Chris' Blog
For Your Perusement
The Day I Accidentally Ran a Virus
So I did something stupid today. An e-mail arrived in my inbox that claimed to be from Facebook and it said that my password had to be reset "for safety to our clients." They wanted me to check the attached .zip file for my new password. Obvious virus.
Since I maraud as a geek, I decided to take a look at it before pressing the "Delete" button. After saving "Facebook_password_3444.zip" (3444 is *NOT* my FB ID, which should be another tip-off), I opened the zip file. Then I double-clicked "Facebook_password_3444.exe" instead of using the "Extract" button (for use with OllyDbg or one of a couple disassemblers I have). Oops.
Ordinarily a Windows virus would not run on Linux (my desktop OS, for anyone who does not know already). Unfortunately I have Wine installed. After a couple seconds, here is what popped up:
Apart from the obviously evil laughter at watching a virus crash, I wondered where "Facebook_password_3444.exe" had created "gmb.exe."
$ sudo slocate -u
$ slocate gmb.exe
/home/chris/.wine/drive_c/windows/system32/gmb.exe
It certainly didn't waste any time. At least there were no entries from this in the Wine registry. I did also check to make sure that no other Wine processes were running (they weren't).
I just told someone yesterday that I didn't run antivirus software even in Windows -- and that I wasn't sure whether I was that good or was just tempting fate. It looks like I am tempting fate.
The moral to this story is to either run an antivirus program or be smarter than me. It might not hurt to have a little bit of luck too.
VA Tech just recently passed their conceal carry permit ban; we can all see how well that worked for criminal minds.
Search
Recent blog posts
Recent comments
- This looks like php4 code,
2 days 11 hours ago - Probably a Typo
2 days 11 hours ago - Weird.
2 days 13 hours ago - X-Chat has added more since I
1 week 4 days ago - I see
1 week 4 days ago - WeeChat
1 week 5 days ago - Hmm
1 week 5 days ago - Usurping Authority
1 week 6 days ago - It is also interesting to
1 week 6 days ago - Nice Summary
1 week 6 days ago
Popular content
All time:
- Geek stuff: USB Serial Numbers in Windows
- Nuclear Fallout
- Geek stuff: UnionFS on the Linux Kernel v2.6.30
- To Marry or Not To Marry
- Difference between a Republic and a Democracy
- Three days? Can Christians Count?
- Oops
- Patriarchalism, or was that Matriarchalism?
- Is This Proof I Can Not Cook?
- Changes in Beliefs
Syndicate
Since you opened this web page...
0 million dollars have been spent by Washington.
0.00 dollars per person.
And that is only Federal spending...
0 babies have died worldwide in an abortion.
0 babies were in the United States.
0 Americans have contracted an STD.
Get a Mac
No anti-virus software, and yet no problems ever
I accidentally got a virus on my employers computer the other day. It freaked me out. They did have anti-virus software, though, and got it fixed over the weekend. Then they called me and told me it was fixed, cause they were afraid I'd quit or something.
A Word of Warning...
Mac's best defense against viruses is that they are still in the minority. It is far easier to infect a bunch of people if you target Windows. You will notice that Apple is very quiet about whether their software is secure or not.
Lol. I ended up with a virus on my thumb drive the other day too. Got it from one of my customers, but I don't know which.
wow!
WOW what are the chances? Last night (Monday) near midnight, I accidentally infected myself too! I got the koobface worm, which I presume is not what you got. My infection was accidental in the same way yours was: I hit "Open" instead of what I intended to click (which in my case was "Delete".)
)
I had clicked on what clearly appeared to be a malicious link that had been posted to one of my friends' statuses. I was thinking I'd just see if the link worked, because it didn't exactly look like a valid address. I'm still not sure how, but it did work, and I saw it download a "setup.exe" to my machine. That's the point when I accidentally launched it rather than deleting it. I spent the next ~1.5 hours researching it and cleaning it off. (I found and saved all the files it copied to my machine, if you want them for disassembling.
(Why did it center ^that^ emoticon and put it on its own line in the preview of this post?)
P.S.: What distro do you use? I've recently tried out Linux Mint (made from Ubuntu, I believe) and it looks really cool (for a home machine, at least).
Koobface
Hah, that is funny. I do have to admit that I would be curious about the disassembly of Koobface.
The emoticon being centered is a CSS issue. All of my old posts were pretty much straight text with a small amount of HTML markup. The CSS hack was to simplify my markup. I'm testing out fckeditor now and might stick with it. In order to fix the old "simple" image styles, I'd have to edit all my old posts.
Slackware is my favorite Linux distro. I've used RedHat, Fedora, Ubuntu, Mandriva and Gentoo [Stage 1] -- not counting all the live-CDs -- and keep coming back to it. Which is your favorite so far?
linux
I don't feel qualified enough to really make a good judgment on what I like or don't like. That being said, of the few I have installed before, I think I favor Mint for a home user (at least one coming from Windows) and CentOS for a server environment. Aside from those two, I've had the opportunity to install Ubuntu and Gentoo [Stage 3] before. Ubuntu is nice, and Gentoo ... I'm not exactly sure. All I know is that I was proud of myself for getting it running.
(I still have my Gentoo hard drive laying around. I never mess with it, but somehow I can't bring myself to install any other distro over it. I guess I feel like I put too much effort into it to just wipe it out.)
In your experience, what are some defining differences you've seen between various distros (so I can know what to look for)?
Incidentally, I've noticed that some distros do not support the "ifconfig" command, which works similar to Windows' "ipconfig" in some ways. In such a case, what command would I use to get that kind of information?
Distro Mania
My biggest complaint with Ubuntu was that they tried to lock me out of the root account by default ("sudo sh" is useful). Gentoo is fun but it did take me a week to install the first time around. Part of that, undoubtedly, was that I only had 8 MB of RAM in the computer. That was a very good reason to squeeze every spare bit and processor cycle out of the code.
Slackware as a whole is geared toward the power user. You learn to edit configuration files by hand (which isn't all that hard after a short learning curve), and then you can make do on any linux install out there despite their competing GUIs.
The packages are also easier to work with, in my opinion. Sure most of the others have better dependency checks, but I rarely have dependency issues except when I do Really Odd Things. Slackware comes with a fairly solid set of libraries in the default install and there is no need for -dev packages.
"ifconfig" should always be in the /sbin directory. Some distros may prohibit ordinary users from running it. "sudo /sbin/ifconfig" should still work. If not, tell me which distro.
koobface
Enjoy. (Or would you prefer tar.gz?)
I renamed the executables so you wouldn't accidentally run them. Setup.exe is the file that was downloaded to my machine, and the rest resulted from the installation.
Woohoo!
Thanks! I already downloaded it and will try to infect a VM shortly.