A piece of malware or adware has managed to lock up my Firefox 3 on an Ubuntu Hardy 8.04 machine requiring a hard power off.

A word of caution: The links here are the ones which caused the problem, so be very careful ! !

I was searching for information on an American Idol contestant and clicked on what appeared to be an innocent link which turned out to have been probably hijacked.
The link http://www.johnjacobcastor.awardspace.com/AlexisGrace.....immediately sent me to something called http://linescan6.com/22/?uid=12900.

Ironically it immediately put up a *******-looking page with a supposed scan in progress bar with warning messages all over. Then I had a popup warning me to download "Internet Antivirus Pro" which would not close. When I tried to close Firefox, it would not close either. It didn't appear to actually succede in installing anything, but I had to shut off the power to recover.

Even though I do not have Firefox set to open the last tabs, it opened the malicious tab anyway on the next activation of firefox after a cold boot and the process started all over again.

Is there any guard against this sort of foolishness?

Thanks to everyone in advance

I ran it just to see what it is. It looks like a javascript abuse nothing else. I killed firefox, restarted it. problem solved :popcorn:

I'm not a security pro or anything, but the first plugin for FF I install is always NoScript (Java/JavaScript/CSS/etc. blocker), and the second is AdBlock Plus. My reasoning is that lots of these malicious things come from nasty ads on supposedly legitimate sites (Reuters comes to mind), so blocking ads can help reduce them, and NoScript gives you the ability to whitelist sites, blocking scripts on all others.

Using this setup, in at least two years of browsing on Windows with Firefox, I've never had a problem.

I'd also think it's possible that your home or about:something (sorry) was infected by the malware. You might try moving your profile directory and starting FF, to get a clean start.

Also, "sudo killall -9 firefox" in a terminal or console might save you a reboot. :)

Good luck!

Beside what yther mentioned, I also use Open DNS for this security issue.

the first link, johnjacobcastor, is a dead link (or at least it is now).
the second link, linescan6, is spam/adware, a quick scan shows no other files detected. linescan6 is located in Atlanta, GA 30356 and is associated with SkipLink, LLC.

Jerrrys, and all: Thanks for taking the effort to investigate this. Maybe the URL is dead now, I haven't checked since this morning. I did report that the johnjacobcastor.awardspace.com/etc.... had been redirected to Awardspace before I posted here, and it may have been taken care of by now.

As I investigated further, I discovered that many of the awardspace users redirected to the same scumbag site trying to install "Internet Antivirus Pro"

I'm going to take your advice and install NoScript. I have always had AdBlockerPlus running.

Yther: I finally learned how to Kill PID XXXX in a terminal, which worked much better than a yank on the power cord :-)
Thanks Again Everyone.