dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
551
share rss forum feed

b145145

join:2013-12-17

Computer on network was compromised

Well, my brother was tricked into downloading a malware loaded version of Java on his windows computer and it was on the network for a few hours doing who knows what and according to my router logs it uploaded a bunch of data in that time.

I already nuked the installation but do I have to worry about the Linux computers on my network? I have never been in this situation and I am pretty sure I logged into a bunch of stuff including my email in that time period. I know almost nothing about security threats on a network. Any tips or knowledge would be appreciated.

Velnias

join:2004-07-06
Don't worry if communication was encrypted like https or ssh. Its possible too, that windows malware didn't sniffed the traffic. If not sure - change passwords.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to b145145
said by b145145:

... but do I have to worry about the Linux computers on my network?

The chances are that the linux computers are using an "iptables" firewall, so are probably protected. If you are running a samba server, that would be the system to inspect closely.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 13.1; KDE 4.11.4; firefox 26.0

Velnias

join:2004-07-06
No worry - no Samba vulnerabilities recently ( and who runs servers on ordinary desktops anyway ). By virus uploaded Windows EULA is more embarrassing than dangerous


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

Samba doesn't have to be vulnerable if the shares are mounted on an infected windows system.

In such a scenario files that are physically located on the linux server can be altered (infected with a virus, etc.) as long as they are shared with the infected windows client.

That would most likely cause no harm to the linux server but would be a vector for re-infecting the windows clients later on if they execute one of the infected files from the trusted server.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

b145145

join:2013-12-17
reply to Velnias
I did some research on that type of malware. My brother got a Java trojan exploit and on top of that some conduit browser hijack. I do have the firewall enabled but no active samba shares.

This is probably overkill but I reflashed my router and double checked everything. I changed my email password just in case even though HTTPS was being used for the login. Thanks for the info.


dib22

join:2002-01-27
Kansas City, MO
You can scan the linux machines with clam and even burn a "Ultimate Boot CD" cd and scan the entire boxes with clam to see if anything was left behind.

b145145

join:2013-12-17
Good idea! I didn't even think of that...that shows how long i've been using linux. I am also going to set my brothers computer on a wireless guest network instead of plugging in.