|
Is Opera now compromised?
Hello,
I'm running SW 12.1 fully updated with Slackpkg on my desktop. Opera is Opera/9.51 (X11; Linux i686; U; en). While searching for a linux laptop at the new www.cuil.com search engine, I ran into a problem following the links. I came across a site that executed some javascript on my pc and informed me of all the virii I had installed on my "C Drive." When I decline the scan, including just clicking the "X", it performs a scan anyhow. It informs me that I am infected with: Spyware.IEMonster.b Zlob.PornAdvertiser.Xplisit Trojan.InfoStealerBanker.s Before going to this site, the referring page at cuil.com had hard-core porn images at the bottom of the page. It also knew my general area as I was offered the ability to meet these local women. It ID'ed my OS as Linux and said something about getting the info from my browser. (I haven't been able to repeat this part.) I realize that Windows virii don't work on Linux. Nonetheless, am I compromised? How do I tell if Opera is compromised? Is it now hijacked? Any advice? PLEASE USE EXTREME CAUTION IF YOU GO TO THESE SITES!!! (Removed links ) Thanks, -Joe G. |
Nah, that's just an attempted spyware app written in flash that claims to have found infections, but in reality there aren't any. If you're running a Windows machine, you shouldn't click on it. However, you're running Slackware, so there's nothing to be worried about.
As for your location, that is normal as well. When your browser sends out for a request, it sends an IP address (which in turn is linked to whomever is your local ISP. The city & state are referenced this way, which is why the "find women app" puts down the city you live or are close by). The browser also tells it rendering engine and what OS it runs. This is to check for compatibility issues for websites and to compile statistics. That is why sites like danasoft.com are able to tell you all of this information. So in short, nothing has been compromised. If you're looking for linux laptops, try looking at vendors that pre-install linux. That way, you can wipe out whatever's installed and still have linux hardware compatibility. (like some Dell laptops). |
The linuxquestions.org web-site now appears different in Opera. The far left column no longer shows icons and has blown up to be extremely big. I don't know if this means anything. Btw, I'm writing this from SeaMonkey.:)
|
Thank you angryfirelord :)
Just to be safe, though... I'm switching back to SeaMonkey with NoScript. -Joe |
If there was some monkey business it may be contained in your opera sandbox. You might try deleting the ~/.opera hidden directory and try running opera again. Also you might think about having your computer clear out /tmp when you power down. That is one globally writable directory that a java or javascript script might have access to, perhaps indirectly via a symbolic link to a directory created by opera. Maybe not, but you will be cleaning up a bit which can't hurt.
The site you found told you you have a windows virus in a location that only exists in windows. That should tell you that the test is phony and everyone gets this message. They are either spammers trying to get your email address, or are trying to sell you a phony virus scanner that may contain viruses to control your computer remotely (to send more spam). |
Hi jschiwal!
I didn't think it would be a problem. I had /etc/rc.d/rc.firewall set up as indicated in the "Slackware Essentials" book. Even though Linux is very secure, perfection doesn't exist in this life. I thought it best to ask. I deleted everything in /tmp as root and rebooted. (I'm saving ~/.opera because there are some old emails I may want to retrieve some day.) Now, I'm back to SeaMonkey. Thanks for the advice jschiwal and angryfirelord. -Joe G |
No need to delete anything - during the so called scan there was zero network activity. It is just a flash video which will tell each and every one that he is infected with virii that they make you download after the "scan".
The popup is not real - and it does not take user input but a click anywhere always results in a question to download the file - which does not make the alert go away. It is written to scare you and install malware. The referring page does not contain even one useful link - each of the links (whos name and number varies) points to the exact same location. The rest is only sex-ads and offers to make small di**s larger - that is enough proof for me - I would'nt even go anywhere through that page. You should however remove the links you posted - there are people browsing this forum from windows machines - they _could_ actually be harmed if they are careless enough. [edit] everything that "search-site" finds (it does not find, because it does not even search) points to that scam page. Please remove your links to that filthy site. |
Thank you, jomen!
I did as you suggested and removed the links. Thanks, -Joe :) |
Thank you!
|
Quote:
Hi jomen, Do you mean that the cuil site is bogus or hacked? According to the Wikipedia: Quote:
Or, do you mean one of the pages cuil referred me to? Thanks, -Joe |
You had two links here:
- one link pointed to the actual target which tried to tell you that it was scanning your machine (and - of course - came up with the result that you where vulnerable or infected - I don't even remember now) - the other pointed to the "search site" (vistasearch ... or something) which - regardless for what you "searched" - always came up with some different looking descriptions/results - but the links to those results _always_ pointed to ...tadaa... the same (the first) site. Try it - all results will always point to the very same site. the message you get from each and every link from there was this: Quote:
Now... I don't know nothing about whether or not the Quote:
Not knowing anything about it: I doubt that it it would be suspicious - Google (or any other search engine) could have lead you to the questionable links (vistasearch) too, for all I know... :twocents: Therefore: you may continue to feel Quote:
just keep your eyes open for where the links want to take you - in firefox you see that at the bottom of the browser-window when you move the mouse cursor over the link |
I read something about porn sites being returned due to "filesystem error".
|
hmm?
vistasearch dot com - see for yourself and if you did - ...they may customize what you see on ...whatever... criteria. I see naked ... and a side bar filled with links to v**gra and di** enlargements - I may have been browsing the wrong sites before (if they somehow evaluate my cookies...) ;) |
I emailed cuil about this. They asked me to forward the bad links their search engine returned. The response from them said that their system engineers are working on trying to eliminate this junk.
Thanks for the help. -Joe |
Similar happened to me in Firefox last week
I was looking at stock photos. One site, I don't remember which, closed the Firefox window and opened the warning window with a download progrss bar. I logged out of KDE, then started KDE again. No negative effects are evident -- but I've gotten off my butt to finish putting together a faster new machine I've had parts for for awhile.
|
| All times are GMT -5. The time now is 11:32 AM. |