LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2006, 05:53 PM   #1
MikeNorth
LQ Newbie
 
Registered: Jun 2006
Posts: 1

Rep: Reputation: 0
Question Simular Problems


//moderator note: posts pruned from Linux Spyware. Please do NOT revive stale threads.


I just wanted to jump in and note that I am also having some of the problems
that BajaNick is suggesting. When surfing i am now getting a lot of specific adds
with my city etc. This has happened after a sudden surge in junk emails. (20-30 per
day from zero) This also seems to spread to a second computer on my home network and
other logins. Both are running RH9, altho one is a dual boot with Win Me. The systems
are on a home network behind a netgear router with a firewall. Does having this type
of information available to random websites not suggest spy-ware? Or is there something
else? How does one stop broadcasting this type of information over the internet?

Last edited by unSpawn; 02-18-2007 at 04:52 AM.
 
Old 06-30-2006, 06:27 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The information is obtained from your IP address on the internet. IP addresses are supplied in block to your IP, and the web site is simply finding out where your IP address is.

These popups sound like a variant on the block popup scam. Firstly, they didn't even notice that you are not using windows. So you know they weren't looking for any spyware. The anti-spyware software that they supply is most likely spyware.
 
Old 06-30-2006, 06:39 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by MikeNorth
I just wanted to jump in and note that I am also having some of the problems
that BajaNick is suggesting. When surfing i am now getting a lot of specific adds
with my city etc. This has happened after a sudden surge in junk emails. (20-30 per
day from zero) This also seems to spread to a second computer on my home network and
other logins. Both are running RH9, altho one is a dual boot with Win Me. The systems
are on a home network behind a netgear router with a firewall. Does having this type
of information available to random websites not suggest spy-ware? Or is there something
else? How does one stop broadcasting this type of information over the internet?
your approximate geographical location can be obtained by your IP address... google for "geoip" and you'll see how... there's also other info that websites you visit get from you without the need for spyware... to have an idea, run the following privacy test:

http://network-tools.com/analyze/

just my ...
 
Old 02-14-2007, 02:15 PM   #4
paul123
Member
 
Registered: Nov 2006
Location: UK
Distribution: Mandriva 2007
Posts: 93

Rep: Reputation: 15
Question unexpected hardrive activity preventing immediate shutdown

whoops wrong place. sorry
 
Old 02-15-2007, 06:57 AM   #5
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Devuan Beowulf
Posts: 514
Blog Entries: 1

Rep: Reputation: 37
To the OP, consider using something that disallows scripts in your browser, such as the noscript plugin for firefox. The popups are usually javascript driven, and stopping js generally kills the popups. Noscript as an example disallows all scripts on a site by default. You then allow the ones you need as and when required.

As for linux spyware i've never heard of any so far. The nearest you might get is someone hacking you and adding a trojan to your machine.

Its not something you should lose sleep over, as long as you keep your machine updated.
 
Old 02-15-2007, 07:42 AM   #6
vangelis
Member
 
Registered: Nov 2004
Location: Hellas
Distribution: Zenwalk 6.4
Posts: 337
Blog Entries: 4

Rep: Reputation: 30
This kind of ad you show is surely something that your browser can give away pretty easy and can be found by your ip address since you are not behind a proxy server to have anonymity.

As for the security part... Red Hat 9 drop the support for the updates at mid 2004. So if red hat is the most famous corporate distro in america and you got hacked once, then it's most probably going to happen again due to it's vulnerability of not having updates anymore.

For your sanity my friend update the system to something more recent.
 
Old 02-15-2007, 08:02 AM   #7
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Code:
I thought there was no spyware for Linux?
Bring technical facts. This is wrong.
 
Old 02-17-2007, 11:44 PM   #8
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 877

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Quote:
Originally Posted by BajaNick
I received a a popup. It showed my IP address, my physical location (Los Angeles) and it also showed me my ISP name and the time and date of my current connection and it was not like any other popup i have received before, It didnt seem to want to sell me anything like the usual ones it was just there with no other information, it was kind of freaky.

You'd be surprised to see what you can do with Javascript and Java, by themselves or together. Sending an IP address (which you give up on connecting to something) to a site which returns geo-location and then displaying that info back to the user is not very complex. You can find zipcodes; sometimes hostnames given by your ISP can reveal the city you're in. RoadRunner is big on this, I've seen Verizon do it too.

Code:
*.twcny.res.rr.com
-a residential cable modem in central New York.

Tools like p0f can guess your kernel version, uptime, and network connection with accuracy. There's not alot of talk about snmp, but if a system is running snmp services and they are accessible, you can tell just about anything about that system from where in the world it is to who owns it, and what it's running at the moment, to where it itself is connecting.


The data is out there, add in a little guess work and you can come up with data that appears to be knowable only by you.
 
Old 02-18-2007, 01:00 AM   #9
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Almost no Windows user could tell you what every file is on their system. That's scary.
... from someone's sig.

So... how many linux users can state what every file is on their system? And what is so scary about that?

Last edited by Simon Bridge; 02-18-2007 at 05:09 PM.
 
Old 02-18-2007, 02:14 AM   #10
vangelis
Member
 
Registered: Nov 2004
Location: Hellas
Distribution: Zenwalk 6.4
Posts: 337
Blog Entries: 4

Rep: Reputation: 30
That's correct but probably jayjwa meant you can always learn by opening the file and reading the comments.
Can you open a file under C:/windows and find out what is it?

But we are off the topic here..
 
Old 02-18-2007, 02:50 AM   #11
crashmeister
Senior Member
 
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541

Rep: Reputation: 47
The server that serves whatever you are looking at kind of needs to know your IP address
 
Old 02-18-2007, 08:33 AM   #12
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,863
Blog Entries: 4

Rep: Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995
"Spyware" pretty much consists of a rogue Javascript (or in some cases, a bit of code attached to an image). The only way to effectively stop it is with a proxy-filter such as privoxy, which is readily available for both Windows and Linux.

A "proxy" is a program that sits between you and the web. Your browser must forward its traffic to the proxy, which retransmits it to the web. The proxy can filter objectionable content in both directions.

In the Windows environments, the core problem is that most users run as Administrators. When presented with a prompt for an admin password, they reflexively type it in. And so they allow any bit of code from the Internet to run with unrestricted access to their machines, and chaos ensues.

In the Linux and OS/X environments, users typically do not run with full, unrestricted privileges. Thus, "rogue" programs do not have unrestricted privileges either, and when that is the case it is quite difficult for a rogue to do global, lasting harm. And this is why Apple has been able to get so much press from the tag-line that "Windows has 144,000 viruses and OS/X has none."

Ironically, Windows has just as much potential ability to deflect viruses, in exactly the same way, but for tens of millions of Windows systems out there on the Internet all of that protection is turned off! Users do not know about it because they are never told about it. They spend millions of dollars on useless "anti-virus" programs, having been lectured that these are essential when in many cases they are part of the problem.
 
Old 02-18-2007, 04:08 PM   #13
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
Originally Posted by exodist
Chort, I have seen the argument before, it is true that A reason linux has less worms and viruses is because the attackers want more targets, but linux really hasn't been tested aganst a majior virus flood like windows has, I personaly believe that the layout of a linux system would protect it and prevent the kind of mass-failure and mass-hysteria like a few eeeks ago n windows.
This has been thrashed out before. For example:
http://www.theregister.co.uk/securit...dows_vs_linux/
Quote:
This reasoning backfires when one considers that Apache is by far the most popular web server software on the Internet. According to the September 2004 Netcraft web site survey, [1] 68% of web sites run the Apache web server. Only 21% of web sites run Microsoft IIS. If security problems boil down to the simple fact that malicious hackers target the largest installed base, it follows that we should see more worms, viruses, and other malware targeting Apache and the underlying operating systems for Apache than for Windows and IIS. Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.

Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful. The Code Red worm that exploited a buffer overrun in an IIS service to gain control of the web servers infected some 300,000 servers, and the number of infections only stopped because the worm was deliberately written to stop spreading. Code Red.A had an even faster rate of infection, although it too self-terminated after three weeks. Another worm, IISWorm, had a limited impact only because the worm was badly written, not because IIS successfully protected itself.
The statistics have changed a bit since 2004 - see http://en.wikipedia.org/wiki/Compari...dows_and_Linux
Quote:
Historically, Windows has tended to dominate in the desktop and personal computer markets (about 89.2% of the desktop market share), and Linux has achieved between 50 - 80% market share of the web server, render farm, and supercomputer markets.
... so, we should see the vast majority of attacks to be leveled against linux in this area. Yet this is still not the case.

The other one we've seen is the myth that OS is inherently less secure because the source code is available to attackers. Thus, attackers can peruse the code for vulnerabilities. Add to this the increasing trend for new malware to be written by people who are quite expert in coding and it sounds like a nasty combination.

Quote:
The evidence begs to differ. The number of effective Windows-specific viruses, Trojans, spyware, worms and malicious programs is enormous, and the number of machines repeatedly infected by any combination of the above is so large it is difficult to quantify in realistic terms. Malicious software is so rampant that the average time it takes for an unpatched Windows XP to be compromised after connecting it directly to the Internet is 16 minutes -- less time than it takes to download and install the patches that would help protect that PC. [3]

As another example, the Apache web server is open source. Microsoft IIS is proprietary. In this case, the evidence refutes both the "most popular" myth and the "open source danger" myth. The Apache web server is by far the most popular web server. If these two myths were both true, one would expect Apache and the operating systems on which it runs to suffer far more intrusions and problems than Microsoft Windows and IIS. Yet precisely the opposite is true. Apache has a near monopoly on the best uptime statistics. Neither Microsoft Windows nor Microsoft IIS appear anywhere in the top 50 servers with the best uptime. Obviously, the fact that malicious hackers have access to the source code for Apache does not give them an advantage for creating more successful attacks against Apache than IIS.
[3] Unpatched PC "Survival Time" Just 16 Minutes, by Greek Keiser, TechWeb News. See references section below for URL.

See also:
http://www.varlinux.org/vl/html/modu...Gregg%20Keizer
http://www.itnews.com.au/newsstory.aspx?CIID=19387


The other mistake I see around here is more subtle. It involves stating a single metric and basing the conclusion on that. The issues involved are far too complex to yield to a single point of analysis. As an example of why this is important, consider:
Quote:
Ask yourself this question: If you experienced a heart attack at this very moment, to which hospital emergency room would you rather be taken? Would you want to go to the one with the best average response time from check-in to medical treatment? Or would you rather be taken to an emergency room with a poor record for average response time, but where the patients with the most severe medical problems always get immediate attention?

One would obviously choose the latter, but not necessarily because the above information proves it is the better emergency room. The latter choice is preferable because it includes two metrics, one of which is more important to you at that precise moment.
... aww shucks, just read the article.

Note: the register article is quite out of date in terms of statistics. However, up to date statistics are available for their most important metrics - and the case is, if anything, even better today than when the article was written.

None of this refers to windows vista - which has removed many of the problems associated with previous releases. (But added some odd vulnerabilities deliberately.) For eg. legacy support has been dropped from the kernel (replaced by emulation) and users no longer work with administrator privileges.
 
Old 02-18-2007, 04:36 PM   #14
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Source of Security Vulnerabilities in Linux
(Inside information from Symantec)

I went to university with some guys who ended up as programmers for synaptec - one was specifically looking for vulnerabilities in linux, solaris etc and I knew he had a strong unix background. So I asked him if linux users are justified in being smug about security.

He says: yes.
In that professional's opinion, the main strength of linux against malware has traditionally been due to users compiling their own system from source. Symantec have been increasingly concerned about the proliferation of packet-managed distributions with have their managers running as root. Users could be social-engineered to accept third party packets without question.

Social engineering has always been the number one way malware gets on the system ("run this script './install-malware.sh' as root to improve system performance"). Just look at the "success" of the "I love you" virus - it wasn't a well written virus, it's just that so many people seem to be curious about any attachment called "I love you". That's the social part

He also pointed out some very nasty viruses written for linux - not so much for what they did but because the code and the timing ... suggested a new kind of attacker. One with skills and forethought.

He also pointed me at some viruses designed to migrate between windows and linux environments - systems running WINE are particularly vulnerable in this way since WINE is "very faithful" (his words) to the windows API, warts and all. WINE systems can be vulnerable to some windows malware too, of course. Particularly if IE is used under WINE for browsing.

But wait: there's more -
Contrary to popular optinion, linux systems have been tested against major virus outbreaks. In server environments, where linux holds a market majority. Damage was minimal because linux's structure made it difficult for the worm to get anywhere bad, and linux sysadmins were typically more knowledgable of their systems. Response time was fast, and the various developers were extremely cooperative in plugging the holes.

Lastly:
Operating Systems are very secure now across the board. So much so that attackers are looking to applications rather than the OS itself. They are focusing on the services you run.

Linux folk get to be smug there too because linux policy has always been to start with everything shut down by default... so it is unlikely that anyone running a service is unaware of it (they had to physically enable it, after all). In windows admin it is quite normal for novice admins to run services they do not intend to.

Linux folk are used to running headless machines remotely where windows admins usually expect physical access to the box. Anyone who has had to recover their root password knows that physical access is total access. There, they expect a gui where linux admin will expect to use CLI - in cli you get precise control where a gui adds heavy abstraction.

So symantec are not very concerned about social engineering in linux.

Caveat: Symantec do not have an official position on the vulnerability of any OS or system. This is entirely off the record, hence the lack of attribution. Symantic sell security related products for windows and mac, with no major market investment in linux that I can find... we could interpret this as saying that symantec have a financial interest in painting windows as inherently insecure (read: without their product).

I've also discussed this before in another thread.

Last edited by Simon Bridge; 02-18-2007 at 04:43 PM.
 
Old 02-18-2007, 04:47 PM   #15
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
Originally Posted by XavierP
Simon - you have responded to a thread which is 4 years old. Is this the thread you wanted?
hmmm ... odd, I have received the following link in my e-mail this morning:

http://www.linuxquestions.org/questi...8&goto=newpost

... if you figure out what this is supposed to point to before I do, let me know and I'll figure out if the replies are valid there. (Could I modify them and get them moved?)

Thanks for the head's up
Simon
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux Spyware soldier228 Linux - Newbie 2 02-13-2007 05:26 PM
Spyware in Linux? Mojojo General 4 01-19-2006 12:58 PM
Spyware On Linux dj9928 Linux - Software 2 04-16-2005 05:31 PM
spyware in linux? ungua Linux - Security 26 01-11-2005 05:20 PM
Can Linux have spyware? ProtoformX Linux - General 4 03-15-2004 06:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration