5

There is a new version of the Koobface worm that can infect a Linux operating system. Jerome Segura over at Pareto Logic has a blog post showing how this worm can infect a user's home directory in Ubuntu.

The good news is that the worm will only run until the system is rebooted. However, the damage may have already been done by the time that happens. The malicious files are downloaded to the user's home directory and placed in a hidden folder called .jnana.

Based on this information, it should be easy to detect and remove the malicious files. To detect infection, simply open a terminal window and enter the following commands:

cd
ls -A | grep jnana

If you do find a folder called .jnana, reboot your system or manually kill any related processes. Then remove the malicious files with:

rm -R .jnana

Remember, contrary to popular belief, a GNU/Linux system is not 100% secure. It can be infected with malware. In this case, it's not nearly as bad as its Windows variant, but does prove that a piece of malware does not need to have root access to cause trouble.

5 Comments

  1. Alan

    I would like to learn of one case of a Linux system getting this in the wild...

    http://www.snopes.com/computer/virus/koobface.asp
    http://en.wikipedia.org/wiki/Koobface
    http://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99

    Reply
  2. Alan

    Has this really been seen in the wild?

    Reply
  3. Mukesh Jat

    Last night by mistake koobface installed in my Linux firefox..
    The plugin is named Divx web player... i have disable it... But how can i remove it?

    Reply
    • re

      i also have the plugin named Divx web player installed.. is it koobface??

      Reply

  4. Very good tutorials.Thanks for this contens.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.