jtd wrote:
Besides sourceforge and similiar repos dont care whats on the server. You have to do the verification by checking the sigs. Debian uses md5 hashes in a Release file and gpg for sigining the Release file. u can therfore be reasonably sure that what u download is ok. Similiar schemes should exist for other distros too.
This virus does not reach the stage of executing after download. As soon as you click on the download link, instead of the file download beginning, the system goes into a reboot. It has got infected. On reboot, it brings in the bigger payload which causes irreversible damage as it reboots everytime an admin command is run. If the net is shut off just before the system boots again, the bigger payload is kept away and the system can be restored to an earlier clean period. This is something very recent so I was wondering if there has been some major attack on the web servers.
Why does Linux save a .exe file as .exe.bin in the vfat partition when downloading directly from Firefox? Is that an indication of the attacks or is it normal?