PDA

View Full Version : [ubuntu] malware popup in firefox



adamogardner
May 27th, 2009, 03:59 PM
It said I was infected and although I clicked 'cancel' a webpage I had opened turned into a simulation of a virus scan of windows c: D: drives. Well, I'm not using windows so I closed the tab, and a new popup asked If I wanted to download their product. This popup occurred last week too. Is my machine diseased? How can I locate the source of the dis-ease? Then how do I remove it? Also is there a way to find out whence it came from so that I may dole out some vigilante justice?

Celauran
May 27th, 2009, 04:02 PM
Sounds like Antimalware 2009 or whatever it's called. The site's a hoax. The fact that it 'scans' C:\ on a Linux machine should tip you off. Just ignore it.

cobaltseeker
May 27th, 2009, 04:04 PM
I wonder, do you have wine installed?
On a windows machine these cursed malware-sites latch onto your windows folder, i wonder if this somehow may have found your wine windows folder? You should do have a look through it maybe (i dunno, i'm new to this :P)

that or - are you going back to the same websites? >>

Sidewinder1
May 27th, 2009, 04:07 PM
You can always turn off pop-ups within Firefox. I know that doesn't really answer your questions; but it is a suggestion as a stop-gap measure.

philinux
May 27th, 2009, 04:11 PM
It said I was infected and although I clicked 'cancel' a webpage I had opened turned into a simulation of a virus scan of windows c: D: drives. Well, I'm not using windows so I closed the tab, and a new popup asked If I wanted to download their product. This popup occurred last week too. Is my machine diseased? How can I locate the source of the dis-ease? Then how do I remove it? Also is there a way to find out whence it came from so that I may dole out some vigilante justice?

Your machine is fine. Just clear your private data and dont use that webpage again, it's a security hoax aimed at windows users.

billgoldberg
May 27th, 2009, 05:16 PM
Your machine is fine. Just clear your private data and dont use that webpage again, it's a security hoax aimed at windows users.

In firefox:

cltr+shift+del clear cache and cookies

ugm6hr
May 27th, 2009, 06:38 PM
your machine is fine. Just clear your private data and dont use that webpage again, it's a security hoax aimed at windows users.

+1

albinootje
May 27th, 2009, 06:45 PM
I'm not using windows so I closed the tab, and a new popup asked If I wanted to download their product. This popup occurred last week too.

Use the "Web of trust" addon in Firefox to prevent yourself from visiting those [...] websites.

binbash
May 27th, 2009, 07:41 PM
It is probably a cookie or javascript.Just clear your cookies and ignore that :)

doas777
May 27th, 2009, 07:59 PM
in windows it's a pernicious bugger. not browser resident. prolly stuck in wine; usually use the malwarebytes scanner to kill it.

Junkieman
May 27th, 2009, 08:00 PM
That is exactly why I love the NoScript Firefox Addon (https://addons.mozilla.org/en-US/firefox/addon/722), which stops any scripts from sites that you haven't marked as trusted :)

Never trust off-the-wall security warnings, unless it's from a trusted, competent source.

Jive Turkey
May 27th, 2009, 08:09 PM
That is exactly why I love the NoScript Firefox Addon (https://addons.mozilla.org/en-US/firefox/addon/722), which stops any scripts from sites that you haven't marked as trusted :)

Never trust off-the-wall security warnings, unless it's from a trusted, competent source.

+1 on that

Additionally, AdBlock Plus and OpenDNS can also help keep the nasties at bay. Of course opendns could get hacked someday with disastrous results, I swear by it for now though.

doas777
May 27th, 2009, 09:56 PM
+1 on that

Additionally, AdBlock Plus and OpenDNS can also help keep the nasties at bay. Of course opendns could get hacked someday with disastrous results, I swear by it for now though.

I use the others, but opendns worries me for privacy reasons. no good fix to that problem but privoxy though.

+10 to the noscript crew.

adamogardner
May 28th, 2009, 02:46 PM
Your machine is fine. Just clear your private data and dont use that webpage again, it's a security hoax aimed at windows users.

That was my initial intention last week when it first happened. The problem is, is I was on facebook at the time it happened yesturday. That unfortunately is a trusted website, so I fear I may have a rootkit or something of that nature.

aysiu
May 28th, 2009, 04:08 PM
That is exactly why I love the NoScript Firefox Addon (https://addons.mozilla.org/en-US/firefox/addon/722), which stops any scripts from sites that you haven't marked as trusted :)

Never trust off-the-wall security warnings, unless it's from a trusted, competent source.
Yeah. NoScript is the most effective way to block pop-ups.

Sidewinder1
May 28th, 2009, 04:33 PM
I block them from within Firefox and Noscript. Overkill? Perhaps, but I've never had a problem. :-)

freeman2000
May 29th, 2009, 04:24 AM
The problem is, is I was on facebook at the time it happened yesturday. That unfortunately is a trusted website.


Sorry, but Facebook is one of the least trusted places on the internet. That site is notorious for nasties. It seems like they run at least a virus a week. The crackers just love the place. And it is the home of the "phishing" scam. On top of that all, the owners of the site have stated publicly that whatever you put on the site becomes their "property". Caveat Emptor!

abn91c
May 29th, 2009, 04:37 AM
Sorry, but Facebook is one of the least trusted places on the internet. That site is notorious for nasties. It seems like they run at least a virus a week. The crackers just love the place. And it is the home of the "phishing" scam. On top of that all, the owners of the site have stated publicly that whatever you put on the site becomes their "property". Caveat Emptor!
+1, facebook, myspace, youtube although popular are loaded with crapware, viruses, spyware and scams, its a heaven for scammers and perverts just like AOL was. And as you already know AOl is dead. To avoid those type of pop-ups in the future set your Firefox to delete the cache/cookies/history on closing.

lavinog
May 29th, 2009, 04:46 AM
msn has been known to host that popup during the olympics.
The cause was found to be due to a flash advertisement that constantly copies a malacious url into the clipboard, with hopes that a someone would paste the url onto another site. This worked pretty well since articles on fox news websites had links to the malacious sites with the caption "click here for the rest of the story"

The popup you described was very effective at getting users to install a malacious antivirus program at windows, but the popup itself was lying when it says that the computer is infected.

jerrrys
May 29th, 2009, 04:58 AM
what about WOT, web of trust, im i the only one that uses it? it will tell you about sites that have less than good business practices before you even click on the site. it resides in your browser and you can get the plugin from firefox and it just stays in ff. works great, been using it for a couple of years...

Bios Element
May 29th, 2009, 06:09 AM
Use the "Web of trust" addon in Firefox to prevent yourself from visiting those [...] websites.

I'd advise against this. One idiot yells "Virus" and everyone joins in. The sheep mentality of the general user defeats the point.

jerrrys
May 29th, 2009, 06:27 AM
WOT has nothing to do with virus...WOT is like the BBB of the Web. please read about WOT and then make an informed post...

Junkieman
May 29th, 2009, 11:36 AM
Sorry, but Facebook is one of the least trusted places on the internet. That site is notorious for nasties. It seems like they run at least a virus a week. The crackers just love the place. And it is the home of the "phishing" scam. On top of that all, the owners of the site have stated publicly that whatever you put on the site becomes their "property". Caveat Emptor!
I agree completely, social networks is a playground for phishers and scammers - I mean why wouldn't you trust a friend of a friend? I had this stranger add me, with 50% of my friends as mutual. Turned out to be a fake profile!

adamogardner
May 30th, 2009, 04:10 AM
I agree completely, social networks is a playground for phishers and scammers - I mean why wouldn't you trust a friend of a friend? I had this stranger add me, with 50% of my friends as mutual. Turned out to be a fake profile!

You mean you let a stranger add you. I'm not talking about social networks either. Just the website I happen to be on. Frankly, I don't think that website is doing it. I happen to be on it often for its nifty chess program.

k3lt01
May 30th, 2009, 05:46 AM
+1, facebook, myspace, youtube although popular are loaded with crapware, viruses, spyware and scams, its a heaven for scammers and perverts just like AOL was. And as you already know AOl is dead. To avoid those type of pop-ups in the future set your Firefox to delete the cache/cookies/history on closing.AOL is dead? I honesty had no idea but then again I never used it anyway even out of curiosity.

Back to the OP. I like NoScript but I also modify my hosts file (http://www.mvps.org/winhelp2002/hosts.htm) and it stops so much garbage getting through.

EDIT:n.b. you do this at your own risk: To modify your hosts file open a terminal and type


sudo gedit /etc/hosts

Then past the hosts entries below what is already in your hosts file, click save and your done. Close ff, re-open ff go to a site you know will be suspect or any with a google advertisement and you shouldn't get the advertisement or suspect parts of the website your in. Instead you may get a part that state cannot be found.

Wiebelhaus
May 30th, 2009, 05:55 AM
Bit Defender for Unices (http://www.bitdefender.com/PRODUCT-80-en--BitDefender-Antivirus-Scanner-for-Unices.html)

Pappy1911
May 30th, 2009, 09:29 PM
+100 for NoScript.....