The team of Linux Mint revealed today that their website was violated and that the Linux Mint ISO images that were distributed from the official 20 2016 website on February XNUMX are unsafe.
According to an article in their blog, the invasion took place on February 20 and was located a bit later. OR official website of Linux Mint is out of function at the time you write this article.
This means that the attackers only had a limited timeframe in which they would be able to distribute falsified ISO images.
The attackers managed to break the website and put the download links under control, which means that one of the company's servers offered dangerous ISO images of Linux Mint.
The research team, after checking for dangerous distributors, found that the violated version contains a backdoor linked to a website hosted in Bulgaria.
They also found that only downloads of Linux Mint 17.3 Cinnamon seem to have been affected by hacking.
What's interesting here is that torrent links are not affected, only direct links to the Linux Mint site are vulnerable.
The reason is simple; Popular torrents are distributed by various seeders around the world in continuous circulation resulting in the hackers not being able to manipulate the data, i.e. replace it with a hacked image.
If you downloaded Linux Mint on February 20 from the official website using direct links, or even earlier than February 20 and you want to make sure it is clean then you have the following options.
If you still have the ISO image available, you can check its signature to make sure it is valid. If you run Linux, use md5sum nameofiso.iso, for example md5sum linuxmint-17.3-cinnamon-64bit.iso
Windows users can use a program like this RekSFV or File Verifier to control the image they have in their hands.
The ISO image is clean if the signature matches one of the following:
6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso 30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso 3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso
You can also control the network traffic if you no longer have access to the ISO image because you may have deleted it. The dangerous version of Linux Mint 17.3 is linking to the site absentvodka.com (this may change, so check for any links that do not match your traffic).
Obviously, if you downloaded the ISO image just yesterday, you can download a legitimate ISO back from the official site by using link torrents, delete the old installation, format and install the new one.
This ensures that your system is clean and has no backdoor.
The two main torrent files you may be interested in are:
