Linux Mint website hacked, ISO downloads replaced with backdoored

[OutHouse]

FYI


http://www.pcworld.com/article/3035...side-a-compromised-version-of-linux-mint.html

If you downloaded Linux Mint on Saturday, February 20th, you may have unknowingly downloaded a hacked version of the operating system.

According to a blog post on the Linux Mint site, hackers broke into the Linux Mint website at some point on Saturday and made changes in order to direct users toward downloading “a modified Linux Mint ISO, with a backdoor in it.” Using the hacked version could allow hackers to steal your private information. According to Linux Mint, the hack only affects those who downloaded the Linux Mint 17.3 Cinnamon edition from the Linux Mint website on Saturday.

 

[Elixer]

Thread about this is here: http://forums.anandtech.com/showthread.php?t=2464731

 

[Justinbaileyman]

Dont know if its only Linux Mint but I just did a fresh install of Ubuntu mate 15.04 64bit and Avast is reporting "Mr Black" Trojan Infection/back door in 2 locations on my OS Partition. Avast Cannot contain nor destroy said virus. Please watch out those who have this installed.

 

[master_shake_]

who is backdooring linux?

i got a copy of ubuntu off bitorrent... 15.04 64-bit i wonder if it was tampered with?

 

[quikah]

who is backdooring linux?

i got a copy of ubuntu off bitorrent... 15.04 64-bit i wonder if it was tampered with?

Who is writing any malware? Same people I would guess.

it would probably be best to stick to official distribution channels for your distro of choice and keep an eye on their website for updates.

 

[TeknoBug]

Same thing happened to Razerzone a few years ago, I had to redownload drivers for my Deathaddr at the time and ended up downloading the replaced version then realized I had copies of drivers I needed on a backup HDD.

Looks like Mint 17.3 Cinnamon is the only affected one? I have 17.3 KDE edition.

 

[quikah]

Same thing happened to Razerzone a few years ago, I had to redownload drivers for my Deathaddr at the time and ended up downloading the replaced version then realized I had copies of drivers I needed on a backup HDD.

Looks like Mint 17.3 Cinnamon is the only affected one? I have 17.3 KDE edition.

What I understand it is only cinnamon downloaded on that day. Best to just download again from mint official distribution site if you have it to be sure.

 

[Art&Science]

$100 says the FBI was behind it... we know they hate security.

 

[Art&Science]

who is backdooring linux?

i got a copy of ubuntu off bitorrent... 15.04 64-bit i wonder if it was tampered with?

Why would you BT a linux ISO when you can just go to the official site and download it directly?

 

[Justinbaileyman]

Maybe he has connection issues or he's got slow download speeds? Any ways, I not only found that Mr Black back door in Ubuntu Mate 64 15.04 but Also in Ubuntu 64 15.04,15.10,and the new 16.04 daily build. I did a full system scan with Avast and not even 5 mins into the scan it popped up.It cannot be deleted or moved to the Quarantine Chest. Using Admin/ Sudo Super User only locks up the entire system and Causes me to have to Hard Reboot.Its not a false report either, many prople are reporting The MrBlack back door but Ubuntu just wont listen and keeps trying to play it off.Just be careful guys if you are using Ubuntu 15.04 and later.

 

[Essence_of_War]

Why would you BT a linux ISO when you can just go to the official site and download it directly?

You want to be nice to the distro servers. DL'ing directly from them costs bandwidth, if many people who want the same ISO can torrent it from other users, you can greatly reduce the cost incurred to bandwidth on the distro servers.

 

[Essence_of_War]

did a full system scan with Avast and not even 5 mins into the scan it popped up.It cannot be deleted or moved to the Quarantine Chest. Using Admin/ Sudo Super User only locks up the entire system and Causes me to have to Hard Reboot.Its not a false report either, many prople are reporting The MrBlack back door but Ubuntu just wont listen and keeps trying to play it off.Just be careful guys if you are using Ubuntu 15.04 and later.

This seems more likely to be an avast false positive.

 

[Justinbaileyman]

It shows up in Clam Anti Virus As well.. This is the Exact name of the infection.
ELF:MrBlack-B [Trj]) and ELF:MrBlack-AN [Trj])
Besides false positives dont hard lock entire systems..

 

[Art&Science]

You want to be nice to the distro servers. DL'ing directly from them costs bandwidth, if many people who want the same ISO can torrent it from other users, you can greatly reduce the cost incurred to bandwidth on the distro servers.

Meh... most of these are hosted by public universities which are funded with tax dollars, I don't feel bad at all. LOL

 

[Essence_of_War]

Meh... most of these are hosted by public universities which are funded with tax dollars, I don't feel bad at all. LOL

No one said you have to feel bad, or even that you should feel bad. Some people choose to use bittorrent to crowd-source bandwidth to help distros save costs. You can choose to participate or not participate in that if you'd like.

 

[Art&Science]

No one said you have to feel bad, or even that you should feel bad. Some people choose to use bittorrent to crowd-source bandwidth to help distros save costs. You can choose to participate or not participate in that if you'd like.

That was the point. The ISOs stored in public institutions do not charge the distro for bandwidth.

It's up to you if you want to BT it or not, for me seems silly (and not necessarily safe). Of course, as this instance has proven - the source might not be safe either.

 

[lxskllr]

That was the point. The ISOs stored in public institutions do not charge the distro for bandwidth.

It's up to you if you want to BT it or not, for me seems silly (and not necessarily safe). Of course, as this instance has proven - the source might not be safe either.

You were given a world class o/s gratis, and seeding a torrent is a trivial way to give back if you can't contribute something of greater substance(code, documentation, money...).

There's nothing unsafe about bittorrent. If the original seed was valid, the torrent won't be corrupt. All things being equal, a torrent will be safer than a http download, and it distributes bandwidth. Everything is better decentralized, and I use bittorrent whenever practical.

 

[postmortemIA]

You were given a world class o/s gratis, and seeding a torrent is a trivial way to give back if you can't contribute something of greater substance(code, documentation, money...).

There's nothing unsafe about bittorrent. If the original seed was valid, the torrent won't be corrupt. All things being equal, a torrent will be safer than a http download, and it distributes bandwidth. Everything is better decentralized, and I use bittorrent whenever practical.

You've forgotten to mention one thing - torrent will use your upload bandwidth.
A lot.

I wouldn't call world class OS that has about 2% world wide usage.

 

[lxskllr]

You've forgotten to mention one thing - torrent will use your upload bandwidth.
A lot.

I wouldn't call world class OS that has about 2% world wide usage.

I wouldn't torrent over a cell connection, and it'll use as much, or as little as bandwidth as you allow.

The linux kernel dominates computing. The only place it isn't leading or competitive is on the desktop. Aside from that, popularity isn't an indication of quality. If that were the case, tv would be better than it is ;^)

 

[postmortemIA]

I wouldn't torrent over a cell connection, and it'll use as much, or as little as bandwidth as you allow.

The linux kernel dominates computing. The only place it isn't leading or competitive is on the desktop. Aside from that, popularity isn't an indication of quality. If that were the case, tv would be better than it is ;^)

Let's not mix Linux kernel, a project where one strong person (and his followers) pulls all strings in one direction; and Linux OS, where agendas of different people pull strings in various directions.

 

[lxskllr]

Let's not mix Linux kernel, a project where one strong person (and his followers) pulls all strings in one direction; and Linux OS, where agendas of different people pull strings in various directions.

There is no Linux O/S. Linux is a kernel only, which gets used in various applications.

 

[Essence_of_War]

I wouldn't call world class OS that has about 2% world wide usage.

Desktops and laptops are the not the only measure of computing usage.

Linux Distros and BSD make up a big chunk of public web servers, custom distros are overwhelming majority of HPC/supercomputers, android is a mobile and embedded monster, Red Hat and SUSE are even big players on mainframes.

 

[sweenish]

This is an appropriate welcome to desktop distros as they become more mainstream.

 

[VirtualLarry]

My understanding is that BitTorrent is basically impossible to MITM replace the file wholesale, due to DHT and such. So it's really safer than an HTTP download.

That being said, one of my BT Linux Mint KDE 64-bit torrents, is giving an error, the tracker says "forbidden". Which seems weird, I got the torrent from the official site.

Any explanation for why that might be? All my other Mint torrents report OK.