[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suspicious post [was: Problème d'installation]

	Hi.

On Tue, Sep 03, 2019 at 06:00:08PM -0700, Thomas D. Dean wrote:
> On 9/3/19 1:55 PM, Reco wrote:
> > 	Hi.
> > 
> > On Tue, Sep 03, 2019 at 09:18:43AM +0200, tomas@tuxteam.de wrote:
> > > On Mon, Sep 02, 2019 at 11:50:12PM +0200, Siard wrote:
> > > 
> > > [...]
> > > 
> > > > Suspicious post, nevertheless.  Strange e-mail address, strange name,
> > > > and... the .tar.xz file appears to contain an executable??
> > > 
> > > Yikes. You're right:
> > > 
> > >    cv2019s: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV) [...]
> > > 
> > > So kids, don't double-click on that (unless your architecture is
> > > different from x86-64 and you haven't installed binfmt-support,
> > > that is ;-)
> > > 
> > > I haven't put much time into it, but running "strings" on it suggests
> > > that it's trying to do strange stuff:
> > 
> > This picked my interest, so I ran a decompiler on a thing.
> > Seems harmless enough - it downloads Debian libc.deb, prints OK and
> > tries to install it via dpkg.
> 
> Where does it download libc from?  You said Debian, but, does that mean from an official site?

An official German mirror:

http://ftp.de.debian.org/debian/pool/main/g/glibc/libc6_2.28-10_amd64.deb

Reco
Reply to: