact Page is at https://linuxmint.com/contactus.php

    If you don't think Clem and the Mint team will be responsive to your evidence, please try noted security experts Bruce Schneier, Brian Krebs, or other Linux security news sources. If you have proof, I don't think you will be ignored.... that is a pretty serious claim you are making.

    Cheers!
     
    wizardfromoz likes this.
  3. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    1,332
    Likes Received:
    1,527
    Hi @Pyroplotter and ditto on the Welcome.

    As well as the excellent advice and input from the gentleman in dark glasses, I am brainstorming, and so my comments highlighted between yours -

    I also have a few more questions, regret bombarding you, but want to dot the i's and cross the t's :)

    1. Were all of these efforts performed from within the one Distro, if so, which one, and have you tried changing downloads mirrors within your updates manager, &c?
    I'm sure I have a 2. in mind, but can't think of it right now, getting late in the day for me, lol.

    You could also check out my threads here -

    https://www.linux.org/threads/gtkhash-–-hashing-out-the-basics.4430/

    and

    https://www.linux.org/threads/hash-checking-rare-tips.13544/

    Finally, Firefox (if you use that) plugin extension DownThemAll allows you to insert a sha256 algorithm (which is what Mint uses since the breach) as part of the download process management. Be aware that DTA and other plugins are now being marked as Legacy, as Mozilla take a different direction next month with the release of FF 57.

    Cheers, hope this helps

    Wizard
     

Share This Page