Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yesterday booted into Debian and opened Firefox and was greeted by an 'audio' message, purported to be from Microsoft informing me that I had security issues on my PC and would be shut-down if I closed the page (...which I didn't see )
Ran ClamAv and it found several exploits (PUA.Win.Trojan.Xored-1,PUA.Html.Exploit.CVE_2014_0322-1, in my /home/******/.cache/mozilla/firefox directory, would appreciate if anyone have any quarantine advice and tips to beefing-up my security to avoid these again?
Had a similar result when I scanned a Fedora 26 installation too.
would appreciate if anyone have any quarantine advice and tips to beefing-up my security to avoid these again?
Had a similar result when I scanned a Fedora 26 installation too.
1) When you scan with Clamav try switch off PUA, because often there are false alarms in it.
2) Delete all firefox related cache folders and contents;
3) Delete cookies that are not important to you. (in my case I always delete all)
Don't run any browser as root and be careful in what you do.
I have not experienced any trojan yet in my linux use.
Yesterday booted into Debian and opened Firefox and was greeted by an 'audio' message, purported to be from Microsoft informing me that I had security issues on my PC and would be shut-down if I closed the page (...which I didn't see )
Ran ClamAv and it found several exploits (PUA.Win.Trojan.Xored-1,PUA.Html.Exploit.CVE_2014_0322-1, in my /home/******/.cache/mozilla/firefox directory, would appreciate if anyone have any quarantine advice and tips to beefing-up my security to avoid these again?
Had a similar result when I scanned a Fedora 26 installation too.
Cheers,
Tom
It sounds like a web site presented you with browser exploit kit or advertisements trying to install or to trick you to install scareware/fake security product to your computer. They were most likely targeted at Windows users, and even if the exploitation was successful, the particular malware wouldn't probably even work on Linux. See the "Win" part in the first detection. The vulnerability mentioned in the second detection was found in 2014 (see the CVE note) so if your browser is even halfway up to date, exploiting the vulnerability should not be possible.
Purge cache and they should be gone.
To harden browser security, I would recommend using an ad blocker such as Adblock Plus or uBlock Origin. NoScript can provide strong protection against browser exploits but it's rather tedious to use and requires some understanding about web site technology. uMatrix is recommended by some people as an alternative to NoScript but I have no experience on it.
If you use Adobe Flash, put it into "ask to activate" mode so that it doesn't run on every site. Do the same to Java plugin and other native plugins if there are any. If you don't need these, uninstall them.
Keep your system up to date and do not run web browser with root privileges. Do not click shady links and aggressive advertisements.
Also, you can run Firefox with firejail. It will keep your browser out of the rest of your filesystem. Another option to secure it would be to use apparmor. Or, use both, I guess. All that clamav really does on linux is to detect malware for windows. It is not bad thing to have if you are interacting with windows users, but it does nothing to protect your linux machine.
correct your www usage habits.
if you found this on several machines, it most probably means that you're habitually clicking the wrong links.
also adblockers and noscript help a lot.
When I use to use MS windows I ran Ccleaner often. Since I soly use Linux these days I found a very good alternative with Bleachbit. It also runs on macs and windows os's.
Debian should have that in their repos already. Linuxmint does and I believe Ubuntu. This may help you keep things clean. I agree with the rest about false positives and a website(s) trying to trick you into installing software.
Edit: BTW. If you use that to clean out your browser make sure you have all your passwords and such saved. Or you can just uncheck those boxes. If checked they will delete all your user names and passwords in that browser.
"Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014."
^ i prefer trolls that actually bother to formulate proper replies.
Quote:
Originally Posted by Zyblin
When I use to use MS windows I ran Ccleaner often. Since I soly use Linux these days I found a very good alternative with Bleachbit.
...
Debian should have that in their repos already.
i am very sceptical with this sort of software.
not sure how much sense it makes on windows, but it definitely makes less sense on linux!
bound to do more harm than good.
^ i prefer trolls that actually bother to formulate proper replies.
i am very sceptical with this sort of software.
not sure how much sense it makes on windows, but it definitely makes less sense on linux!
bound to do more harm than good.
I am confused. How does a program like that not make sense? I have been using them for years on both Windows and now Linux without issue.
It is a tool that helps keep things like your browser clean, thumbnail cache, etc. A lot easier then going in and doing it one by one.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by Zyblin
I am confused. How does a program like that not make sense? I have been using them for years on both Windows and now Linux without issue.
It is a tool that helps keep things like your browser clean, thumbnail cache, etc. A lot easier then going in and doing it one by one.
In all fairness to ondoho, I remember when I had Windows (on my old PC) and CCleaner did delete valid Windows Registry entries. To some extent it was ok, but you do have to be REALLY careful when using such programs.
So I do personally agree with ondoho, as I stopped trusting them, for that reason.
In all fairness to ondoho, I remember when I had Windows (on my old PC) and CCleaner did delete valid Windows Registry entries. To some extent it was ok, but you do have to be REALLY careful when using such programs.
So I do personally agree with ondoho, as I stopped trusting them, for that reason.
Ok. That I will agree with. They can be dangerous if common sense is not used. Understanding the program before one uses it should also be common sense. For many years I never had any issues or bad experiences with Ccleaner or Bleachbit so I can't really say anything negative about either.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.