Where can I look for malware that may have been installed on my machine?
Solution 1:
The objective of malware is to do something. So it will need to communicate with the outside world. So the best approach is to have a look at the network traffic that is occurring on your computer.
I like dnstop utility. Install by sudo apt-get install dnstop
Then run the utility against your network card
sudo dnstop -l 3 eth0
When the utility runs press the 3 key, this will change the screen to display all the dns requests that are made by your computer.
In my case I went to Ubuntu and it tried to access the following
Query Name Count % cum%
-------------------- --------- ------ ------
www.gravatar.com 2 40.0 40.0
askubuntu.com 2 40.0 80.0
ny.stackexchange.com 1 20.0 100.0
This gives me an idea of what web sites were accessed. What you need to do is not do anything and sit back and wait for a while to see what your computer accesses. Then laboriously follow up on all those web sites it accesses.
There are many tools you could use, I thought this was an easy one for you to try out.
Solution 2:
You can never know if your PC is already infected or not. You might be able to tell by listening to the traffic coming from your computer. Below are something that you can do to ensure that your system is OK. Keep in mind that nothing is a 100%.
- Make sure that you don't enable root account
- Make sure that you have the latest security updates as soon as they come out
- Don’t install software that you know you’ll hardly or never use
- Make sure that your system has strong passwords
- Turn off any services or processes that aren't needed
- Install a good AV (if you’ll be dealing a lot with Windows, or maybe an email that may contain a Windows-based virus.)
As far as finding out if you've been hacked; you'll get pop-up ads, redirects to sites you didn't intend to visit, etc.
I would have to say that /sys
/boot
/etc
among others are considered important.
Linux malware can also be detected using memory forensics tools, such as Volatility or Volatility
Also you may want to look at Why do I need anti-virus software?. If you want to install an Anti-virus software I would recommend that you install ClamAV
Solution 3:
You can also try rkhunter
which scans your pc for a lot of common rootkits and trojan horses.
Solution 4:
There are specialized distributions like BackTrack that contain software to analyse situations like yours. Due to the highly specialized nature of these tools there is usually a quite steep learning curve associated with them. But then if this is truly a concern for you, it is time well spent.
Solution 5:
It's obvious to you (for others sake I'll mention it) if your running your system as a VM then your risk potental is limited. Power button fixes thing in that case, Keep programs inside their sandbox (per~se). Strong passwords. Cant say it enough. From an SA view point, it's your first line defence. My rule of thumb, dont go belove 9 charaters, use Specials, and Upper+ Lower case+ Numbers also. It sounds hard right. IT's easy. Example... 'H2O=O18+o16=water'I use chemestry for some intersting passwords. H2O is water, but the O18 and O16 are diffrent Oxygen isotopes, but in the end, there result is water, there fore "H2O=O18+o16=water'.. Strong pasword. Go with it.. Common complaint is remebering it. SO call that computer/server/terminal 'Waterboy' It may help.
Am I nerding out?!?!