Hey all

Just a tad worried here; was playing with blender, downloaded a blender file that came as a .zip.

As Ark extracted it, it didnt show up (it was hidden by default) I'm just wondering if this is behavior I should be worried about...

Even if it was malicious, if you downloaded it as a user, it won't have acquired any permissions to do anything to your system, only to things in /home/<user>

Note that also, Ark won't execute anything by default.

john_hudson wrote:Even if it was malicious, if you downloaded it as a user, it won't have acquired any permissions to do anything to your system, only to things in /home/<user>

Which, to be honest, isn't much of a comfort. IF something malicious was downloaded to my system (assuming I had no backup), I'd be most concerned about whatever is in my /home. The system can, if worst comes to worst, always be re-installed. If something wipes out my /home, it could easily be a disaster.

Maybe....I'm not entirely sure...let me walk you through what happened;

I went to a large blender community site and downloaded a male model. I told Ark to extract it and autodetect...nothing, I then told it to just extract here....the file did not show until I checked the 'show hidden files' button. I've never heard of a .zip being extracted into a hidden file...

If the name of the extracted file starts with a dot (.), it'll be hidden. Nothing malicious here.

However, if you execute the file, it's possible that it'll do something harmful (possible as in 'it's not completely impossible').

Uh - Dante Ashton - would that be the Blender Model Repository?
If it is, let me know exactly which model it was.

I'm not sure, acutally. I remember going to that site and another...I think it was the other that I got it from...all the others are coming down as blend files, instead of that .zip

Think I'm going to reinstall, just to play it safe.

I don't get what the problem is - if you haven't executed the file, there should be nothing to worry about right? Just because it's hidden doesn't mean it's malicious.

What kind of file is it? Did you try to open it in Blender?

Even if that file was harmful, it should only affect your home directory as pointed out by others in this topic (unless you have messed permission settings). Instead of reinstalling everything, you could just start a new user. (Well, personally I think that's a waste of time as well.. )

Dante Ashton wrote:Think I'm going to reinstall, just to play it safe.

Don't. Formating and reinstalling OS is bad habit from windows and the worst thing when you trying to fix your OS.

As my predecessors said: if you haven't run those files (as executables) than nothing bad can happen. Just delete them and don't worry about it.

Do a:

Code: Select all

zip -sf suspicious.zip

and it will show you the list of all the files inside the archive. You can then delete them if they are not what you expected them to be.

Maybe so, but I have neiteher the time nor the paitance to deal with it; it's faster for me just to reinstall and reupload my backup onto the system, rather then have second thoughts about doing some banking through a machine I feel might be compromised.

...and what are you going to do with the files in your directory into which you extracted the suspicious files?

Purge. Then Purge again. Then purge the purging program!

Seriously, I get a little paranoid when it comes to security...

Anything that requires execution in your home folder will require the a chmod to allow the file to execute (if it is a shell script, or binary), therefore check for any attributes with the executable flag set (you could use locate from the shell) or use find by date. If there are none then you are ok.

In addition check nestat - a malicious script/program as a trojan, will have to download it's payload from an external source (usually ftp, or http using wget),

If you really are that paranoid, check out AppArmour - and generate some profiles for the applications you use - it really is very flexible - O and make ping, wget only executable by elevated priviledges (and perhaps block ftp at your firewall).

I think thats covered it - to be honest the best method is to be careful and only use trusted sources.