Downloaded Linux iso distro file with vulnerabilities
by hexaferrum from LinuxQuestions.org on (#5KKP6)
Hello world!
Weeks ago, I downloaded the newest version of Kali Linux distribution https://cdimage.kali.org/kali-2021.2...ller-amd64.iso to a cloud directory in the Windows 10 operating system. Burned the iso image into a DVD and later installed the distribution within the hypervisor for a virtual machine.
When I was done with the installation, I deleted the iso file from the cloud storage, which was difficult to delete from the graphic interface window. Then, I used the command line, navigated up to the target directory, and delete the whole directory.
After that, I reviewed the recycle bin to see that it was empty.
Randomly days later, I ran a vulnerability scanner within Windows, Microsoft Defender. Selected to run the full scan option.
The program found malware on the PC. The strange thing was that the file was not easily visible. It was in a hidden directory called $Recycle.bin.
I used the windows safe mode booting and the command line to delete the file.
I skipped a part, and you might ask why he used safe mode booting and command line to delete the file?
Microsoft Defender was unable to remove the malware detected, even with command-line execution with administrative privileges.
After deleting the file in safe mode and returning to the normal Windows booting, I reran a full system scan with Microsoft Defender. No threats found! Success!
Concerned that I could not deobfuscate the detected threats, I verified that other antivirus and malware scanners check the system before the file deletion. The other antivirus did not detect the reported threat by Windows Defender.
The following are modified snapshots of the malware detected.
Quote:
Quote:
Quote:
Quote:
Quote:
For your answers, comments, feedback, I appreciate you.
Thanks,
Weeks ago, I downloaded the newest version of Kali Linux distribution https://cdimage.kali.org/kali-2021.2...ller-amd64.iso to a cloud directory in the Windows 10 operating system. Burned the iso image into a DVD and later installed the distribution within the hypervisor for a virtual machine.
When I was done with the installation, I deleted the iso file from the cloud storage, which was difficult to delete from the graphic interface window. Then, I used the command line, navigated up to the target directory, and delete the whole directory.
After that, I reviewed the recycle bin to see that it was empty.
Randomly days later, I ran a vulnerability scanner within Windows, Microsoft Defender. Selected to run the full scan option.
The program found malware on the PC. The strange thing was that the file was not easily visible. It was in a hidden directory called $Recycle.bin.
I used the windows safe mode booting and the command line to delete the file.
I skipped a part, and you might ask why he used safe mode booting and command line to delete the file?
Microsoft Defender was unable to remove the malware detected, even with command-line execution with administrative privileges.
After deleting the file in safe mode and returning to the normal Windows booting, I reran a full system scan with Microsoft Defender. No threats found! Success!
Concerned that I could not deobfuscate the detected threats, I verified that other antivirus and malware scanners check the system before the file deletion. The other antivirus did not detect the reported threat by Windows Defender.
The following are modified snapshots of the malware detected.
Quote:
| ------------------------------------------------------------------------- TrojanDropper:PowerShell/Cobacis.B containerfile: C:\Users\OneDrive - Bellevue University\Documents\KaliLinux\kali-linux-2021.2-installer-amd64.iso file: C:\Users\OneDrive\Documents\KaliLinux\kali-linux-2021.2-installer-amd64.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.45-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-powershell-0.1.90/data/templates/to_mem_rc4.ps1.template -------------------------------------------------------------------------- |
| ------------------------------------------------------------------------- Exploit:HTML/IFrameBO.gen containerfile: C:\$Recycle.Bin\$R3438UV.iso file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\e\exploitdb\exploitdb_20210206-0kali1_all.deb->data.tar.xz->(xz)->./usr/share/exploitdb/exploits/windows/remote/612.html->(IframeBO) -------------------------------------------------------------------------- |
| -------------------------------------------------------------------------- Exploit:SWF/CVE-2015-5122 containerfile: C:\$Recycle.Bin\$R3438UV.iso file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2015-5122/msf.swf -------------------------------------------------------------------------- |
| -------------------------------------------------------------------------- Exploit:Win32/CVE-2010-0822 containerfile: C:\$Recycle.Bin\$R3438UV.iso file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2010-0822.xls -------------------------------------------------------------------------- |
| -------------------------------------------------------------------------- Exploit:Java/CVE-2012-1723 containerfile: C:\$Recycle.Bin\$R3438UV.iso file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2008-5353.jar->msf/x/PayloadX.class file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2012-1723.jar->cve1723/Attacker.class file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2012-1723.jar->cve1723/Confuser.class file: C:\$Recycle.Bin\$R3438UV.iso->pool\main\m\metasploit-framework\metasploit-framework_6.0.30-0kali1_amd64.deb->data.tar.xz->(xz)->./usr/share/metasploit-framework/data/exploits/CVE-2012-1723.jar->cve1723/ConfusingClassLoader.class -------------------------------------------------------------------------- |
- Do you know why the distribution produces the malware results?
- Should I be concerned about the system security state after the actions performed?
- Have you come across the same issue?
- What is your takeaway from this post?
- Can you recommend something else?
For your answers, comments, feedback, I appreciate you.
Thanks,