lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201402051324.59495.gheskett@wdtv.com>
Date:	Wed, 5 Feb 2014 13:24:59 -0500
From:	Gene Heskett <gheskett@...v.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: possible viri in tarballs?

On Wednesday 05 February 2014, Gene Heskett wrote:
>Greetings;
>
>I recently brought a daily system scan by clamscan back to life, and its
>emailing me this:
>
>/home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.6/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.8.3/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.12.9/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.4.36/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.0.69/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>/home/gene/src/linux-3.2.40/Documentation/usb/gadget_multi.txt:
>MBL_400944.UNOFFICIAL FOUND
>
>Repeat for several other kernel trees.
>FP or ??
>
>Cheers, Gene

Someone thought its an FP, so I took this to the clamav list and got some 
links, it is a highest threat Password revealer first seen by 

<http://www.threatexpert.com/reports.aspx?find=PSWTool.Win32.PassViewer.av&x=11&y=9>

on 12/07/2011.

Over on <http://www.malwarepatrol.net/cgi/search.pl?id=400944>

You will see more history.

So that file needs sanitized.  I was under the impression that a file with 
the .txt extension was supposed to be pure ascii text, but its loaded to 
the gills with some sort of markup crap.  And I have at least 20 copies of 
it.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ