dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
626
b145145
join:2013-12-17

b145145

Member

Computer on network was compromised

Well, my brother was tricked into downloading a malware loaded version of Java on his windows computer and it was on the network for a few hours doing who knows what and according to my router logs it uploaded a bunch of data in that time.

I already nuked the installation but do I have to worry about the Linux computers on my network? I have never been in this situation and I am pretty sure I logged into a bunch of stuff including my email in that time period. I know almost nothing about security threats on a network. Any tips or knowledge would be appreciated.
Velnias
join:2004-07-06
233322

Velnias

Member

Don't worry if communication was encrypted like https or ssh. Its possible too, that windows malware didn't sniffed the traffic. If not sure - change passwords.

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert to b145145

Mod

to b145145
said by b145145:

... but do I have to worry about the Linux computers on my network?

The chances are that the linux computers are using an "iptables" firewall, so are probably protected. If you are running a samba server, that would be the system to inspect closely.
Velnias
join:2004-07-06
233322

Velnias

Member

No worry - no Samba vulnerabilities recently ( and who runs servers on ordinary desktops anyway ). By virus uploaded Windows EULA is more embarrassing than dangerous

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

1 recommendation

leibold

MVM

Samba doesn't have to be vulnerable if the shares are mounted on an infected windows system.

In such a scenario files that are physically located on the linux server can be altered (infected with a virus, etc.) as long as they are shared with the infected windows client.

That would most likely cause no harm to the linux server but would be a vector for re-infecting the windows clients later on if they execute one of the infected files from the trusted server.
b145145
join:2013-12-17

b145145 to Velnias

Member

to Velnias
I did some research on that type of malware. My brother got a Java trojan exploit and on top of that some conduit browser hijack. I do have the firewall enabled but no active samba shares.

This is probably overkill but I reflashed my router and double checked everything. I changed my email password just in case even though HTTPS was being used for the login. Thanks for the info.

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

You can scan the linux machines with clam and even burn a "Ultimate Boot CD" cd and scan the entire boxes with clam to see if anything was left behind.
b145145
join:2013-12-17

b145145

Member

Good idea! I didn't even think of that...that shows how long i've been using linux. I am also going to set my brothers computer on a wireless guest network instead of plugging in.