LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-12-2009, 02:35 PM   #1
andrea b
LQ Newbie
 
Registered: Sep 2009
Posts: 15

Rep: Reputation: 0
help this newbie! Trojan attack on intrepid ibex?


I am pretty new to Ubuntu (intrepid), finding my way around, practicing clumsily with the command line,reading Keir Thomas...and I may have been complacent about the risk of spyware. I hadn't even installed Mozilla NoScript (till a minute ago!). I've updated faithfully when prompted.

On Firefox a half hour ago, I noticed things a bit...slow. Then a bit 'freezy'. First attributed this to the measly RAM quotient on this 2003 Dell 5100 (which I believe is 256 megs. still not sure where to find system info - that's how new I am!) A Firefox update process required restart of FF, and so I thought it might have been the update process. All of a sudden - a classic case of 'takeover': suddenly, my monitor looks like a Windows machine, showing me my 'My Computer' C drives, 'My Documents', etc, tagged with red warnings, a pop-up tells me I am under attack, do run-don't-walk to this antivirus site, etc. In my panic (I don't yet know the equivalent of CTRL-ALT-DEL) I pulled the plug and the battery to abort.

I had ... downloaded a spreadsheet from the New York Times site on costing out home-buying. Uh-oh! (Actually, I'd assumed I was about to simply open a new tab, not download a document.) Deleted this at the terminal.

So: how to scan for spyware, viruses? Or: is this necessary? How would I know I'm infected? Etc.!

Usually I check forums before posting threads - but I'm pretty rattled!
I use ESET Nod32 on my Windoze machines.

Thanks in advance!
 
Old 09-12-2009, 10:57 PM   #2
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 80
Welcome to LQ.

You probably came across one of those websites that was a conduit for one of those fake Windows anti-malware scanners; here's an example picture.

http://windowsprotection.net/wp-cont...v_fakescan.jpg

The payload is a windows executable and as such will not run on Linux, you just have to close the Firefox web browser in Linux to get rid the fake Windows Desktop.

For an added security measure, you can also clear the Firefox cache.

How to clear the cache
http://support.mozilla.com/en-US/kb/...lear+the+cache

Last edited by bsdunix; 09-12-2009 at 11:12 PM. Reason: Added aditional info
 
Old 09-13-2009, 05:22 AM   #3
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 472Reputation: 472Reputation: 472Reputation: 472Reputation: 472
Welcome to LQ. I have moved your thread over to Linux-Newbie as the Intros forum is just a place to say Hi.
 
Old 09-13-2009, 07:20 AM   #4
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,074

Rep: Reputation: 387Reputation: 387Reputation: 387Reputation: 387
It's just a lame trick from a lame site done by a lame script kiddie. Don't worry about it.

And welcome.
 
Old 09-13-2009, 09:55 AM   #5
pusrob
Member
 
Registered: Jan 2006
Distribution: Gentoo
Posts: 494

Rep: Reputation: 35
First of all, welcome to LQ!
Quote:
Originally Posted by andrea b View Post
still not sure where to find system info - that's how new I am!)
Open a terminal window and run hwinfo --short as root, to get a detailed list of info about your PC.
Quote:
Originally Posted by andrea b View Post
All of a sudden - a classic case of 'takeover': suddenly, my monitor looks like a Windows machine, showing me my 'My Computer' C drives, 'My Documents', etc, tagged with red warnings, a pop-up tells me I am under attack, do run-don't-walk to this antivirus site, etc.
Don't worry. If you see something like this in the future, just remember this: windows will never start suddenly on your linux system (because it just can't). There is only one way to run windows on a linux system, and it is to run it on a virtual machine (using virtualbox for example).
Quote:
Originally Posted by andrea b View Post
In my panic (I don't yet know the equivalent of CTRL-ALT-DEL) I pulled the plug and the battery to abort.
An equivalent should appear when you press the Ctrl+ESC key combination.
Quote:
Originally Posted by andrea b View Post
So: how to scan for spyware, viruses? Or: is this necessary? How would I know I'm infected? Etc.!
You don't need to scan for spyware and viruses. Just make sure you have a proper firewall.

Quote:
Originally Posted by andrea b View Post
Usually I check forums before posting threads - but I'm pretty rattled!
I use ESET Nod32 on my Windoze machines.
Oh yes, antivirus software. If you really really want an antivirus software on you linux (trust me, you don't need one), than you can install avira's antivir. I also have this on my linux box, but with the most basic functions (just scanner and updater, no guard, no gui, no anything else). I only use it for disinfecting removable media, so my (and other's) windows machines won't get infected. Notice that I don't use it for protecting my linux box, but rather for protecting non-linux PCs.
One more thing. If you need good protection for your windows PC, replace NOD32. It is not as good as it was in the past (just check out virus bulletin's test results). Avira's antivir seems to be the best now.
 
Old 09-13-2009, 10:47 AM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Quote:
Oh yes, antivirus software. If you really really want an antivirus software on you linux (trust me, you don't need one)
Perhaps you can take a look at
http://www.linuxquestions.org/questi...ght=anti+virus
or other threads regarding this issue
 
Old 09-13-2009, 11:08 AM   #7
pusrob
Member
 
Registered: Jan 2006
Distribution: Gentoo
Posts: 494

Rep: Reputation: 35
Quote:
Originally Posted by repo View Post
Perhaps you can take a look at
http://www.linuxquestions.org/questi...ght=anti+virus
or other threads regarding this issue
Well, you know, I never told linux can't get infected. I'm completely aware that there are some linux viruses and a linux machine can be attacked. This is why I told "have a proper firewall".
And now let's get back to the antivirus issue. There is still no need to install antivirus software on a linux system, because a linux box will be hacked sooner than it will be infected by a virus.
But thanks for the info.
 
Old 09-13-2009, 11:12 AM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: Slackware®
Posts: 12,899
Blog Entries: 27

Rep: Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186
Hi,

You should still be paranoid with an attack to your GNU/Linux. But this should be for rootkits. You don't want some script kiddie getting hold of your machine to spam others thus causing you future problems with your ISP.

You can look at chkrootkit (Guide to Chkrootkit) or even Tripwire.

Network Security Toolkit (NST v1.8.1) is a LiveCD that is based on Fedora but usable.

The above links and others can be found at 'Slackware-Links'. More than just Slackware® links!
 
Old 09-13-2009, 08:36 PM   #9
andrea b
LQ Newbie
 
Registered: Sep 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Thanks to all for the info - it's most welcome. Even in my panic at the monitor, I was able to repeat the mantra: 'Linux is not Windoze, Linux is not Windoze...' The little spreadsheet I blundered into downloading from the Times site was the vector for this bit of java mischief (as per bsdunix's post; others have reported the same issue). Really enjoying learning Ubuntu basics - feeling sort of like a first-grader with a blunt pencil grinding out "C...A...T...spells cat?!" Again, thanks!
 
Old 09-13-2009, 09:04 PM   #10
lhorace
Member
 
Registered: Aug 2009
Distribution: Fedora
Posts: 126

Rep: Reputation: 21
I had a similar situation and reported a bug to Mozilla and there working on a solution https://bugzilla.mozilla.org/show_bug.cgi?id=61098... One of the things they've mention to me was to disable, Move and Resize windows in, EDIT->PEFERENCE->CONTENT, In the Javascript section, click Advance...
 
Old 09-14-2009, 05:51 AM   #11
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,074

Rep: Reputation: 387Reputation: 387Reputation: 387Reputation: 387
I suggest the use of the NoScript extension if these ads and crap bothers you. Your pages will load faster as well without all these forty-ads-for-page.
 
Old 09-14-2009, 02:06 PM   #12
lhorace
Member
 
Registered: Aug 2009
Distribution: Fedora
Posts: 126

Rep: Reputation: 21
I don't visit does kinda sites, my one experience I accidentally visited the site. However, this site uses Javascript, wouldn't the NoScript extension would disable some of the functionalities on this site? Make it useless?
 
Old 09-14-2009, 03:56 PM   #13
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: Slackware®
Posts: 12,899
Blog Entries: 27

Rep: Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186
Hi,

Quote:
Originally Posted by lhorace View Post
I don't visit does kinda sites, my one experience I accidentally visited the site. However, this site uses Javascript, wouldn't the NoScript extension would disable some of the functionalities on this site? Make it useless?
Look at the NoScript Options for detailed control.
 
Old 09-14-2009, 04:09 PM   #14
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,074

Rep: Reputation: 387Reputation: 387Reputation: 387Reputation: 387
Quote:
Originally Posted by lhorace View Post
I don't visit does kinda sites, my one experience I accidentally visited the site. However, this site uses Javascript, wouldn't the NoScript extension would disable some of the functionalities on this site? Make it useless?
NoScript allows for very fine grained control, but even if you don't want to go too deep, noscript allows you to block stuff coming from one site and allow the others.

The ads and stuff like that usually comes from another place, and it's embedded somehow into many places. This very site has some stuff embedded from googleadservices, googleanalitics and googlesyndication, which is completely useless to me, so I block those whole allowing the stuff coming from LQ itself, which allows me to run this site without a problem.

It's as simple as using a little menú that appears iconized at the bottom right part of the status bar in seamonkey, similar for firefox I'd bet.
 
Old 09-15-2009, 12:13 AM   #15
lhorace
Member
 
Registered: Aug 2009
Distribution: Fedora
Posts: 126

Rep: Reputation: 21
Thanks y'all for that extra info, I think I tried a similar product on windows with firefox, but my experience with that wasn't too good... I'm installing it now and mess around with it....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Application problems with Intrepid Ibex UnderINK Linux - Newbie 1 05-30-2009 03:07 PM
PDF production in Intrepid Ibex Steve W Ubuntu 30 03-09-2009 05:22 PM
Ubuntu Intrepid Ibex sponzyparadox Linux - Newbie 6 02-09-2009 10:09 PM
okular in Ubuntu Intrepid Ibex Peter Shepard Ubuntu 1 01-06-2009 11:34 AM
Splashscreen on Ubuntu Intrepid Ibex tm2383 Ubuntu 3 12-10-2008 05:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration