Announcement

Collapse
No announcement yet.

possible hacker attempt/virus

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    possible hacker attempt/virus

    Hi There,

    Have been getting these virus/hacker attempts fro a while now. This PUA script has been turning up a lot every time I have been online for a few hours. From what I can see this one was attacked to the kdenews.org site. Is this script known. What does this virus do. How can I trace the person/ip behind it the best way?

    What more info is needed to trace the origin?

    /var/tmp/kdecache-kubuntu/http/k/www.kdenews.org_sites_dot.kde.org_files_js_2f94bd7 1a5b58fd8d1fcb4ef23891290.js_1b29fb64

    PUA.Script.Packed-1

    Some help would be great

    #2
    Re: possible hacker attempt/virus

    PUA stands for "Possibly Unwanted Application" . PUA alerts are often just false positives.

    To me that looks like a packed javascript file used in www.kdenews.org.

    http://www.clamav.net/support/faq/pua/

    Comment


      #3
      Re: possible hacker attempt/virus

      PUA = Possibly Unwanted Application.
      The file you are being warned for is a JavaScript file, and there's not a lot of harm they can do. It's definitely not a virus or a hacking attempt.
      The worst thing I've seen a JavaScript do is one redirecting you from a legitimate site to a website which compromises your security, but the compromises I've seen were ones that would only affect Windows.

      Right, this actual sript, as the file name says, is from the KDE website dot.kde.org. and is located here: http://www.kdenews.org/sites/dot.kde...4ef23891290.js (you get this by changing underscores in the file name to slashes). You can open it, it won't do anything since JavaScript files are just text files. It looks like a legitimate Drupal JS file to me. I had a quick look at what it does and I can't see anything malicious about it.

      If you are still concerned about this script you can email webmaster@kde.org and let them know of the warning, and the webmaster will be able to confirm that this is a legitimate file that hasn't been compromised.

      But, doing a search on Google for "PUA.Script.Packed-1" shows that this tool is widely known for false positives, which in my view makes it useless, unless you score 10 on the paranoia scale and willing to check every hardly-remotely-possible threat.

      Hope this helps.

      Comment


        #4
        Re: possible hacker attempt/virus

        If you use Firefox as a browser, you can install the NoScript add-on to manage Java scripts.
        An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

        Comment


          #5
          Re: possible hacker attempt/virus

          ok thanks for the info and the noscript addon. Is all useful. This site is fast becoming my favorite site for questions regarding linux. I get fast useful info and learn a lot even though I have been using linux for the past few years.

          Comment


            #6
            Re: possible hacker attempt/virus

            If you use Firefox as a browser, you can install the NoScript add-on to manage Java scripts.
            If you use Opera, you can bring the allow javascript button to the display options panel or switch this option in the settings.
            Kubuntu 16.04 on two computers and Kubuntu 17.04 on DELL Latitude 13

            Comment


              #7
              Re: possible hacker attempt/virus

              Originally posted by Lancelot
              ok thanks for the info and the noscript addon. Is all useful. This site is fast becoming my favorite site for questions regarding linux. I get fast useful info and learn a lot even though I have been using linux for the past few years.

              You can thank these members. They make this site what it is -- one of the best Linux/KDE forums on the planet.
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment


                #8
                Re: possible hacker attempt/virus

                thanks for all the info.

                For those who have read my last post I edited it as they are no longer an issue for me.

                The 3 post where:

                1 issue with standard login failure
                1 issue with log checker that runs every hour
                and the last one seems to be an error during boot when loading my firewall.

                pam_ck_connector(kdm:session): nox11 mode, ignoring PAM_TTY :0

                Can anyone confirm this. I get this log during boot and I also get and error that my firewall need root permission to start. Are these 1 and the same issue's?

                Comment


                  #9
                  Re: possible hacker attempt/virus

                  Originally posted by GreyGeek
                  You can thank these members. They make this site what it is -- one of the best Linux/KDE forums on the planet.
                  Ok I see just 10.000 more posts to become a Kubuntu god!

                  ;-)

                  Comment


                    #10
                    Re: possible hacker attempt/virus

                    Originally posted by Lancelot
                    Originally posted by GreyGeek
                    You can thank these members. They make this site what it is -- one of the best Linux/KDE forums on the planet.
                    Ok I see just 10.000 more posts to become a Kubuntu god!

                    ;-)
                    No need to use ASCII emots... we have these icon thingies at the top of the edit box!
                    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                    – John F. Kennedy, February 26, 1962.

                    Comment


                      #11
                      Re: possible hacker attempt/virus

                      Ah yes you are so right greygeek-sun

                      kohai is still learning

                      > 8) :P :-X

                      although the ascii-mo's (say as eskimo's ;-)) are always fun

                      Comment


                        #12
                        Re: possible hacker attempt/virus

                        I also get and error that my firewall need root permission to start.
                        I don't know which firewall you use, but what you wrote sounds familiar to me. I use Guarddog and it sometimes needs to start this shell command with root permission at the start of the session :
                        Code:
                        /etc/rc.firewall
                        Or it blocks all traffic. I had to learn how to autostart it for all users with root permissions. Maybe you need other shell command, but your problem could be the same.
                        Kubuntu 16.04 on two computers and Kubuntu 17.04 on DELL Latitude 13

                        Comment


                          #13
                          Re: possible hacker attempt/virus

                          @Lancelot: PAM stands for Personal Authentication Module. It is the program that verifies passwords. Therefore, it is called every time a password needs to be verified. Therefore, I conjecture that the firewall problem and the PAM problem are related. However, that doesn't mean that I have the slightest clue as to the cause or solution of the problem. My first debugging effort would be to (temporarily) disable the firewall, and see whether that stops either the PAM message or the login failure, or both. I suspect that the log checker problem is unrelated.

                          Comment


                            #14
                            Re: possible hacker attempt/virus

                            Originally posted by Lancelot
                            Ah yes you are so right greygeek-sun

                            kohai is still learning

                            > 8) :P :-X

                            although the ascii-mo's (say as eskimo's ;-)) are always fun
                            That's because you can figure them out. I need to see pictures!
                            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                            – John F. Kennedy, February 26, 1962.

                            Comment


                              #15
                              Re: possible hacker attempt/virus

                              OT: Pics are fine, but the traditional, and very useful, sarcasm one is missing! In western style it often looks like this: In the BBS days it was described as tongue-in-cheek but times have changed. Despite the mouse-over tags, I can't say I understand the pics, but I try to make the best of what's available. /OT

                              Comment

                              Working...
                              X