0

I had been noticing strange behavior and logs on my ubuntu machine.

I recently installed Ubuntu from a USB. I set the installation to write over blank space, and used LVM/LUKS encryption. I setup the UFW to default deny all incoming and allow all outgoing. I also allowed incoming 443/tcp and 80/tcp.

The first thing I did was install chkrootkit.

It reported that I had a possible infection of Linux/Ebury Windigo. I looked it up and read its history here -> http://www.webopedia.com/TERM/O/operation-windigo.html

Can anyone explain how an installation from a checksummed ubuntu 16.04 ISO can result in instant rootkit infection? Do I have a hidden partition on my drive? Has my bios been compromised? I did notice the system time was changed in the OS AND BIOS which led to this reinstallation.

I'm Root James
  • 255
  • 3
  • 8
  • 1
    There were apparently some false positives for this problem - you might check the procedures in [https://askubuntu.com/questions/709545/chkrootkit-says-searching-for-linux-ebury-operation-windigo-ssh-possible-l](https://askubuntu.com/questions/709545/chkrootkit-says-searching-for-linux-ebury-operation-windigo-ssh-possible-l) – Charles Green Oct 05 '17 at 15:58
  • Yeah, it's probably the BIOS. Replace the motherboard. – mikewhatever Oct 05 '17 at 19:13

0 Answers0