Computer on network was compromised
Well, my brother was tricked into downloading a malware loaded version of Java on his windows computer and it was on the network for a few hours doing who knows what and according to my router logs it uploaded a bunch of data in that time.
I already nuked the installation but do I have to worry about the Linux computers on my network? I have never been in this situation and I am pretty sure I logged into a bunch of stuff including my email in that time period. I know almost nothing about security threats on a network. Any tips or knowledge would be appreciated.
Don't worry if communication was encrypted like https or ssh. Its possible too, that windows malware didn't sniffed the traffic. If not sure - change passwords.
|reply to b145145 | said by b145145:
... but do I have to worry about the Linux computers on my network?
The chances are that the linux computers are using an "iptables" firewall, so are probably protected. If you are running a samba server, that would be the system to inspect closely.--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 13.1; KDE 4.11.4; firefox 26.0
No worry - no Samba vulnerabilities recently ( and who runs servers on ordinary desktops anyway ). By virus uploaded Windows EULA is more embarrassing than dangerous
Samba doesn't have to be vulnerable if the shares are mounted on an infected windows system.
In such a scenario files that are physically located on the linux server can be altered (infected with a virus, etc.) as long as they are shared with the infected windows client.
That would most likely cause no harm to the linux server but would be a vector for re-infecting the windows clients later on if they execute one of the infected files from the trusted server.--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!
|reply to Velnias |
I did some research on that type of malware. My brother got a Java trojan exploit and on top of that some conduit browser hijack. I do have the firewall enabled but no active samba shares.
This is probably overkill but I reflashed my router and double checked everything. I changed my email password just in case even though HTTPS was being used for the login. Thanks for the info.
Kansas City, MO
You can scan the linux machines with clam and even burn a "Ultimate Boot CD" cd and scan the entire boxes with clam to see if anything was left behind.
Good idea! I didn't even think of that...that shows how long i've been using linux. I am also going to set my brothers computer on a wireless guest network instead of plugging in.