I've seen these before

Story: My Linux Box is INFECTED!Total Replies: 7
Author Content
tracyanne

Jun 07, 2008
3:02 PM EDT
In fact this sort of site has enabled at least two Linux sales for me.

@Helios - Assuming I went to the correct link, it was the one from your blog. I got no popups, not even after I enabled scripting (I use NoScript) for that domain. I also use AdBlock Plus, which probably has this site and many others like it blacklisted.

But in addition to running both AdBlock Plus and NoScript, I also turn off all javascipt functionality that changes the behaviour of the browser, in the Firefox preferences.

Edit-Preferences

select the Content Tab.

enable JavaScript, then open the Advanced JavaScript Setting Windows and uncheck all options except Change Status Bar Text.
SamShazaam

Jun 07, 2008
6:44 PM EDT
I have also had this event happen on my computer. Helios was more patient than I was. As soon as I saw this process trying to put an .exe file into my computer I shut down all outside and Internet processes. The problem has not re-occured. I also checked for any suspicious cookies. Better safe than sorry.
Bob_Robertson

Jun 08, 2008
8:15 AM EDT
Yep, I saw this "blight" too, linked through an ad site from a Linux article.

You're right about cookies, or something, because I could not get it to happen again to try to track down where it was loading from. I was able to identify the ad site which was passing it on, though, ad.afy11.net which now resides in my /etc/hosts file as:

127.0.0.1 ad.afy11.net

helios

Jun 08, 2008
6:13 PM EDT
I usually run Firefox "bareback". I load the extensions that I need for my productivity and leave the rest alone. Well, rij showed me the light with no script and I am running it now. Truth be told, at least for the time being, stuff like this is only a PITA for Linux users but if the boys from the last hackathon can be believed, they were just a few short hours from making a java hack for Linux. and really...isn't it only a matter of time? And no, not the security via obscurity argument...that is as lame as lame can get. I mean somebody is finally going to get tired of all the Linux users crowing about their invulnerability and then...well and then it's gonna be on.

Still, I learned quite a bit from writing this. To include how many people honestly thought I was asking for a way to protect myself and stop it, LOL.
tracyanne

Jun 08, 2008
6:16 PM EDT
So did I go to the correct Link? Or is it that what I do, as a routine install of Firefox, stopping me from joining the fun?
helios

Jun 09, 2008
6:43 AM EDT
No, not at all...if your install of FF protected you, then that's a good thing. In my case, it let this beast thru. I'll get you a flight...come see the mayhem this little treat caused me. Show you and yours around while you are here.

You are indeed lucky though, I know how easy it is to make this stop, that t'wasn't the point...point being, many Dozer's do not.
Bob_Robertson

Jun 09, 2008
9:02 AM EDT
> point being, many Dozer's do not.

Agreed.

An acquaintance recently bought his daughter a (gag) Vista laptop for her "going to college" present.

I sat her down and said, "Firefox. Don't use I.E. for _anything_. Get Ad Block Plus and NoScript add-ons. OpenOffice.org will take care of anything you need in "office" software."

It was at a party, and a woman near by said, "You mean I just spent $150 for nothing?" I looked over with a very sympathetic smile and said, "Yes."

I also was helping him debug his own XP laptop problems. It's amazing what people put up with in terms of frustration and hassle running Windows!

hkwint

Jun 09, 2008
10:31 AM EDT
You should 'sue' Google over it, they are to blame too. Stinkware like this shouldn't be in their search results. Chances are big they'd remove this 'search results' if somebody told them about the matter.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!