Where can I look for malware that may have been installed on my machine?

security boot malware

Solution 1:

The objective of malware is to do something. So it will need to communicate with the outside world. So the best approach is to have a look at the network traffic that is occurring on your computer.

I like dnstop utility. Install by sudo apt-get install dnstop

Then run the utility against your network card 

sudo dnstop -l 3 eth0

When the utility runs press the 3 key, this will change the screen to display all the dns requests that are made by your computer.

In my case I went to Ubuntu and it tried to access the following

Query Name               Count      %   cum%
-------------------- --------- ------ ------
www.gravatar.com             2   40.0   40.0
askubuntu.com                2   40.0   80.0
ny.stackexchange.com         1   20.0  100.0

This gives me an idea of what web sites were accessed. What you need to do is not do anything and sit back and wait for a while to see what your computer accesses. Then laboriously follow up on all those web sites it accesses.

There are many tools you could use, I thought this was an easy one for you to try out.

Solution 2:

You can never know if your PC is already infected or not. You might be able to tell by listening to the traffic coming from your computer. Below are something that you can do to ensure that your system is OK. Keep in mind that nothing is a 100%.

  • Make sure that you don't enable root account
  • Make sure that you have the latest security updates as soon as they come out
  • Don’t install software that you know you’ll hardly or never use
  • Make sure that your system has strong passwords
  • Turn off any services or processes that aren't needed
  • Install a good AV (if you’ll be dealing a lot with Windows, or maybe an email that may contain a Windows-based virus.)

As far as finding out if you've been hacked; you'll get pop-up ads, redirects to sites you didn't intend to visit, etc.

I would have to say that /sys /boot /etc among others are considered important.

Linux malware can also be detected using memory forensics tools, such as Volatility or Volatility

Also you may want to look at Why do I need anti-virus software?. If you want to install an Anti-virus software I would recommend that you install ClamAV

Solution 3:

You can also try rkhunter which scans your pc for a lot of common rootkits and trojan horses.

Solution 4:

There are specialized distributions like BackTrack that contain software to analyse situations like yours. Due to the highly specialized nature of these tools there is usually a quite steep learning curve associated with them. But then if this is truly a concern for you, it is time well spent.

Solution 5:

It's obvious to you (for others sake I'll mention it) if your running your system as a VM then your risk potental is limited. Power button fixes thing in that case, Keep programs inside their sandbox (per~se). Strong passwords. Cant say it enough. From an SA view point, it's your first line defence. My rule of thumb, dont go belove 9 charaters, use Specials, and Upper+ Lower case+ Numbers also. It sounds hard right. IT's easy. Example... 'H2O=O18+o16=water'I use chemestry for some intersting passwords. H2O is water, but the O18 and O16 are diffrent Oxygen isotopes, but in the end, there result is water, there fore "H2O=O18+o16=water'.. Strong pasword. Go with it.. Common complaint is remebering it. SO call that computer/server/terminal 'Waterboy' It may help.

Am I nerding out?!?!

Related

How to install Google Earth on Ubuntu?
How to disable auto-startup of Microsoft Teams in Ubuntu?
How do I switch to another language?
Is there a tool to update my PPA sources.list entries after upgrading?
Mounting Samba share whenever it's available, unmounting when it's not
How can I install gstreamer 1.0 in Ubuntu 12.04?
gtk-key-theme Emacs: what keystroke is for select-all?
What is the default root password when was never set at installation time? [duplicate]
How to install 'wget' on Ubuntu 14.04?
Map caps-lock to control on Ubuntu 17.10
How to program a status icon that will display in Ubuntu as well as in other distributions?
Saving deb files from repositories to a custom location for installing offline [duplicate]