Announcement

Collapse
No announcement yet.

Possible Linux PDF Trojan?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Possible Linux PDF Trojan?

    https://latesthackingnews.com/2016/1...nux-computers/
    ... the trojan is spread in the form of an archived PDF, Microsoft Office, or OpenOffice file.

    The infection starts when users open the file. The trojan springs into action by copying itself to “< HOME >/.gconf/apps/gnome-common/gnome-common” and then opens a decoy document, hence his name of “FakeFile.”


    The trojan also adds a shortcut to itself in the user’s .profile and .bash_profile files, which allows it to gain boot persistence between PC reboots.
    I do not have an "apps" subdirectory under .gconf nor do I have a user .profile or .bash_profile file in my home account.

    Anyone else?
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.
    Tags: None
    • Top
    • Bottom
    #2
    I don't have the .bash_profile files or the apps under .gconf.
    • Top
    • Bottom

    Comment

      #3
      In 14.04, the only thing I have under .gconf is the harmless: /home/mike/.gconf/apps/psensor/[and its files] . I do have this folder: /home/mike/.gconf/apps/%gconf.xml, but it's empty at 0 B.
      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski
      • Top
      • Bottom

      Comment

        #4
        I don't have an apps folder under .gconf and that is using Linux Mint xfce.

        Thanks for alert GG

        Yes, I still check in daily even though I can't run KDE on my system anymore. Hoping...
        Last edited by TWPonKubuntu; Jan 30, 2017, 10:40 PM.
        Kubuntu 23.11 64bit under Kernel 6.8.8, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.
        • Top
        • Bottom

        Comment

          #5
          Originally posted by GreyGeek View Post
          https://latesthackingnews.com/2016/1...nux-computers/

          I do not have an "apps" subdirectory under .gconf nor do I have a user .profile or .bash_profile file in my home account.

          Anyone else?
          My .gconf directory is empty. I'm surprised you don't have .profile or .bash_profile in your Home directory; I do, and I think everyone using Bash does.

          .profile:
          Code:
          # ~/.profile: executed by the command interpreter for login shells.# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.


# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022


# if running bash
if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
        . "$HOME/.bashrc"
    fi
fi


# set PATH so it includes user's private bin directories
PATH="$HOME/bin:$HOME/.local/bin:$PATH"
          .bash_profile:
          Code:
          ## ~/.bash_profile
#


[[ -f ~/.bashrc ]] && . ~/.bashrc
          Using Kubuntu Linux since March 23, 2007
          "It is a capital mistake to theorize before one has data." - Sherlock Holmes
          • Top
          • Bottom

          Comment

            #6
            (Firstly, gconf is the Gnome 3 configuration system and if you're not running Gnome you won't have much in .gconf. On login bash looks for ~/.bash_profile, ~/.bash_login and ~.profile in that order and runs the first found. You'd typically have a .bash_profile if you used other Bourne-like shells, and have bash specific stuff.)

            I don't get it; even on Windows opening PDFs or office files won't cause something to run these days; that was stopped years ago. I suppose if you really wanted to get your computer infected you could enable on-open macros and set the security option to Low. On my Libreoffice the security level came set to "High. Only signed macros from trusted sources are allowed to run."
            Regards, John Little
            • Top
            • Bottom

            Comment

              #7
              Well, my 75 year old eyeballs may have missed them by my KDE Neon installation didn't list those hidden files in Dolphin's sorted list.


              Sent from my iPhone using Tapatalk
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.
              • Top
              • Bottom

              Comment

                #8
                Originally posted by Qqmike View Post
                In 14.04, the only thing I have under .gconf is the harmless: /home/mike/.gconf/apps/psensor/[and its files] . I do have this folder: /home/mike/.gconf/apps/%gconf.xml, but it's empty at 0 B.
                Ditto in 16.04.
                • Top
                • Bottom

                Comment

                Previous template Next
                Working...
                X