Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Linux Mint website hacked - Compromised ISOs containing Tsunami IRCBot malware

Shoob
 Share

Linux Mint's website was compromised yesterday (February 20th) and the hackers uploaded an injected ISO, possibly containing the Tsunami malware, which creates a backdoor and grants remote access to the infected machines.

The information was posted on the Linux Mint blog and advises to get rid of Mint Cinnamon ISOs downloaded yesterday and to check their MD5 signature.

Currently the main website of Linux Mint is down.

 

Quote

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

 

Quote

How to check if your ISO is compromised?

 

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

 


6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso


If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

 

Source: http://blog.linuxmint.com/?p=2994

From salty to bath salty in 2.9 seconds

 

Link to comment
Share on other sites

Link to post
Share on other sites

wow this is really bad, hope not to many people downloaded it yesterday :/

I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally) watch YT and write essays...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Scary.

I use Mint Cinnamon. Of course being the thoughtful, courteous man that I am, I torrent all my Linux ISOs.

Link to comment
Share on other sites

Link to post
Share on other sites

I downloaded them all a while ago and am still seeding them, so I'm not too worried.  I do a hash check of every .iso or installer anyway if it's available. 

 

Still, if they can hack the site and replace the hashes with those of the modified .iso, you're out of luck if you check right away.

Link to comment
Share on other sites

Link to post
Share on other sites

Whelp, they've taken the site down. There goes my chance to install mint today, I'm so lucky I didn't do it yesterday.

Link to comment
Share on other sites

Link to post
Share on other sites

lol lucky me i was just trying new linux distros like a week ago including 3 different mint flavours, hopefully i didnt catch anything sigh

Link to comment
Share on other sites

Link to post
Share on other sites

Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads

By Zack Whittaker for Zero Day

Main Source: http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/

2nd sources;

http://www.brunchnews.com/zdnet/technology/hacker-explains-how-he-put-backdoor-in-hundreds-of-linux-mint-downloads-4231245

http://www.pcworld.com/article/3035682/security/hackers-planted-a-backdoor-inside-a-compromised-version-of-linux-mint.html

http://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/

 

porta-aperta-template-vector23-214749501

 

Well this is not good...

Quote

A lone hacker who duped hundreds of users into downloading a version of Linux with a backdoor installed has revealed how it was done.

News broke on Saturday that the website of Linux Mint, said to be the third most-popular Linux operating system distribution, had been hacked, and was tricking users all day by serving up downloads that contained a maliciously-placed "backdoor."

Quote

The hacker responsible, who goes by the name "Peace," told me in an encrypted chat on Sunday that a "few hundred" Linux Mint installs were under their control -- a significant portion of the thousand-plus downloads during the day.

But that's only half of the story.

Quote

Peace was "just poking around" the site in January when they found a vulnerability granting unauthorized access. (The hacker also said they had the credentials to log in to the site's admin panel as Lefebvre, but was reluctant to explain how in case it proved useful again.) On Saturday, the hacker replaced one of the 64-bit Linux distribution images (ISO) with one that was modified by adding a backdoor, and later decided to "replace all mirrors" for every downloadable version of Linux on the site with a modified version of their own.

The backdoored version isn't as difficult as you'd think. Because the code is open-source, the hacker said it took them just a few hours to repack a Linux version that contained the backdoor.

Quote

For now, the hacker's motive was "just having access in general," but they did not rule out using the botnet to carry out data mining or any other nefarious means. In the meanwhile, the hacker's botnet is still up and running, but the number of infected machines "dropped significantly since the news broke obviously," Peace confirmed.

Lefebvre did not return an email for comment on Sunday. The project's website is down, with no timeline on when the project will be back.

Well guys I guess be wary if you downloaded this during the mentioned period time and do what you must to protect yourself until the issue is resolved.

 

I am somewhat surprised by this myself but I guess was going to happen at some point.

 

Thoughts?

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

 

Spoiler

  

 

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

I am a StarCitizen are you? My ships: Aegis Eclipse, Aegis Sabre, Aegis Gladius, Aopoa Nox, KI P52 Merlin, KI P72 Archimedes and the RSI Constellation Aquila.

 

My phones are a Samsung Note 20 and a Samsung S9+

 

🇺🇸   About Myself:   https://linustechtips.com/main/profile/229093-sansvarnic/?tab=field_core_pfield_46   🇺🇸

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

this just proves how necessary an antivirus is, not just "common sense"

seemingly safe downloads can have malware or viruses

using common sense will not tell you if there is malware or viruses in the download you trusted

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to comment
Share on other sites

Link to post
Share on other sites

Brb running MBAM.

Spoiler

Prometheus (Main Rig)

CPU-Z Verification

Laptop: 

Spoiler

Intel Core i3-5005U, 8GB RAM, Crucial MX 100 128GB, Touch-Screen, Intel 7260 WiFi/Bluetooth card.

 Phone:

 Game Consoles:

Spoiler

Softmodded Fat PS2 w/ 80GB HDD, and a Dreamcast.

 

If you want my attention quote my post, or tag me. If you don't use PCPartPicker I will ignore your build.

Link to comment
Share on other sites

Link to post
Share on other sites

I shit you not I downloaded mint and opened up slashdot a few hours later and saw the news. "Guess I'm not using that install lol"

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

oh well i feel like $#!^ now. just recomended mint to a friend.

CPU: I7 8700k @ 5ghz | Motherboard: Asus Z370-Prime | RAM: White Crucial balistix DDR4 2133mhz | GPU: GTX 1080TI | Storage: ssd HyperX 240gig, 2x2tb seagate Firecuda 1tb, BPX 480 gig nvme, 1tb sandisk ssd  | Cooling: Custom loop | PSU: Evga supernova 850w G2 | Case: Phanteks enthoo evolv atx black White modded | system theme: White/RGB/Weiss

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Enderman said:

this just proves how necessary an antivirus is, not just "common sense"

seemingly safe downloads can have malware or viruses

using common sense will not tell you if there is malware or viruses in the download you trusted

this only proves why it's always good to perform an md5 checksum on your isos

One day I will be able to play Monster Hunter Frontier in French/Italian/English on my PC, it's just a matter of time... 4 5 6 7 8 9 years later: It's finally coming!!!

Phones: iPhone 4S/SE | LG V10 | Lumia 920

Laptops: Macbook Pro 15" (mid-2012) | Compaq Presario V6000

Link to comment
Share on other sites

Link to post
Share on other sites

lmao when people don't use checksums from a website other than the source...

 

*sigh*

 

idiots

Ultimate XP gaming system build log coming soon!  Q8200 // 8GB DDR2 // Asus P5E Deluxe X48 // Asus 4870 DARK KNIGHT X-Fire // Supreme FX sound // BFG Ageia PhysX PCI Co-Processor // AX 860x with Silverstone extensions 

Link to comment
Share on other sites

Link to post
Share on other sites

52 minutes ago, suicidalfranco said:

this only proves why it's always good to perform an md5 checksum on your isos

Absolutely. 

 

Of course if the hacker replaced the checksum on the Mint site with his own and you verify the ISO with that checksum, you're still screwed. 

Link to comment
Share on other sites

Link to post
Share on other sites

Here's hoping the official website will try to protect the site better from now on.

|  The United Empire of Earth Wants You | The Stormborn (ongoing build; 90% done)  |  Skyrim Mods Recommendations  LTT Blue Forum Theme! | Learning Russian! Blog |
|"They got a war on drugs so the police can bother me.”Tupac Shakur  | "Half of writing history is hiding the truth"Captain Malcolm Reynolds | "Museums are racist."Michelle Obama | "Slap a word like "racist" or "nazi" on it and you'll have an army at your back."MSM Logic | "A new command I give you: love one another. As I have loved you, so you must love one another"Jesus Christ | "I love the Union and the Constitution, but I would rather leave the Union with the Constitution than remain in the Union without it."Jefferson Davis |

Link to comment
Share on other sites

Link to post
Share on other sites

I only ever use OG Ubuntu myself. And besides, at the moment I am not running Ubuntu at all.

 

This is really shitty though. It's good that the vulnerability has been revealed, so something can be done about it. However, it was shitty of the guy to use it for his own ends, rather than to highlight the issue for the Mint devs to sort out.

Link to comment
Share on other sites

Link to post
Share on other sites

Yay, another Wordpress hack. Been burnt personally by it before.

Link to comment
Share on other sites

Link to post
Share on other sites

The Linux Mint teams, which isn't very big, don't really have great security, even on their forum which has also been comprimised. Linux Mint is high-up on distrowatch because it generates a lot of traffic but a lot of people run distributions on Fedora or Ubuntu because they have good backing from developers and corporations.

Everytime I hit my funny bone unexpectedly it's like my own personal Pearl Harbour.


Don't call it a grave, it's the future you chose.


Project JAPC Build Log

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, Enderman said:

this just proves how necessary an antivirus is, not just "common sense"

seemingly safe downloads can have malware or viruses

using common sense will not tell you if there is malware or viruses in the download you trusted

wow man dont speak such nonsense. If common sense wasnt enough why  would so many smart people in the forum recommend it.
 

Hey there. You are looking mighty fine today, have my virtual cookie!  :ph34r:

MY RIG: http://linustechtips.com/main/topic/34911-my-setup-gold-ghetto-gg-lots-of-pictures/#entry446883

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, Enderman said:

this just proves how necessary an antivirus is, not just "common sense"

seemingly safe downloads can have malware or viruses

using common sense will not tell you if there is malware or viruses in the download you trusted

 

I don't think an antivirus would recognize this as a threat as it hadn't yet been identified when it was downloaded.

Intel 4770k@4.6GHz, ASUS ROG Maximus VI Hero, Kingston HyperX Beast 2x8GB 2400MHz CL11, Gigabyte GTX 1070 Gaming, Kingston HyperX 3k 240GB - RAID0 (2x120Gb), 2xWD 1TB (Blue and Green), Corsair H100i, Corsair AX860, CoolerMaster HAF X, ASUS STRIX Tactic pro, Logitech G400S, HyperX Cloud II, Logitech X530, Acer Predator X34.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×