Matthew Moore gets a Virus on Arch.....?? :(

  • Thread starter Thread starter blackneos940
  • Start date Start date
I'm not sure how he got the malware. He was probably googling "windows viruses free download".
 


ryanvade said:
I just feel like he went out of his way to show the one of the few issues with the AUR. He doesn't really mention the large amount of safe packages nor how to spot unsafe packages or the huge RED WARNING about AUR packages. I have been using the AUR for years, even contribute a few packages, with absolutely no issue.
Click to expand...
Yeah..... It may just be that..... :) But ryanvade..... :) I saw some of your contributions when I was using my Chromebook, which has Kubuntu, before my Charger broke (always with the Linux machines.... :()..... If I remember it correctly..... Wasn't it a Neon theme.....? :) It was a trip seeing my buddy's name on there..... :3 You BET I downloaded it..... :D But currently, my Kubuntu is all Strawberried UP..... :D Once I get a new Charger, and Update (probably 500 Megs or more, after all this time of my Chromebook being dead), I'll post a Screenshot..... :)
 
Mitt Green said:
I'm not sure how he got the malware. He was probably googling "windows viruses free download".
Click to expand...
Could be..... :) BTW, I might start a series on YouTube called: "fgoogle Roulette"..... It'll be in an XP VM..... Hosted on Linux..... :) What do you think.....? Sounds fun.....? :3 fgoogle.com is a trap or something, just WAITING for someone to press "f" along with "google.com"..... :D
 
rstanley said:
I have a LOT of questions about this presentation!
  • What version of Imagination did he install?
  • Where did he obtain the installation from?
  • In Debian there is a version, 3.0-5
  • Another version on Sourceforge.net
  • Did the application originally work?
  • If so, what did he do AFTER it worked, and BEFORE it didn't?
  • What was the icon he clicked on linked to?
  • What else did he do BEFORE creating this video?
  • What created /var/tmp/Imagination, and put the .exe and .dll files in that directory?
  • Is tekdefense.dll in any way related to tekdefense.com?
  • 854137.exe IS available from the Maware-Samples page at tekdefense.com
I installed the Debian version and ran it. No .dll files, and no .exe files were created, and no "var/tmp/Imagination" was created.

I will hold back on my further opinions on this video, but...
Click to expand...
It seems like your results pretty much said what was needed to be said..... :D But, he seems to like GNU/Linux, so I wonder why.....? :\
 
Mitt Green said:
Hi,

Let's start with the malware. He showed us a couple of .dll's and an .exe. I.e. he showed us Windows malware on Linux. Yes, it is a malware but no, you don't have to worry about it. He didn't show a proof that these guys affect your Unix friend.

Defragmentation. From Wikipedia:

Reboot? No need to. You don't upgrade your kernel, libc or initscripts daily. Some even never upgrade it. Systemd has a lot of updates weekly-monthly and its components like udev too BUT this depends on whether you use it. And every system core update depends mostly on your distribution. Arch uses rolling-release model and this means that updates are frequent.

There's my two cents.
Click to expand...
You know, you're pretty wise..... :) But, if I don't update my Kernel, like say in my Chromebook, because of Touchpad issues with new Kernels, I'm still secure.....? :)
 
blackneos940 said:
You know, you're pretty wise..... :) But, if I don't update my Kernel, like say in my Chromebook, because of Touchpad issues with new Kernels, I'm still secure.....? :)
Click to expand...
That depends. Most disributions backport security measures back to older kernels. For example, Ubuntu 14.04 has the 3.19 kernel and although the Linux Foundation is not going to be providing support since it is not an LTS kernel, Canonical will be. Or you could switch to an LTS Kernel which will receive security fixes directly from the Linux Foundation. Besides, the userland tools are the most vulnerable to viruses not the Kernel. ;)
 
I have really been digging into this and after about 4 hours I cannot infect a Manjaro system with the same malware. No other downloads have been found except for the one that @rstanley posted. The viruses Mr. Moore 'found' on his system do not run on Linux. With or without wine. I even did the worst thing anyone can do and deliberately ran the malware with root permissions. I received an error about invalid objects. Overall I think Mr. Moore was either distorting the truth or even worse was lying. He could have very easily created a script to cause the 'symptoms' of a virus.
Code: 
if [ ! -f /var/tmp/imagination/teckdefense.dll ]; then
/usr/bin/imagination
fi
would be the most simple script. Then just edit the .desktop file... Why did he not just run the command in a terminal to see what is happening?
Without more information from Mr. Moore I cannot reproduce his results.
 
Last edited:
ryanvade said:
I have really been digging into this and after about 4 hours I cannot infect a Manjaro system with the same malware. No other downloads have been found except for the one that @rstanley posted. The viruses Mr. Moore 'found' on his system do not run on Linux. With or without wine. I even did the worst thing anyone can do and deliberately ran the malware with root permissions. I received an error about invalid objects. Overall I think Mr. Moore was either distorting the truth or even worse was lying. He could have very easily created a script to cause the 'symptoms' of a virus.
Code: 
if [ ! -f /var/tmp/imagination/teckdefense.dll ]; then
/usr/bin/imagination
fi
would be the most simple script. Then just edit the .desktop file... Why did he not just run the command in a terminal to see what is happening?
Without more information from Mr. Moore I cannot reproduce his results.
Click to expand...
YES, EXACTLY!!!

I didn't want to put it in writing! ;^)
 
rstanley said:
YES, EXACTLY!!!

I didn't want to put it in writing! ;^)
Click to expand...
I wil say what I think. If he disagrees with what I said, he should make a video with more information . Or join the forum and defend his position. As you can probably tell, I am actually pretty mad about this.

C.D. said:
That is a great question. Especially since he did not seem to have an aversion to using the terminal.
Click to expand...
Well aparently his first reaction was to scan for viruses...instead of debug the program.
 
As you can probably tell, I am actually pretty mad about this.
Click to expand...
YOU, ME and probably many others as well!

Overall, I have not been pleased with many or most Youtube videos concerning Linux, and virtually ALL tutorial videos for the C Programming Language.
 
rstanley said:
YOU, ME and probably many others as well!

Overall, I have not been pleased with many or most Youtube videos concerning Linux, and virtually ALL tutorial videos for the C Programming Language.
Click to expand...
Oh most of the C videos are garbage unless you have some previous prgramming experience.
 
jerz4lunch said:
That could explain it. But then why did it run after? I doubt Sophos would have flipped the executable flag by itself.
Click to expand...
See the previous posting by @ryanvade for the probable reason it failed before the virus was removed, then did execute after removing the virus file. A VERY simple bash script called from the icon! He and I were thinking the exact same thing! ;^)
 
rstanley said:
See the previous posting by @ryanvade for the probable reason it failed before the virus was removed, then did execute after removing the virus file. A VERY simple bash script called from the icon! He and I were thinking the exact same thing! ;^)
Click to expand...
But why would he do that? For some attention? He sure got some.
 
jerz4lunch said:
But why would he do that? For some attention? He sure got some.
Click to expand...
For the same reason his videos are 3 times as long as was needed to say the same thing! "Look at me! See how smart I am! I know more than all of you! Aren't you impressed?"

NOT!

Just ignore any other postings by him!
 
rstanley said:
For the same reason his videos are 3 times as long as was needed to say the same thing! "Look at me! See how smart I am! I know more than all of you! Aren't you impressed?"

NOT!

Just ignore any other postings by him!
Click to expand...
Unsubscribed! (Don't know why I was in the first place).
 
You must log in or register to reply here.

Similar threads

AlphaObeisance
Could use some career advice.
Replies
5
Views
1K
AlphaObeisance
AlphaObeisance
T
How to i get the output from this cmd line, "date -u +%V$(uname)|sha512sum|sed 's/\W//g'"? in arch linux?
Replies
5
Views
618
Trenix25
Trenix25
dos2unix
Unsung Heros - commentary.
Replies
5
Views
394
APTI
APTI
Sherri is a Cat
The Neighbor, Horses, Cats and One Witch
Replies
1
Views
935
The Duck
The Duck
Sherri is a Cat
Learning to Walk Again in Ohio?
2
Replies
34
Views
3K
KGIII
K


Members online

Total: 457 (members: 8, guests: 449)

Latest posts

Top