Results 1 to 10 of 10

Thread: 5 Billionth search scam

  1. #1
    Join Date
    Mar 2020
    Beans
    2

    5 Billionth search scam

    Hello,

    I'm hoping someone could give me some help and guidance on this. I use Kubuntu 18.04 and Firefox 73.0.1 (64-bit). I was looking for web sites dealing in mattresses and in the search results was a site <snip>. After clicking on the link, there was a slight delay and then a page appeared with animated confetti saying I'm Firefox's 5 billionth search and I've won a prize. Thought it was a scam straight away and closed Firefox and restarted it. Have used various flavours of Ubuntu for a few years now and never had anything like this before. Did searches on net for info on the scam and it seems to be spread by adware. I checked add-ons in Firefox and I only had 'OpenH264 Video Codec' and 'Widevine Content Decryption Module'. As far as I can remember, I haven't installed any extra programs that didn't come from Kubuntu's software centre and these are only VLC player, LibreOffice, Chromium (only have this for testing in case have problem seeing a page in Firefox), Thunderbird mail, Cantata, K3b, ClamTK. In Firefox, I've gone to Help->Troubleshooting information->refresh Firefox which put everything back to default settings. I have since reset back to recommended settings described in https://wiki.ubuntu.com/BasicSecurity and now have just 'OpenH264 Video Codec' as the only plug-in (as it's automatically installed by Firefox). Is there anything more I can do to safeguard myself?

    Regards

    Rob
    Last edited by coffeecat; 2 Weeks Ago at 01:39 PM. Reason: Link snipped

  2. #2
    Join Date
    Sep 2014
    Location
    United States
    Beans
    160
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: 5 Billionth search scam

    First, I'm sorry that you felt so much anxiety over a typical search result. You shouldn't have such a negative experience just looking for furniture.

    Now though it is possible to have adware or spyware or malware advertise to you specifically, in this case I think it's unlikely malware but a Javascript function that read your browser agent and created a popup using your agent to make it seem like it was specifically targeting you. These are things available to websites simply because you browsed their webpage. With Javascript, software that is rendered by your browser, which means Firefox runs the software, you write a program that knows the following items about you.

    1. Your approximate location via your IP. Note, your IP is how your computer is addressed, and from this address a website and determine where you live easily.
    2. Your browser and sometimes your operating systems. This is how websites typically determine if you need to use the mobile version of their websites for example.
    3. Where you came from, your last click, meaning they know you arrived from Google or any other search engine website like duckduckgo.

    What does this mean?

    From this, we know that the website could've known all of this information without needing to spread malware, which is illegal and requires work. Because this is the easiest way to scam you, they will likely use the easiest method and not even worry about developing the malware you may have imagined. Though that malware is very possible, it's less likely in your situation.

    You should be safe. But you may also want to reformat your machine if you'd like.

    I'm writing some free software that I hope to have as an PPA (available to Ubuntu users) soon that should help with automating security vulnerabilities on your computer and assist with fixing them. Let me know if this would be something that interests you, and I can PM you the project. Or if anyone else is interested, simply send me a note via my visitor's page. I feel like posting in thread would be advertising, and I haven't checked the rules recently on that.

    Additional recommendations:
    1. Install addons that block scripts, such as ublock origin or umatrix.
    2. Install addons that ensures your traffic is encrypted, such as HTTPS Everywhere.
    3. Install addons for privacy such as privacybadger.
    Last edited by EuclideanCoffee; 2 Weeks Ago at 03:14 PM.

  3. #3
    Join Date
    May 2007
    Beans
    164
    Distro
    Xubuntu

    Re: 5 Billionth search scam

    Totally agree with EuclidianCoffee. I recently clicked on an apparently ligit link in a google search and came to a site like the one you encountered. I immediately closed the tab down and thought no more of it. Nothing happened here on my system or in my Google Chrome, so it is cool. What I think has happened is that that site got it's domain name hijacked somehow, and present crap and spam instead. The Google search engine doesn't always keep up with old or malfunctioning link/web sites.

    If you still feel un-cool you can uninstall Firefox and purge it. And delete it's config directory - /home/youruser/.mozilla Note the dot before .mozilla. And then reinstall it. You'll lose all settings you had in Firefox but......

  4. #4
    Join Date
    Mar 2020
    Beans
    2

    Re: 5 Billionth search scam

    Thanks, EuclidianCoffee, for the help and the reassurance. I will follow your tips for making myself a bit safer. I would also be interested in the utility your developing and be glad for you to PM me with your site. Many thanks.

    Also thanks for your input Webaake.

  5. #5
    Join Date
    Mar 2020
    Beans
    46
    Distro
    Ubuntu 18.04 Bionic Beaver

    Lightbulb Re: 5 Billionth search scam

    Quote Originally Posted by r-done View Post
    I haven't installed any extra programs that didn't come from Kubuntu's software centre and these are only VLC player, LibreOffice, Chromium (only have this for testing in case have problem seeing a page in Firefox), Thunderbird mail, Cantata, K3b, ClamTK.
    if you got clamtk you probably also have clamav. why not run a few scans?

    Quote Originally Posted by r-done View Post
    In Firefox, I've gone to Help->Troubleshooting information->refresh Firefox which put everything back to default settings.
    better than refresh delete the firefox profile or uninstall reinstall firefox as already suggested.

    Quote Originally Posted by r-done View Post
    I have since reset back to recommended settings described in https://wiki.ubuntu.com/BasicSecurity
    enable firewall & install gufw. if you want a squeaky clean ubuntu avoid wine.

  6. #6
    Join Date
    Sep 2014
    Location
    United States
    Beans
    160
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: 5 Billionth search scam

    Since most threats are carried via port 80 or 443, which is web traffic, you can still receive what is called a "payload" even when firewalls are up. I'm not saying that firewalls don't help, but if you're largely browsing the web, it does you no good. Instead, look into enabling apparmor.

    https://flatlinesecurity.com/posts/firefox-apparmor/

    This explains the problem in more detail and provides you with some practical commands in the commandline.

  7. #7
    Join Date
    Mar 2020
    Beans
    46
    Distro
    Ubuntu 18.04 Bionic Beaver

    Thumbs up Re: 5 Billionth search scam

    Quote Originally Posted by EuclideanCoffee View Post
    Instead, look into enabling apparmor.

    https://flatlinesecurity.com/posts/firefox-apparmor/
    thanks.

  8. #8
    Join Date
    Mar 2020
    Beans
    46
    Distro
    Ubuntu 18.04 Bionic Beaver

    Question Re: 5 Billionth search scam

    Quote Originally Posted by EuclideanCoffee View Post
    can this be done on debian too ? if yes please guide me.

  9. #9
    Join Date
    Sep 2014
    Location
    United States
    Beans
    160
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: 5 Billionth search scam

    Yes, exactly as it is written. Please post a new thread if you have a specific question about app-armor in Debian, as this thread has been resolved more or less.

  10. #10
    Join Date
    Mar 2020
    Beans
    46
    Distro
    Ubuntu 18.04 Bionic Beaver

    Thumbs up Re: 5 Billionth search scam

    Quote Originally Posted by EuclideanCoffee View Post
    Please post a new thread if you have a specific question about app-armor in Debian, as this thread has been resolved more or less.
    https://ubuntuforums.org/showthread....1#post13940871

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •