Yesterday booted into Debian and opened Firefox and was greeted by an 'audio' message, purported to be from Microsoft informing me that I had security issues on my PC and would be shut-down if I closed the page (...which I didn't see )

Ran ClamAv and it found several exploits (PUA.Win.Trojan.Xored-1,PUA.Html.Exploit.CVE_2014_0322-1, in my /home/******/.cache/mozilla/firefox directory, would appreciate if anyone have any quarantine advice and tips to beefing-up my security to avoid these again?

Had a similar result when I scanned a Fedora 26 installation too.

Cheers,

Tom

1) When you scan with Clamav try switch off PUA, because often there are false alarms in it.
2) Delete all firefox related cache folders and contents;
3) Delete cookies that are not important to you. (in my case I always delete all)
Don't run any browser as root and be careful in what you do.

I have not experienced any trojan yet in my linux use.

m.m.

1 members found this post helpful.

It sounds like a web site presented you with browser exploit kit or advertisements trying to install or to trick you to install scareware/fake security product to your computer. They were most likely targeted at Windows users, and even if the exploitation was successful, the particular malware wouldn't probably even work on Linux. See the "Win" part in the first detection. The vulnerability mentioned in the second detection was found in 2014 (see the CVE note) so if your browser is even halfway up to date, exploiting the vulnerability should not be possible.

Purge cache and they should be gone.

To harden browser security, I would recommend using an ad blocker such as Adblock Plus or uBlock Origin. NoScript can provide strong protection against browser exploits but it's rather tedious to use and requires some understanding about web site technology. uMatrix is recommended by some people as an alternative to NoScript but I have no experience on it.

If you use Adobe Flash, put it into "ask to activate" mode so that it doesn't run on every site. Do the same to Java plugin and other native plugins if there are any. If you don't need these, uninstall them.

Keep your system up to date and do not run web browser with root privileges. Do not click shady links and aggressive advertisements.

2 members found this post helpful.

Quarantine Method #1
repeat scan.
Observe and report.

1 members found this post helpful.

Also, you can run Firefox with firejail. It will keep your browser out of the rest of your filesystem. Another option to secure it would be to use apparmor. Or, use both, I guess. All that clamav really does on linux is to detect malware for windows. It is not bad thing to have if you are interacting with windows users, but it does nothing to protect your linux machine.

correct your www usage habits.
if you found this on several machines, it most probably means that you're habitually clicking the wrong links.
also adblockers and noscript help a lot.

1 members found this post helpful.

When I use to use MS windows I ran Ccleaner often. Since I soly use Linux these days I found a very good alternative with Bleachbit. It also runs on macs and windows os's.

https://www.bleachbit.org/

Debian should have that in their repos already. Linuxmint does and I believe Ubuntu. This may help you keep things clean. I agree with the rest about false positives and a website(s) trying to trick you into installing software.


Edit: BTW. If you use that to clean out your browser make sure you have all your passwords and such saved. Or you can just uncheck those boxes. If checked they will delete all your user names and passwords in that browser.

https://www.cve.mitre.org/cgi-bin/cv...=CVE-2014-0322:

"Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014."

How are you running IE under Linux?

Is this a JOKE ? ? ?

^ i prefer trolls that actually bother to formulate proper replies.


i am very sceptical with this sort of software.
not sure how much sense it makes on windows, but it definitely makes less sense on linux!
bound to do more harm than good.

I'm sure the OP isn't.

I agree, but must admit, reading the last part of this thread, it was/is worth a giggle!

I am confused. How does a program like that not make sense? I have been using them for years on both Windows and now Linux without issue.

It is a tool that helps keep things like your browser clean, thumbnail cache, etc. A lot easier then going in and doing it one by one.

In all fairness to ondoho, I remember when I had Windows (on my old PC) and CCleaner did delete valid Windows Registry entries. To some extent it was ok, but you do have to be REALLY careful when using such programs.

So I do personally agree with ondoho, as I stopped trusting them, for that reason.

1 members found this post helpful.

FUD ! simply fud ! ! ( by OP )

Ok. That I will agree with. They can be dangerous if common sense is not used. Understanding the program before one uses it should also be common sense. For many years I never had any issues or bad experiences with Ccleaner or Bleachbit so I can't really say anything negative about either.