From owner-freebsd-questions@freebsd.org Sat Nov 24 15:13:42 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED53E115130D for ; Sat, 24 Nov 2018 15:13:41 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-oln040092001091.outbound.protection.outlook.com [40.92.1.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 332097C428 for ; Sat, 24 Nov 2018 15:13:39 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BFrfhf6edzUx39YFvQWMUMhA5hgDT1DxNZO4c6sw75c=; b=Rz7Pb7brtqWbcQWAxAV6szmWKovv0ITBDXvB5b2Op/rxyDqyLBrsTkLve2yV2IUAPtcj4kZqij1FtK4SYgYaQnvJaMuF6ZPz3l5ntIn6+TXtH5LToV28taEGaRxc9B2NUbwLZMRpicHsL9Sl9kHX5rB66I5JWsadR1DbG8Bwp+8Li5XoybOgDdNf4td+E45VgyacAGohyijyn81POSxEC5AKDT3Y+A/JdBXV4mOngZDMZfONXUPXjYLCkxr8X9AIdgiQcjHRmRd8B0MG87NYuBYo23Mk4Abx83Vvg/A3dEBLSAlbNouMMTP4k+G9yf6z1d203lnbKnKifPI7lqwSfA== Received: from SN1NAM01FT028.eop-nam01.prod.protection.outlook.com (10.152.64.52) by SN1NAM01HT105.eop-nam01.prod.protection.outlook.com (10.152.65.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1339.10; Sat, 24 Nov 2018 15:13:38 +0000 Received: from DM5PR20MB2102.namprd20.prod.outlook.com (10.152.64.51) by SN1NAM01FT028.mail.protection.outlook.com (10.152.65.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1339.10 via Frontend Transport; Sat, 24 Nov 2018 15:13:38 +0000 Received: from DM5PR20MB2102.namprd20.prod.outlook.com ([fe80::d172:4cee:603c:dc17]) by DM5PR20MB2102.namprd20.prod.outlook.com ([fe80::d172:4cee:603c:dc17%3]) with mapi id 15.20.1361.019; Sat, 24 Nov 2018 15:13:38 +0000 From: Carmel NY To: FreeBSD Subject: New Virus that targets *.nix Thread-Topic: New Virus that targets *.nix Thread-Index: AQHUhAhGSxtnWieqEEu9u9KBLzoEXw== Date: Sat, 24 Nov 2018 15:13:37 +0000 Message-ID: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BN6PR11CA0061.namprd11.prod.outlook.com (2603:10b6:404:f7::23) To DM5PR20MB2102.namprd20.prod.outlook.com (2603:10b6:4:bb::17) x-mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-w64-mingw32) x-incomingtopheadermarker: OriginalChecksum:EB629F903435761BD89539ED189EC4E017D359628CDAB70BF8D9E46E0F09D362; UpperCasedChecksum:F20AA7E8E34908C68536D54A54C73A91C689C789C389EBE670A3D3C4342043A7; SizeAsReceived:7324; Count:49 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [hXvfnMkm59zX6Jj3JbtuLD2xzlgV8+606K1ED74yf+c=] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN1NAM01HT105; 6:82Y009q+lP0yCp2542/25CBPgtZNuo5xBBZ2/vMfPwTgPmoOkp2YJh1sTvFZqLZ//GQR6L0tGMwObJb04VF0ejmzHEr9VJyZ3G7T1+rxyW7VY6ikFh/vWJesGQKdLq/8GdLikfLuZM4TMT2aQ5HCODTgjdWif/o6cZ32YMYJF6kRMQFm1/SNMSG7RKNZvICr1a5Y80vi5oOEbXdO+++u+jBKhTuWa6VTs7GR2e80a0iD+TOzZJDfYYBrjG3MNFMY1CYvkLdoBTktMH9IVVfm0gnIRYMwBB4ypI8NsSqA2ZYS2bFMqTVyDzjtJxz1eHG7GyDP/9bIriw02lcjeym+oOdYm+mDwtB5qbhIKWD+bDeGeQUurSZ6yt5Mr8qvzDpAsfZk6T5+ydxdw2cqMWUuN34POj0gjEDbf5waptfy0ycbv9l4HyaF2lQxekghIod46n7YyubIZHfYtdfjmZ/qtQ==; 5:ErnldDHgvgcbx1KR5tYWC4ZzRW21dbz6g4R64pzMz2kWeKcVqhGD2+BglSTfSCTySg6Dmnl+M+W0JvsI0YXv4oADypRG9TwM6CwAxC91n6THBWGl8EJ9nmWbGeNqktv1qloWSZAc7Ix+lN2OktiR4xpK16zJaqqoXz+l+cd4+ts=; 7:3NxmJ8iXa4AjhUjlC5EEIFRBSGDBTDIk07XaCpdWCYixDrOC46sKSDh4BozRPlm/gb3oQejNnJXla+3Fznnog9bG6Zilz4u/mM7WjNGL4uPAhTimbpN1S+uLq6VbKmRrbmyzjaCA9RBwj/1kBBJFFA== x-incomingheadercount: 49 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101475)(1601125500)(1701031045); SRVR:SN1NAM01HT105; x-ms-traffictypediagnostic: SN1NAM01HT105: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:SN1NAM01HT105; BCL:0; PCL:0; RULEID:; SRVR:SN1NAM01HT105; x-microsoft-antispam-message-info: HsJKSUgsmtyXsFXKjPkbzuq6yiUna7IX5Zqv8+q2L9QVcvV6aOhdqepghTSWu8oa Content-Type: text/plain; charset="us-ascii" Content-ID: <2D158FB1AB99984D800940D0ECBCEE48@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 9a4e3081-9524-43cf-bfc3-dcaef82d5da1 X-MS-Exchange-CrossTenant-Network-Message-Id: 807bf37f-a826-4e67-6b34-08d6521f683c X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 9a4e3081-9524-43cf-bfc3-dcaef82d5da1 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2018 15:13:38.1226 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM01HT105 X-Rspamd-Queue-Id: 332097C428 X-Spamd-Result: default: False [0.22 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd-questions@freebsd.org]; R_DKIM_ALLOW(-0.20)[outlook.com]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/14]; FREEMAIL_FROM(0.00)[outlook.com]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-0.80)[ipnet: 40.64.0.0/10(-2.04), asn: 8075(-1.88), country: US(-0.09)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[outlook-com.olc.protection.outlook.com,outlook-com.olc.protection.outlook.com]; DKIM_TRACE(0.00)[outlook.com:+]; RCVD_IN_DNSWL_NONE(0.00)[91.1.92.40.list.dnswl.org : 127.0.3.0]; NEURAL_HAM_SHORT(-0.97)[-0.971,0]; DMARC_POLICY_ALLOW(-0.50)[outlook.com,none]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[outlook.com]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; REPLYTO_EQ_TO_ADDR(5.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2018 15:13:42 -0000 This looks like a particularly nasty virus. https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-passw= ord-and-disables-your-antivirus/ --=20 Carmel