APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Windows Spam on Linux

by Bill Mohrhardt

I was NOT on-line last night, actually reading a book instead, when my wife comes downstairs saying that our computer is telling her that it has been infected with spyware and that we NEED to download some software to fix that.

I chuckled, of course, knowing that our computer is RHEL5 using Firefox 3.0.x. But, being the 24/7 support person, I went upstairs. The odd thing was that the screen behind the dialogue box looked very Windoze-like. I went to a terminal window, and did a kill -15 on the firefox process. That killed it right away, and it was only using 5% of CPU, so it couldn't have been too evil.

I then did a find / -ctime 0 -print to see all of the changes/adds. Interestingly, there were some .wine files in our /tmp, which would explain the Windoze-like appearance. I am kind of curious now what the thing might have tried to do had we agreed to download their anti-spyware.

Anyway, I wiped out the /tmp stuff, and our Firefox is already configured for clearing out temporary Internet files upon exit. I then did a restart, and checked my ps -ef and everything was all clear. I will admit though, that Firefox 3.0.x (versus 2.0.x) seems to be a very busy program, using CPU time even after one closes it out. It is probably writing some cached database entries of some variety. Who knows?

Gee, maybe I need one of those Linux-based anti-spyware programs........ not!



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Windows Spam on Linux:

1 comment



Increase ad revenue 50-250% with Ezoic


More Articles by © Bill Mohrhardt







Wed Aug 19 01:51:10 2009: 6766   drag

gravatar
I recently lent a Linux laptop to a friend that needed it for job hunting (she recently being unemployed). She is a fan of places like Myspace in the past and has recently discovered Facebook and is now happily tearing it up online during her period of joblessness. (Yay for people that have open wifi!)

She somehow gone to a web page that worked it's way around Firefox's (Iceweasel, actually) pop-up prevention and proceeded to convince her that she had no less then 150 different pieces of malware detected and she needed to run the anti-spyware software immediately.

Of course she panicked and didn't know what to do. Being the enterprising type she was hoping that she could resolve the problem without my intervention.

The next weekend I visited her and saw that she downloaded and attempted to execute about 20 different instances of the malicious 'anti-spyware' program. I didn't have Wine installed so none of them executed. A quick drag to the trash and it was history.

A example image of the sort of thing that people run into while using Linux:
(link)

Kinda amusing. Although I suppose it could of been a ELF executable as much as a Windows Exe. In that case she would of been screwed for a while.

Of course the machine is setup to use 'su', not sudo in the Ubuntu-style, and she had no idea what the root password would of been anyways... So the thing would of probably been limited to her user account (unless it was smart enough to figure out a local privilage escalation exploit, which (unfortunately) is not terribly difficult to find in any OS). Cleaning up a infection limited to a user account should be easy to clean up.




------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Legend has it that every new technology is first used for something related to sex or *redacted*. That seems to be the way of humankind. (Tim Berners-Lee)





This post tagged: