PDA

View Full Version : [ubuntu] Ubuntu Irc hacker posting virus url



wirechief
April 24th, 2009, 12:31 AM
Last night April 22nd 2009 on the channel for celebrating the release of
Ubuntu Jaunty around 10pm I clicked on a innoculous looking link that was
supposedly giving users information on the latest release and when it was
going to be released.
I got hit by a virus that locked up my firefox3, I immediately disconnected from the internet and removed and purged firefox3 however that failed to cure the problem, when i tried to log back into my gmail account i was blocked and access prevented by google, I suspect google was seeing something wrong with my web browser. I had to do a reformat of my partition
and reinstall from a backup. The lesson here is for me and others not to click on these seeming informational URL's that some hacker is posting that is loaded with virus's I plan on getting clamav but this lesson has already
been given.
hope this helps others who use the irc regularly, not all users of the irc
are there for help or information.

dBuster
April 24th, 2009, 12:55 AM
Were you running in Ubuntu? Or from Windows?

If running from Linux, were you running firefox as root? I mean in order to get hit you pretty much have to have all root access open or give su/root access to what ever it is that is trying to run.

Experts, correct me if I am wrong.

Maybe it was a corrupt web page it tried to load or some firefox exploit...???

steve101101
April 24th, 2009, 12:57 AM
i agree with you but im not expert either.

Mortus Pryde
April 24th, 2009, 12:58 AM
Well one more reason why when I settle on what Ubuntu version I will be using on my laptop I will have an AntiVirus installed as well. It will be traveling when I do and thus connecting to unfemilure networks with computer that may be dirty as... Never mind.

That being said, playing the other side, are you sure it was a virus, or could it have just been some malformed yet malicious website code that perhaps got stuck in cache and was not purged in your reinstall?

Mortus Pryde
April 24th, 2009, 01:00 AM
Maybe it was a corrupt web page it tried to load or some firefox exploit...???

No expert either but it looks like you beat me to it. ;)

Twitch6000
April 24th, 2009, 01:01 AM
Were you running in Ubuntu? Or from Windows?

If running from Linux, were you running firefox as root? I mean in order to get hit you pretty much have to have all root access open or give su/root access to what ever it is that is trying to run.

Experts, correct me if I am wrong.

Maybe it was a corrupt web page it tried to load or some firefox exploit...???

No you do not need root for the virus to infect you.

I have seen two test viruses for linux that all you need is to download the file. Then later use a program like lets say a package manger that needs root.

This also gives that file root and boom it infects your system.

most ways of doing this have been patched however.

Vunutus
April 24th, 2009, 01:07 AM
This seems like another example of something (potentially very small) going awry and a user re-installing their entire OS before asking for help. Seems like a waste of time and effort to me O_O

albinootje
April 24th, 2009, 01:14 AM
I got hit by a virus that locked up my firefox3, I immediately disconnected from the internet and removed and purged firefox3 however that failed to cure the problem

Which IRC network, which channel ?
Which IRC client were you using ?
Do you have log files from your IRC client ?
What was the exact link you clicked on ?
Were you using the Firefox addon noscript ?

Why are you referring to this as a virus ?
Firefox can lock up for several reasons, and apparently you have done zero investigation about what that link might possibly have done to your Ubuntu installation.

If someone pulls out the cable of the NFS-server at work, and because of that my Ubuntu desktop (with NFS-mount /home) doesn't do anything anymore, I'm not gonna rush with putting in the installation cdrom to do a fresh installation, but first track down what happened.
After you disconnected from the internet, you could have booted from a linux live cd, and at least make a copy of your installation for proper investigation.