Malware has been found hidden inside an innocuous ‘waterfall’ screensaver .deb file made available on popular artwork sharing site Gnome-Look.org.
The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads.
The dodgy screensaver in question has since been removed from gnome-look and this incident was a very basic, if potentially successful, attempt.
If anything this incident highlights the need to be careful what you download and where you download it from.
The Fix
If you fear you may have downloaded or install the screensaver (which doesn’t install a screensaver) then run the following command in the terminal or seek help from the fix thread on the Ubuntu forums.
DO NOT RUN THIS COMMAND UNLESS YOU HAVE INSTALLED THE .DEB IN QUESTION.
- sudo rm -f /usr/bin/Auto.bash /usr/bin/run.bash /etc/profile.d/gnome.sh index.php run.bash && sudo dpkg -r app5552