[ltp] Spyware - my Intrepid under attack?

Dan Maranville linux-thinkpad@linux-thinkpad.org
Sat, 12 Sep 2009 15:22:58 -0400


Hello --

>On Sat, Sep 12, 2009 at 14:49, Andrea Levin <andrea.b.levin@gmail.com> wro=
te:
>
> I am pretty new to Ubuntu (Intrepid), finding my way around, practicing c=
lumsily with the command line,reading Keir Thomas...and I may have been >co=
mplacent about the risk of spyware. I hadn't even installed Mozilla NoScrip=
t (till a minute ago!). I've updated faithfully when prompted.
>
> On Firefox a half hour ago, I noticed things a bit...slow. Then a bit 'fr=
eezy'.=C2=A0 First attributed this to the measly RAM quotient on this 2003 =
Dell 5100 >(which I believe is 256 megs. Still not sure where to find syste=
m info - that's how new I am!)

>From the Cli you can simply type 'free'=C2=A0 this will tell you all about
your ram, and yes 256 will get chunky especially at the NYT as it has
some flash heavy areas, also if you opened=C2=A0 a spreadsheet it is also
OOo sucking up a ton of that ram.

>
> A Firefox update process=C2=A0 required restart of FF, and so I thought i=
t might have been the resource demands of this process. All of a sudden - a=
 >classic sense of 'takeover': suddenly, my monitor looks like a Windows ma=
chine, showing me my 'My Computer', 'C drive', 'My Documents', etc, all >ta=
gged with red warnings, a pop-up tells me I am under attack, do run-don't-w=
alk to this antivirus site, etc. In my panic (I don't yet know the >equival=
ent of CTRL-ALT-DEL) I pulled the plug and the battery to abort.

This is a prevalent way of making windows users install the exe that
comes bundled with it, did it happen to look like screen located here:
http://likuidkewl.blogspot.com/2009/05/oh-no-windows-viruses-on-my-linux-bo=
x.html

>
> I had ... downloaded a spreadsheet from the New York Times site on costin=
g out home-buying.=C2=A0 Uh-oh! (Actually, I'd assumed I was about to >simp=
ly open a new tab, not download a document.)=C2=A0 Deleted this at the term=
inal.
>
> So: how to scan for spyware, viruses? Or: is this necessary? How would I =
know I'm infected?=C2=A0 Etc.!

Don't worry about being infected with anything, it is almost always
just a scare tactic for most people.
Rootkits, sure if you have a server forward facing but home users in
the world today? No.

>
> Usually I check forums before posting threads - but I'm pretty rattled!
> I use ESET Nod32 on my Windoze machines.
>
> Thanks in advance!