Re: possible viri in tarballs?

From: Gene Heskett
Date: Wed Feb 05 2014 - 13:25:15 EST


On Wednesday 05 February 2014, Gene Heskett wrote:
>Greetings;
>
>I recently brought a daily system scan by clamscan back to life, and its
>emailing me this:
>
>/home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>
>Repeat for several other kernel trees.
>FP or ??
>
>Cheers, Gene

Someone thought its an FP, so I took this to the clamav list and got some
links, it is a highest threat Password revealer first seen by

<http://www.threatexpert.com/reports.aspx?find=PSWTool.Win32.PassViewer.av&x=11&y=9>

on 12/07/2011.

Over on <http://www.malwarepatrol.net/cgi/search.pl?id=400944>

You will see more history.

So that file needs sanitized. I was under the impression that a file with
the .txt extension was supposed to be pure ascii text, but its loaded to
the gills with some sort of markup crap. And I have at least 20 copies of
it.

Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/