Cross-Platform Koobface Worm Can Infect Linux

October 28, 2010 by
Filed under: linux, news, security, Ubuntu 

There is a new version of the Koobface worm that can infect a Linux operating system. Jerome Segura over at Pareto Logic has a blog post showing how this worm can infect a user's home directory in Ubuntu.

The good news is that the worm will only run until the system is rebooted. However, the damage may have already been done by the time that happens. The malicious files are downloaded to the user's home directory and placed in a hidden folder called .jnana.

Based on this information, it should be easy to detect and remove the malicious files. To detect infection, simply open a terminal window and enter the following commands:

cd
ls -A | grep jnana

If you do find a folder called .jnana, reboot your system or manually kill any related processes. Then remove the malicious files with:

rm -R .jnana

Affiliate Link

Remember, contrary to popular belief, a GNU/Linux system is not 100% secure. It can be infected with malware. In this case, it's not nearly as bad as its Windows variant, but does prove that a piece of malware does not need to have root access to cause trouble.

Comments

5 Responses to “Cross-Platform Koobface Worm Can Infect Linux”

  1. Alan says:

    Has this really been seen in the wild?

  2. Mukesh Jat says:

    Last night by mistake koobface installed in my Linux firefox..
    The plugin is named Divx web player... i have disable it... But how can i remove it?

  3. Blog says:

    Very good tutorials.Thanks for this contens.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>