My fellow penguins,
I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”
It’s getting old now.
I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.
Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.
Thank you in advance. LOLseas
There are a lot of ways that the attacker could persist… maybe try a different distro, just to see if it stops? What did you redownload/install when you did your wipe? Do you have any computers on the network besides yours?
Obviously worst case for ‘persisting’ would be your hardware. Do you have a friend who can plug in or connect to your internet and see if they get the same blocked requests? Maybe try a different router/modem.
QubesOS is looking mighty nice, if only I wasn’t a gamer and had another GPU to dedicate to the VM’s/qubes (dom0 is the baseline qube/VM, and it hijacks the GPU for itself).
I redownloaded Debian Bookworm and checked the hash, it validated. So I reinstalled with that iso from the official website.
I swapped hardware, figuring it stemmed from a SecureBoot Key ransom against MSI not too long ago. So I swapped out an MSI X570s Edge Max mobo for an Asus ROG Crosshair VIII Dark Hero. Issues came back.
There’s the https://en.wikipedia.org/wiki/Sinkclose vulnerability which afaiu could compromise the CPU itself. Haven’t heard about it being actually exploited, but who knows.