Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Did I get a virus/get hacked from this infected website?

  1. #1
    Join Date
    Feb 2012
    Beans
    31

    Did I get a virus/get hacked from this infected website?

    Hi, I visited a website that is infected with malware in Chrome (after I visited it, I scanned it with Sucuri Scan and it IS infected).

    I had no protection in Chrome (no adblock/noscript, etc).

    I then scanned the Home folder with ClamTK and it said I have no viruses, but I was wondering, could I have been hacked? I read somewhere that if your browser gets hacked, a hacker could steal what is in your home folder. I have TONS of personal information there, so could I have been hacked?
    Last edited by oldos2er; February 26th, 2012 at 06:00 PM. Reason: Please use the default font!

  2. #2
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Did I get a virus/get hacked from this infected website?

    Looks like you ran across a drive-by. Most of the time those will ultimately only affect Windows systems and will attempt to install malware from a third site that is linked to from the compromised or malicious web page you went to. There is certainly nothing stopping a script or object on a page from accessing information in your home folder through the browser, but as far as I know the majority of the time that's not what these things get used for. The business model runs toward what we call a pay-per-install program where malicious actors contract out to install as much malware from others as they can manage to, on as many systems as they can. So they get paid for the installations rather than for gobbling up files directly from victim systems. This is why they tend to target the platforms with the largest installation base (Windows).

    There are, of course, no guarantees that's what happened, but in my experience that's what's going on the overwhelming majority of the time with the sort of activity you've described.

    To prepare for these sorts of occasions in the future, I would suggest checking the sticky posts at the top of the Security Discussions, learn how to make an Apparmor profile for your browser, and then check out Truecrypt or the like for the purpose of segmenting the sensitive information in your home folder from the stuff you don't care as much about. Also keep good backups and be prepared to re-install at a moment's notice.

  3. #3
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    Quote Originally Posted by OpSecShellshock View Post
    Looks like you ran across a drive-by. Most of the time those will ultimately only affect Windows systems and will attempt to install malware from a third site that is linked to from the compromised or malicious web page you went to. There is certainly nothing stopping a script or object on a page from accessing information in your home folder through the browser, but as far as I know the majority of the time that's not what these things get used for. The business model runs toward what we call a pay-per-install program where malicious actors contract out to install as much malware from others as they can manage to, on as many systems as they can. So they get paid for the installations rather than for gobbling up files directly from victim systems. This is why they tend to target the platforms with the largest installation base (Windows).

    There are, of course, no guarantees that's what happened, but in my experience that's what's going on the overwhelming majority of the time with the sort of activity you've described.

    To prepare for these sorts of occasions in the future, I would suggest checking the sticky posts at the top of the Security Discussions, learn how to make an Apparmor profile for your browser, and then check out Truecrypt or the like for the purpose of segmenting the sensitive information in your home folder from the stuff you don't care as much about. Also keep good backups and be prepared to re-install at a moment's notice.
    So, is my personal data safe? And do you think I should reinstall and change all of my passwords?

  4. #4
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    Also, if I post a link to the site can you tell me if it's for ubuntu?

  5. #5
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Did I get a virus/get hacked from this infected website?

    I would caution against putting up a link to a site that leads to malware, as there are people who access this forum from Windows systems.

    As to your other question, I can't be sure that your data is safe in a general sense, but I don't believe it was placed at any risk this specific time based on what you have described. There shouldn't be any need to change passwords or re-install unless you want absolute certainty that there isn't any malware.

  6. #6
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    Quote Originally Posted by OpSecShellshock View Post
    I would caution against putting up a link to a site that leads to malware, as there are people who access this forum from Windows systems.

    As to your other question, I can't be sure that your data is safe in a general sense, but I don't believe it was placed at any risk this specific time based on what you have described. There shouldn't be any need to change passwords or re-install unless you want absolute certainty that there isn't any malware.
    How often are facebook/youtube passwords stolen and used maliciously? Or are they not a target?

  7. #7
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    And here is the security report on the site I visited:
    http://sitecheck.sucuri.net/results/...age1773268/pg1

  8. #8
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    Also, I scanned that website on virustotal and it said it was clean actually, so is that site even infected after all?

  9. #9
    Join Date
    Feb 2011
    Beans
    488
    Distro
    Ubuntu

    Re: Did I get a virus/get hacked from this infected website?

    Quote Originally Posted by helpme222 View Post
    Also, I scanned that website on virustotal and it said it was clean actually, so is that site even infected after all?
    I'm not sure about the site you referred to, but sometimes nasty stuff is hidden in ads that comes from a third party.

  10. #10
    Join Date
    Feb 2012
    Beans
    31

    Re: Did I get a virus/get hacked from this infected website?

    Quote Originally Posted by Dry Lips View Post
    I'm not sure about the site you referred to, but sometimes nasty stuff is hidden in ads that comes from a third party.
    Can you take a look at the sucuri log for me and tell me what you think?

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •