-1

I need your help. Today I found (using wireshark) many requests are being thrown from my system to some other system and vice-versa. When I did the reverse DNS then I found it is AMAZONAWS malware.

Can any one please give me solution on how to tackle it.

Need Help Thanks

voila
  • 101
  • 1
  • 1
    Really did the reverse DNS lookup tell you it was a malware? Shame on the malware authors! – Andrea Corbellini Oct 20 '13 at 17:55
  • @AndreaCorbellini : When I tried reverse-dns then I found above domain and after google search it turn out to be malware .. I don't know what happens . Well I also found that UbuntuOne use some AmazonAWS services so thats why I am seeing it in wireshark then I uninstall ubuntuOne also – voila Oct 20 '13 at 18:29

2 Answers2

0

Without knowing the ports and protocols being used, I would say it is probably one of the Ubuntu mirrors used for updating your system. Upon logging in for the first time in any given day, the system looks up how many packages need updating. This could be the source. The reverse DNS lookup, if using Amazon servers, will be different than the forward lookup.

What was the port and protocols being used?

grover66
  • 71
  • Hello port = 4502 and protocol was something TCP Secure .. I can guess TCPVLS .. kind of – voila Oct 18 '13 at 17:23
0

Antivirus in Linux are very efficient since there aren't much viruses/malware around.
Run sudo apt-get install clamav in a console (xterm is fine) to install Clam Antivirus.
After that, run it and do a full system scan to be sure that no malware infected you system; run it as root using sudo only if it requires more privileges.
Remember that Linux isn't invulnerable and can be infected like any other modern OS if isn't always updated and well configured.
I think that your PC is healthy, but a check isn't bad, don't you agree?
Comment here if you still have problems.

Lorenzo Ancora
  • 3,140
  • Yes I am scanning my computer with clamav. Let see :) – voila Oct 18 '13 at 18:18
  • Any news? You can be useful to other users. – Lorenzo Ancora Oct 20 '13 at 12:08
  • Not much, I found two infected files but I think not related to above issue. I am not sure what was the problem. But now working fine .. – voila Oct 20 '13 at 13:42
  • Two infected files means a big problem in Linux! SUGGESTION: remove them (after checking if they are system files) and install a graphical firewall config tool (like firestarter): it will reconfigure iptables and fix any "open port rule" left by the malware/worm at your will without touching the console. If you need help with the firewall ask here or open a new thread. :) – Lorenzo Ancora Oct 20 '13 at 14:10
  • 1
    Well I have learnt that UbuntuOne using AmazonAWS services(KindOf) so I uninstall ubuntuOne also. – voila Oct 20 '13 at 18:30
  • I voted up your comment because it can be useful in the future. – Lorenzo Ancora Oct 21 '13 at 13:57