Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
RE: [suse-security] intruder in home system 8.2 prof
  • From: "Mike Tierney" <miket@xxxxxxxxxxxxxxxx>
  • Date: Tue, 30 Nov 2004 16:03:16 +1300
  • Message-id: <200411300303.iAU33Gvq007727@xxxxxxxxxxxxxxxx>
It's quite possible that some of the online sites that you have visited have
on-sold your email address to a spammers lists. All it takes is one
"bad-egg" and they have your address.

Alternatively it may not have been your system that was compromised but one
of the sites you visited that has your details. There was even a case years
ago where a commerical website was been setup so badly that Google or some
other search engine harvested peoples credit card details!!

I don't know if there is any Linux "Spyware" in existance but I could be
wrong. Maybe if it's written in Java!

As for finding and removing someone who has hacked your Linux box through an
open service .... there's whole entire books on that subject :(

Yep there is a SuSE firewall that you can turn in Yast, if you have the
correct packages installed. The packages are probably called SuSEFirewall2
and yast2-firewall. Once they're installed you can go into Yast2 and you can
turn it on under "Security and Users > Firewall".

You can also run the command "rpm -Va | sort" to verify the integrity of
your installed pakages (look for binary entries with a "5" in the first
field as this means the programs checksum has changed since it was
installed), though there's the chance a skilled attacker could have
re-written the checksums. That command might produce a lot of other output
so you'll have to sift through it and some of it could be bona-fide changes.

If you do find any suspicious entries you can re-install the rpm.

Keeping your system fully patched and turning on firewalling is normally a
good defense.

My guess is though that people probably got your address from those sites
your visisted. You never can be too safe though!

> -----Original Message-----
> From: Martin [mailto:martin@xxxxxxxxxxxxxxx]
> Sent: Tuesday, 30 November 2004 3:18 p.m.
> To: suse-security@xxxxxxxx
> Subject: [suse-security] intruder in home system 8.2 prof
>
> Recently I notice a large increase in spam related to recent transactions
> I've
> made. I ordered pharmaceuticals on line and now get increased spam from
> thos
> type of business. I inquired about credit card fraud and get spam.
>
> Could this mean there is some kind of binary running in my system which
> sends
> information about my activities. I've heard about something called
> spyware.
>
> I believe my system has some kind of suse 8.2 supplied software firewall
> but
> don't know where or how to configure it.
>
> How would I find and remove any such unwanted intruder?
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
References