[ltp] Spyware - my Intrepid under attack?

Stephen Ryan linux-thinkpad@linux-thinkpad.org
Sat, 12 Sep 2009 15:45:09 -0400 

On Sat, Sep 12, 2009 at 3:36 PM, Andrea Levin <andrea.b.levin@gmail.com> wr=
ote:
> Whew, and thanks so much for the reassuring and informative replies - and
> indeed, The Thing looked exactly likeTthe Thing on the link at
> http://likuidkewl.blogspot.com/2009/05/oh-no-windows-viruses-on-my-linux-=
box.html.
> Now that I've caught my breath, I can see it was one of those rogue secur=
ity
> software things.=C2=A0 And still wondering exactly how it came in.
>

I downloaded the same spreadsheet and saw the same screen, so I'm
pretty sure that's where it came from; I just killed the browser to
get rid of the popups.

The spreadsheet wasn't much more useful than the virus "warning"
screen (i.e., it was the most singularly useless spreadsheet I've seen
this decade); you didn't miss much -- I'm actually more stupid for
having looked at that spreadsheet and regret having contributed to
global warming by running OpenOffice long enough to see it.  The
numbers were just percentages of the original purchase price,
presented with little to no justification or categorization at all.
Ah, well.



> Thanks for being there!
>
> Andrea
>
> On Sat, Sep 12, 2009 at 3:22 PM, Dan Maranville <likuidkewl@gmail.com>
> wrote:
>>
>> Hello --
>>
>> >On Sat, Sep 12, 2009 at 14:49, Andrea Levin <andrea.b.levin@gmail.com>
>> > wrote:
>> >
>> > I am pretty new to Ubuntu (Intrepid), finding my way around, practicin=
g
>> > clumsily with the command line,reading Keir Thomas...and I may have be=
en
>> > >complacent about the risk of spyware. I hadn't even installed Mozilla
>> > NoScript (till a minute ago!). I've updated faithfully when prompted .
>> >
>> > On Firefox a half hour ago, I noticed things a bit...slow. Then a bit
>> > 'freezy'.=C2=A0 First attributed this to the measly RAM quotient on th=
is 2003
>> > Dell 5100 >(which I believe is 256 megs. Still not sure where to find =
system
>> > info - that's how new I am!)
>>
>> From the Cli you can simply type 'free'=C2=A0 this will tell you all abo=
ut
>> your ram, and yes 256 will get chunky especially at the NYT as it has
>> some flash heavy areas, also if you opened=C2=A0 a spreadsheet it is als=
o
>> OOo sucking up a ton of that ram.
>>
>> >
>> > A Firefox update process=C2=A0 required restart of FF, and so I though=
t it
>> > might have been the resource demands of this process. All of a sudden =
- a
>> > >classic sense of 'takeover': suddenly, my monitor looks like a Window=
s
>> > machine, showing me my 'My Computer', 'C drive', 'My Documents', etc, =
all
>> > >tagged with red warnings, a pop-up tells me I am under attack, do
>> > run-don't-walk to this antivirus site, etc. In my panic (I don't yet k=
now
>> > the >equivalent of CTRL-ALT-DEL) I pulled the plug and the battery to =
abort.
>>
>> This is a prevalent way of making windows users install the exe that
>> comes bundled with it, did it happen to look like screen located here:
>>
>> http://likuidkewl.blogspot.com/2009/05/oh-no-windows-viruses-on-my-linux=
-box.html
>>
>> >
>> > I had ... downloaded a spreadsheet from the New York Times site on
>> > costing out home-buying.=C2=A0 Uh-oh! (Actually, I'd assumed I was abo=
ut to
>> > >simply open a new tab, not download a document.)=C2=A0 Deleted this a=
t the
>> > terminal.
>> >
>> > So: how to scan for spyware, viruses? Or: is this necessary? How would=
 I
>> > know I'm infected?=C2=A0 Etc.!
>>
>> Don't worry about being infected with anything, it is almost always
>> just a scare tactic for most people.
>> Rootkits, sure if you have a server forward facing but home users in
>> the world today? No.
>>
>> >
>> > Usually I check forums before posting threads - but I'm pretty rattled=
!
>> > I use ESET Nod32 on my Windoze machines.
>> >
>> > Thanks in advance!
>> --
>> The linux-thinkpad mailing list home page is at:
>> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
>
>
>
> --
> This email and any files transmitted with it may be confidential and lega=
lly
> privileged. They are intended solely for the use of the individual or ent=
ity
> to whom they are addressed. If you have received this email in error, ple=
ase
> notify the sender by return email immediately, and then delete and destro=
y
> this message and its
> attachments.
>