Malware? Don’t jump to conclusions!

Tonight I had a bit of a scare thanks to jumping to conclusions from the first Google result.  I thought it might be a good idea to drop a reminder here to take a step back and remember that .bash_history is a thing.

While I was inspecting /etc/passwd on a new Ubuntu server to confirm a home directory, I noticed a new line at the bottom I had never seen.


What the heck is that?  Searching Google brought me to this: specifically

Crap.  This was a relatively new install, did it already get owned?  I didn’t see any suspicious processes running or notice any slowdowns.  Do I need to re-image this machine?  How did it happen?  WHAT happened?

Running apt search uml confirmed it was actually installed.

Wait, did I install it myself?

A search in .bash_history revealed that yes, I installed it as a prerequisite while following the guide at a few nights back.  False alarm.

Leave a Reply