Sunday, May 5, 2024
Homepage · security
 Popular · Latest · Hot · Upcoming
4
rated 0 times [  4] [ 0]  / answers: 1 / hits: 3369  / 2 Years ago, sat, december 4, 2021, 10:45:47

On Wednesday, I installed an old copy of Ubuntu 10.04LTS onto a pristine desktop PC that I built w/ brand new hardware--DSL modem, too--except for the CPU. Then, I downloaded Ubuntu 12.04 from Ubuntu.com, and compared hash values before erasing v10.04 & installing the new OS. The old 10.04 disk & the virgin CD onto which I burned the Ubuntu v12.04 ISO file are the only external media this PC has seen.



As a new convert to Open Source & a paranoid ex-Windows user (for good reason), I have been scanning every file I download, and randomly scanning the entire system every few hours, with ClamTk. It found trojans in




  • Ubuntu's built-in Ruby program;

  • a Photoshop file and

  • a SysInternals tool I downloaded last night; and

  • several files in the Firefox cache.



All but one malware specimen belong to the same family. When instructed to quarantine the infected files in the Firefox cache, ClamTk appeared to do so but the quarantine list was empty. As a precaution, I emptied the cache. Note: ClamTk REFUSES to quarantine the infected Ruby & Photoshop files. Is that normal?



Google provided sparse info about the trojans, except they were first noted about 10 years ago. There does seem to be a surge of inquiries about them in Google over the past 2 weeks. It's unlikely that Ruby has had a known trojan all this time, that ClamTk simply ignored till now... I doubt these malware are false-positives.



Some questions:




  1. Is anyone else finding PUA.Win32.xxxxx with ClamTk?

  2. Is Ubuntu naturally immune to malware named "Win32"?



    Actually, what compels me to post here is finding, while I was checking my Firefox Preferences, six DigiNotar entries in the list of security certificates (Advanced-->Encryption-->View Certificates). The IT security world ostracized DigiNotar last Fall, & Mozilla permanently removed DigiNotar from its list of approved certification providers (see http://blog.mozilla.org/security/2011/09/02/diginotar-removal-follow-up/).



    So, I am wondering:


  3. Did Ubuntu developers forget to remove DigiNotar from Ubuntu's version of Firefox in v12.04?

  4. Does anyone else have DigiNotar in your list of certification authorities?

  5. Are the DigiNotar certificates and the trojans I am finding related?



Thanks for any information you can provide.


More From » security
 Answers
5

  1. If anybody was able to find it successfully, it would be either because of Dual boot in other Partition, Torrents Downloads or Untrusted Third party sharing or Downloading. I never found it in my system.


  2. Ubuntu is not immune to any trojan named under win32.



    And you don't have to worry about that. DigiNotar is Not Trusted by Default. To see, select the Edit trust option under it. So it is as good as non-existent. Just make sure that the option Ask me Every time option is selected.



    Dialog image


  3. To confirm, the Security team did address this issue here under version nss (3.12.11-3) unstable; urgency=high stating it as Explicitly Distrust not Deleted, whereas current version stands at nss (3.13.1.with.ckbi.1.88-1ubuntu6.1) precise-security. So you don't have to worry at all.



    Changelog


  4. Actually there are two Certificates menus in Certificate Manager as Server and Authorities. DigiNotar is present in my Server section, the first listed one is Expired, need to delete it manually.



    Certificates


  5. Only the Affected Certificate authority or Security testing team can confirm.



[#35938] Monday, December 6, 2021, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
rieency
Add To Favorites
Follow
Total Points: 299
Total Questions: 116
Total Answers: 111
Location: Wales
Member since Tue, Dec 14, 2021
2 Years ago
rieency questions
Wed, Aug 25, 21, 15:17, 3 Years ago
Wed, Jun 23, 21, 04:37, 3 Years ago
Fri, Sep 30, 22, 12:07, 2 Years ago
Thu, Feb 24, 22, 00:50, 2 Years ago
Mon, Mar 28, 22, 13:28, 2 Years ago
View All
;