From owner-freebsd-questions@freebsd.org  Sat Nov 24 20:15:51 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 949F2113819A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat, 24 Nov 2018 20:15:51 +0000 (UTC)
 (envelope-from ralf.mardorf@rocketmail.com)
Received: from sonic302-21.consmr.mail.ir2.yahoo.com
 (sonic302-21.consmr.mail.ir2.yahoo.com [87.248.110.84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9611E8AA9F
 for <freebsd-questions@freebsd.org>; Sat, 24 Nov 2018 20:15:50 +0000 (UTC)
 (envelope-from ralf.mardorf@rocketmail.com)
X-YMail-OSG: L1G4muwVM1ng7_TUuCDZfOK3P2VpDHW3qmmFHPWl0h4YxdlYrpoU4o1VNKjE358
 eHYeSojYSimYcljCTA.vX8EYt3XMBWiEG.IESdop1wbxDHFF.TTYNCsBJw.5LmTuWLnyJZECs2kC
 oL276ROa2Z342_pmHaoEKIyRbt_uX6IgxrBQLdRY18fhex9LmuAF9MUdIcXh_8akZEDSavxUFZcs
 88a5KtHTml4SUIJlxAL6ONf0wdMEUOw3wiRNeyGCb5T1f9S8XxFgKKD199eBjrc9BhDoExyxXX6J
 OEx2mGY0.GfjpaUZqrJHTPwun2O76WrVrdhGQqjcOT6nqtjQGufP9_0hFWWuxxOs1iy.V9Fgl2lu
 I3918zXR6NOpxqEsROOPOwIKVNKgeKAD8mnbVVPo_iacLEOxts6opH2_4HqfJ1Mz5NhukS_QCa1P
 wb_hyLMxeDttrAR2PbV.k1Gt0FN3GTCY17e.qluWPJXLMfvonvWIRFzf.2IXlP5a79yhfdS6YOIP
 5lGOd7km6ODia8BmIicyMvTDaow0aXvBmqeYZ8HJ3G_WQziINBky03dOqzL6bmChNn4QojlXuQ4u
 2gYrMLhYMk0oHgUdwo38O9Zg1QgRhZnonXDX68AqL5UZHFmQQOS6KikNZqJcqYbPUiMDSc7DS33e
 Kzm9QGFyQkNzUyF8WXKWc4EJHCs3VM4dwU1ukmXAXY2GdTvucO1PAykXVbjS1NzQnJgSFyV5zFq2
 XIsZ5pDsBQmMdspJw6a5ueGpvKjvouhTRUqmzvkeJw1FyhNH0z4HpOLs6YvZnT8j4f1VpPEHEN9t
 q1L7brkSwD8K2RpcLsFBDSHsEbzZPG3fyZJyJgqqRuBhILr0EvX5igUti5C7Fvh7TZCAjCIbzRzq
 Ulpy8_0YlTaAjl4gQ18k2uFNbZieC4D5.4R.rGN077eqjHQuZwT51iRflMR9CWooTRtfaHmXNaAb
 nUQNDuVcNBmBGPNdnRgb3qOH6fCB5__cseuXencpDolwOzKqryxuqh12yeW.UhONu7_mGJbUFJpk
 0s7Qyz85gWnVENxzfDvdCp0ToxnyY4U.e4HJeNlzyLo0HL63odVrQOQ--
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic302.consmr.mail.ir2.yahoo.com with HTTP; Sat, 24 Nov 2018 20:15:42 +0000
Received: from x4db6ed63.dyn.telefonica.de (EHLO archlinux) ([77.182.237.99])
 by smtp432.mail.ir2.yahoo.com (Oath Hermes SMTP Server) with ESMTPA
 ID c63cc5a5308b562901dbeec0d1ce41d2
 for <freebsd-questions@freebsd.org>;
 Sat, 24 Nov 2018 20:15:42 +0000 (UTC)
Date: Sat, 24 Nov 2018 21:15:46 +0100
From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
To: freebsd-questions@freebsd.org
Subject: Re: New Virus that targets *.nix
Message-ID: <20181124211546.5e2d4bdd@archlinux>
In-Reply-To: <20181124194356.26dd5ad7.freebsd@edvax.de>
References: <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com>
 <20181124194356.26dd5ad7.freebsd@edvax.de>
X-Mailer: Claws Mail (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 9611E8AA9F
X-Spamd-Result: default: False [3.66 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 XM_UA_NO_VERSION(0.01)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com];
 FREEMAIL_FROM(0.00)[rocketmail.com]; TO_DN_NONE(0.00)[];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[rocketmail.com:+];
 MX_GOOD(-0.01)[mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yahoodns.net, mta6.am0.yahoodns.net, mta7.am0.yahoodns.net,
 mta5.am0.yaho
 odns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net,mta6.am0.yahoodns.net,mta7.am0.yahoodns.net,mta5.am0.yahoodns.net];
 DMARC_POLICY_ALLOW(-0.50)[rocketmail.com,reject];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(1.37)[ip: (2.86), ipnet: 87.248.110.0/24(2.31), asn: 34010(1.76),
 country: GB(-0.10)]; RCVD_TLS_LAST(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[99.237.182.77.zen.spamhaus.org : 127.0.0.10];
 ASN(0.00)[asn:34010, ipnet:87.248.110.0/24, country:GB];
 FREEMAIL_ENVFROM(0.00)[rocketmail.com]; ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[rocketmail.com]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.95)[0.953,0];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 NEURAL_SPAM_MEDIUM(0.92)[0.920,0]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_SPAM_LONG(0.92)[0.919,0];
 RCVD_IN_DNSWL_NONE(0.00)[84.110.248.87.list.dnswl.org : 127.0.5.0];
 MID_RHS_NOT_FQDN(0.50)[]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2018 20:15:51 -0000

On Sat, 24 Nov 2018 19:43:56 +0100, Polytropon wrote:
>Always use "curl myapp.example.com | sudo bash" to install
>the software you trust! Apply snake oil as desired. ;-)

For those interested to compromise Linux installs, targeting Ubuntu
flavours might be the easiest way to go.

I seriously doubt that a lot of Ubuntu users do check downloaded
install media correctly against the gpg signed sha256sum provided by
Ubuntu.

Usually they don't know how to get the public key and how to verify the
checksum against the public key, in the first place.

Providing compromised Ubuntu flavour install media is easier to do, than
using common vulnerabilities to get access to a handful of well
maintained Linux or *BSD installs.

When using common vulnerabilities, the best approach is to get access to
the bad maintained routers using an embedded Linux.

I guess that criminals are criminals, because they will get as much
income for as less work as possible.

However, if criminals have got a special interest that justifies to do
much hard work, they likely will use more complicated hacks, than a
noticeable bash script or they don't hack anything at all and instead
use a screw driver...

...or else...

real criminal experts provide Internet search engines and free
Internet services, to legally get what they want.

Other criminals hack those providers of Internet search engines and free
Internet services. Isn't it interesting that after hackers have stolen
data from providers of Internet search engines and free
Internet services that many people are afraid, while the same people
aren't afraid that those providers of Internet search engines and free
Internet services already misused this data before it was stolen?

Alexa, send this email!