1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any Ubuntu Users Here? Spyware Alert!

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Nov 1, 2014.

  1. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    apparently linux is not as safe as it should be...

     
    Last edited by a moderator: May 18, 2016
  2. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    Much ado about nothing. It has been known since Ubuntu 12 that Ubuntu has spyware. It is also fairly easy to dump it.

    This first command will remove the Amazon shopping spyware:
    Code:
    sudo apt-get remove unity-lens-shopping
    This script will remove all of the known spyware in Ubuntu:
    Code:
    #!/bin/bash
    # remove_evil_ubuntu_quantal.sh
    if [ $(whoami) != "root" ]; then
    echo "You need to run this script as a super user."
    echo "Use 'sudo ./$script_name 2>&1 | tee log.txt' then enter your password when prompted. exorcism results will be logged to log.txt."
    exit 1
    fi
     
    echo "This script is going to remove bizarre spyware and upgrade you to the full Gnome3 environment. You won't be using unity any longer."
    echo "Did you read and understand this code snippet before you tried to run it? (y/n)"
    read REPLY
    if [ $REPLY != "y" ]; then
    echo "Exiting..."
    exit 1
    fi
     
    # Remove evil daemons
    echo "stopping ubuntu one from continually trying to sell you stuff"
    ps -ef|grep ubuntuone |grep -v grep |awk '{print $2}' |xargs kill -9
    echo "stopping unity shopping daemon from giving your data to amazon"
    ps -ef|grep unity-shopping-daemon |grep -v grep |awk '{print $2}' |xargs kill -9
    echo "stopping zeitgeist from giving your data to canonical"
    ps -ef|grep zeitgeist |grep -v grep |awk '{print $2}' |xargs kill -9
    echo "stopping geoip from telling canonical where you are all the time"
    ps -ef|grep geoip |grep -v grep |awk '{print $2}' |xargs kill -9
     
    echo "removing those annoying things that give your personal information to other people and slow your computer down"
    sudo apt-get -y --purge remove zeitgeist
    sudo apt-get -y --purge remove unity-lens-shopping
    sudo apt-get -y --purge remove ubuntuone-client* python-ubuntuone-storage*
    sudo apt-get -y --purge remove rhythmbox-plugin-zeitgeist geoclue geoclue-ubuntu-geoip geoip-database
    sudo apt-get -y autoremove
     
    # Remove evil daemon poop
    echo "removing bunches of sensitive information about you that shouldn't exist"
    rm -rf ~/.local/share/ubuntuone
    rm -rf ~/.cache/ubuntuone
    rm -rf ~/.config/ubuntuone
    rm -rf ~/Ubuntu\ One
    rm -rf ~/.local/share/zeitgeist
     
    # Fixup annoying things
    echo "allowing you to easily see what applications start up when your computer starts"
    export DEBIAN_FRONTEND=noninteractive
    cd /etc/xdg/autostart/
    sudo sed --in-place 's/NoDisplay=true/NoDisplay=false/g' *.desktop
    sudo apt-get -y install jobs-admin
     
    echo "making the time server more resilient and giving canonical less information about you"
    cd /etc/
    sudo sed --in-place 's/ubuntu.pool.ntp.org/pool.ntp.org/g' ntp.conf
    sudo /etc/init.d/ntp restart
     
    echo "Completely switching out unity for gnome3"
    sudo add-apt-repository -y ppa:gnome3-team/gnome3
    sudo apt-get -y update
    sudo apt-get -y install gnome-shell gnome-tweak-tool
    sudo apt-get -y install ubuntu-gnome-desktop ubuntu-gnome-default-settings
    sudo apt-get -y remove ubuntu-settings
    sudo apt-get -y install gnome-documents gnome-boxes
    sudo apt-get -y remove overlay-scrollbar*
     
    echo "choose GDM instead of lightDM in the config menu that follows, press enter when ready"
    read KEY
    sudo dpkg-reconfigure gdm
     
    echo "You want to restart your computer now, so it can be reborn into speedy goodness."
    echo "You should still go into system/privacy when this is done and turn off all the logging and communications settings. We tore out the backend of most of those, but best to have them turned off in config as well."
    read KEY
    You may also use the scripts at https://fixubuntu.com/

    Panic on your part does not justify an emergency on mine.
     
    • Thanks Thanks x 3
    Last edited: Nov 1, 2014
  3. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    i don't currently use ubuntu but i was planning to install it soon. not sure if i will now...
     
  4. ziplack

    ziplack Senior Member

    Joined:
    Feb 18, 2010
    Messages:
    1,193
    Likes Received:
    603
    Location:
    BHW
    ubuntu its one of the more used distros , my wife uses it
    so will apply this fix

    are these bugs/spywares affecting servers or vps instalations?

    thanks for the info
     
  5. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    I would suggest Debian rather than Ubuntu.
     
  6. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    609
    Likes Received:
    451
    It depends. If you have straight server with no graphical or xserver, then no.
     
  7. ItsBlinkHere

    ItsBlinkHere Regular Member

    Joined:
    Apr 27, 2014
    Messages:
    409
    Likes Received:
    150
    Location:
    At Large
    Like it was stated above. Very little work can remove any known spyware or anything else. Its the only system I use in my main workflow. Lol, the only thing I use my windows boxes for is bots.