I have a big problem about k3b when I write cd's with k3b there are a lot of files which I do not write for example: angels.pif cool_screensaver.scr dictionary.doc.exe dolly_duster.jpg.pif doom2.doc.pif e-book.archive.doc.exe e.book.doc.exe eminem - lick my pussy.mp3.pif hardcore porn.jpg.exe how to hack.doc.exe and lots of them.These files are copied recursively in all folders in writed cds.I'm using suse 9.0 and last week I made Suse update using Yast. Do u have any idea?A linux virus?
Hi
Big style ! But windows ----
Just cut-n-paste anyone of them into i.e norton's anti virus search site and you'll see....
You must have downloaded infected mails ? - and only because Linux isn't susceptible to these M$ viruses you got "lucky".
! Try executing an .exe file in Linux !, or a scr (screensaver) file...
The worst you can do now is mail out / infect others....
If you use SLOX as a mail system - get AV protection on it, if you downloaded from somewhere else - get that fixed!.
Regards
Ade
On Mar 08, 2004 01:06 PM, Murat Akca
I have a big problem about k3b when I write cd's with k3b there are a lot of files which I do not write for example:
angels.pif cool_screensaver.scr dictionary.doc.exe dolly_duster.jpg.pif doom2.doc.pif e-book.archive.doc.exe e.book.doc.exe eminem - lick my pussy.mp3.pif hardcore porn.jpg.exe how to hack.doc.exe
and lots of them.These files are copied recursively in all folders in writed cds.I'm using suse 9.0 and last week I made Suse update using Yast.
Do u have any idea?A linux virus?
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 08 March 2004 13:06, Murat Akca wrote:
I have a big problem about k3b when I write cd's with k3b there are a lot of files which I do not write for example: angels.pif cool_screensaver.scr dictionary.doc.exe dolly_duster.jpg.pif doom2.doc.pif e-book.archive.doc.exe e.book.doc.exe eminem - lick my pussy.mp3.pif hardcore porn.jpg.exe how to hack.doc.exe and lots of them.These files are copied recursively in all folders in writed cds.I'm using suse 9.0 and last week I made Suse update using Yast. Do u have any idea?A linux virus?
No, it's a windows virus. You have a samba share with write access on these directories and some windows box is writing files onto your disk, hoping you would run them, but you can't, because you have linux. Good for you, I guess. - -- Jure Koren, n.i. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) iD8DBQFATGbb9iFCvmuhrCIRAhEwAKCtdxMVzZFQnWYdsB3y1icl9oTi6gCfS7Tk +Zi29hudTMKWtQwLRQGG9yM= =ybHc -----END PGP SIGNATURE-----
But there is a point that I can not understand. I write my tomcat directory: /opt/jakarta/tomcat to the cd rom. These files aren't in tomcat directory,when I've searced these file they are found in share directories, and I can see them. When I burn the cd, these files are copyed in all directories of tomcat in cd. I could not understand this. On Monday 08 March 2004 14:28, Jure Koren wrote:
On Monday 08 March 2004 13:06, Murat Akca wrote:
I have a big problem about k3b when I write cd's with k3b there are a lot of files which I do not write for example: angels.pif cool_screensaver.scr dictionary.doc.exe dolly_duster.jpg.pif doom2.doc.pif e-book.archive.doc.exe e.book.doc.exe eminem - lick my pussy.mp3.pif hardcore porn.jpg.exe how to hack.doc.exe and lots of them.These files are copied recursively in all folders in writed cds.I'm using suse 9.0 and last week I made Suse update using Yast. Do u have any idea?A linux virus?
No, it's a windows virus. You have a samba share with write access on these directories and some windows box is writing files onto your disk, hoping you would run them, but you can't, because you have linux. Good for you, I guess.
-- Jure Koren, n.i.
Murat Akca sagte:
But there is a point that I can not understand.
I write my tomcat directory:
/opt/jakarta/tomcat
to the cd rom. These files aren't in tomcat directory,when I've searced these file they are found in share directories, and I can see them.
When I burn the cd, these files are copyed in all directories of tomcat in cd. I could not understand this.
which k3b version do you use, where did you get it? bye, [MH]
I'm using K3b 0.10 using kde 3.14. It is updated by Yast online updated (YOU) last week.And I've install first K3b from suse 9.0 installation cds On Monday 08 March 2004 15:00, Mathias Homann wrote:
Murat Akca sagte:
But there is a point that I can not understand.
I write my tomcat directory:
/opt/jakarta/tomcat
to the cd rom. These files aren't in tomcat directory,when I've searced these file they are found in share directories, and I can see them.
When I burn the cd, these files are copyed in all directories of tomcat in cd. I could not understand this.
which k3b version do you use, where did you get it?
bye, [MH]
On Mon, Mar 08, 2004 at 03:16:02PM +0200, Murat Akca wrote:
I'm using K3b 0.10 using kde 3.14. It is updated by Yast online updated (YOU) last week.And I've install first K3b from suse 9.0 installation cds
There is no k3b update availlable via YOU for 9.0. Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de
Update your system using apt! http://tinyurl.com/2wg8o Robert Schiele wrote:
On Mon, Mar 08, 2004 at 03:16:02PM +0200, Murat Akca wrote:
I'm using K3b 0.10 using kde 3.14. It is updated by Yast online updated (YOU) last week.And I've install first K3b from suse 9.0 installation cds
There is no k3b update availlable via YOU for 9.0.
Robert
I think I found the problem,all virus files are copied to the "share" folders as you said.One of the folder is /home/onder/.kde/share/apps/k3b/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/dummydir/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/eminem - lick my pussy.mp3.pif So when burning a cd these files are automatically writed to the cd? I think I need to remove all these files?Is there any other ideas? Thanks... Murat Akca On Monday 08 March 2004 15:46, Dmitry wrote:
Update your system using apt! http://tinyurl.com/2wg8o
Robert Schiele wrote:
On Mon, Mar 08, 2004 at 03:16:02PM +0200, Murat Akca wrote:
I'm using K3b 0.10 using kde 3.14. It is updated by Yast online updated (YOU) last week.And I've install first K3b from suse 9.0 installation cds
There is no k3b update availlable via YOU for 9.0.
Robert
I think running a virus scanner on the Windows PC that's infected would probably be a good idea. Then remove all these dodgy files. Tom.
-----Original Message----- From: Murat Akca [mailto:murat.akca@aradiom.com] Sent: 08 March 2004 14:27 To: suse-security@suse.com Subject: Re: [suse-security] k3b
I think I found the problem,all virus files are copied to the "share" folders as you said.One of the folder is
/home/onder/.kde/share/apps/k3b/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/dummydir/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/eminem - lick my pussy.mp3.pif
So when burning a cd these files are automatically writed to the cd?
I think I need to remove all these files?Is there any other ideas?
Thanks...
Murat Akca
On Monday 08 March 2004 15:46, Dmitry wrote:
Update your system using apt! http://tinyurl.com/2wg8o
Robert Schiele wrote:
On Mon, Mar 08, 2004 at 03:16:02PM +0200, Murat Akca wrote:
I'm using K3b 0.10 using kde 3.14. It is updated by Yast online updated (YOU) last week.And I've install first K3b from suse 9.0 installation cds
There is no k3b update availlable via YOU for 9.0.
Robert
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Quoting Murat Akca
I think I found the problem,all virus files are copied to the "share" folders as you said.One of the folder is
/home/onder/.kde/share/apps/k3b/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/dummydir/eminem - lick my pussy.mp3.pif /home/onder/.kde/share/apps/k3b/temp/eminem - lick my pussy.mp3.pif
So when burning a cd these files are automatically writed to the cd?
I think I need to remove all these files?Is there any other ideas?
First off, if I recall correctly, k3b is a ui wrapper. If something on your machine is infected, it's probably the actual program writing to the CD that's hit. However, in this case, the problem is likely in the interaction between k3b and cdrecord. Those .pif files are in places they shouldn't be, so they're being passed to cdrecord erroneously. Secondly, for the love of all that is holy: FIX YOUR WINDOWS MACHINE!!! The nasty piece of malware is most likely Netsky.B: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html
participants (8)
-
Adrian Bellini
-
Dmitry
-
Jure Koren
-
Mathias Homann
-
Murat Akca
-
Robert Schiele
-
suse@rio.vg
-
Tom Knight