[ltp] Spyware - my Intrepid under attack?
Andrea Levin
linux-thinkpad@linux-thinkpad.org
Sat, 12 Sep 2009 22:14:07 -0400
--001636ed6776a74cb904736c1a17
Content-Type: text/plain; charset=ISO-8859-1
Well - seems a 'splat!' across the screen like this comes up rarely - a
reminder of how vulnerable Windows is. Very much enjoying figuring out
Ubuntu - - well worth the effort. On to getting my pcmcia card to work
armed with ndiswrapper (or not!)
Thanks to all for being so helpful!
Andrea
On Sat, Sep 12, 2009 at 8:28 PM, cr <cr@orcon.net.nz> wrote:
> On Sunday 13 September 2009 07:45:09 Stephen Ryan wrote:
> > On Sat, Sep 12, 2009 at 3:36 PM, Andrea Levin <andrea.b.levin@gmail.com>
> wrote:
> > > Whew, and thanks so much for the reassuring and informative replies -
> and
> > > indeed, The Thing looked exactly likeTthe Thing on the link at
> > >
> http://likuidkewl.blogspot.com/2009/05/oh-no-windows-viruses-on-my-linux-
> > >box.html. Now that I've caught my breath, I can see it was one of those
> > > rogue security software things. And still wondering exactly how it
> came
> > > in.
> >
> > I downloaded the same spreadsheet and saw the same screen, so I'm
> > pretty sure that's where it came from; I just killed the browser to
> > get rid of the popups.
>
> I think it runs in Java in your browser.
>
> I got that damn thing a few days ago - in Opera, running under Debian. I
> have no idea what site it came from. It was obviously a spoof since it
> was
> showing Windows directories that don't exist on my system (and equally
> obviously a Windows virus scanner won't even run under Linux). So it must
> have been running in Java in my browser. It popped up an 'error box' and
> when clicked on to close it, just popped it up again before I could reach
> the
> tab page 'close' button, so making it impossible to close the tab. [*]
> I
> found hitting 'Enter' also closed the errorbox, so I moved the mousepointer
> to the browser's 'Tab close' button, hit 'Enter' to close the errorbox and
> clicked on the 'Tab close' before the errorbox could respawn. Then I
> disabled Java in Opera.
>
> The moral is, if some phony app starts telling you about all the *Windows*
> viruses you've got in your Linux system, you can be sure it's bogus.
>
> [*] I've actually omitted a bit here for brevity - I actually did Alt-1 to
> get to another window, used 'top' in a command-line window to find Opera's
> PID, and killed it. But when I reloaded Opera, it was set to reload its
> pages so the offending spoof came right back. That's when I figured I had
> to close that tab somehow.
>
> cr
> --
> The linux-thinkpad mailing list home page is at:
> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
>
--
This email and any files transmitted with it may be confidential and legally
privileged. They are intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email in error, please
notify the sender by return email immediately, and then delete and destroy
this message and its
attachments.
--001636ed6776a74cb904736c1a17
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Well - seems a 'splat!' across the screen like this comes up rarely=
- a reminder of how vulnerable Windows is.=A0 Very much enjoying figuring =
out Ubuntu - - well worth the effort.=A0 On to getting my pcmcia card to wo=
rk armed with ndiswrapper (or not!)<br>
<br>Thanks to all for being so helpful!=A0 <br><br>Andrea<br><br><div class=
=3D"gmail_quote">On Sat, Sep 12, 2009 at 8:28 PM, cr <span dir=3D"ltr"><=
<a href=3D"mailto:cr@orcon.net.nz">cr@orcon.net.nz</a>></span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204,=
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class=3D"im">On Sunday 13 September 2009 07:45:09 Stephen Ryan wrote:<=
br>
> On Sat, Sep 12, 2009 at 3:36 PM, Andrea Levin <<a href=3D"mailto:an=
drea.b.levin@gmail.com">andrea.b.levin@gmail.com</a>><br>
wrote:<br>
> > Whew, and thanks so much for the reassuring and informative repli=
es - and<br>
> > indeed, The Thing looked exactly likeTthe Thing on the link at<br=
>
> > <a href=3D"http://likuidkewl.blogspot.com/2009/05/oh-no-windows-v=
iruses-on-my-linux-" target=3D"_blank">http://likuidkewl.blogspot.com/2009/=
05/oh-no-windows-viruses-on-my-linux-</a><br>
> >box.html. Now that I've caught my breath, I can see it was one=
of those<br>
> > rogue security software things.=A0 And still wondering exactly ho=
w it came<br>
> > in.<br>
><br>
> I downloaded the same spreadsheet and saw the same screen, so I'm<=
br>
> pretty sure that's where it came from; I just killed the browser t=
o<br>
> get rid of the popups.<br>
<br>
</div>I think it runs in Java in your browser.<br>
<br>
I got that damn thing a few days ago - in Opera, running under Debian. =A0 =
I<br>
have no idea what site it came from. =A0 =A0It was obviously a spoof since =
it was<br>
showing Windows directories that don't exist on my system (and equally<=
br>
obviously a Windows virus scanner won't even run under Linux). =A0 So i=
t must<br>
have been running in Java in my browser. =A0 It popped up an 'error box=
' and<br>
when clicked on to close it, just popped it up again before I could reach t=
he<br>
tab page 'close' button, so making it impossible to close the tab. =
=A0 [*] =A0 I<br>
found hitting 'Enter' also closed the errorbox, so I moved the mous=
epointer<br>
to the browser's 'Tab close' button, hit 'Enter' to clo=
se the errorbox and<br>
clicked on the 'Tab close' before the errorbox could respawn. =A0 =
=A0 Then I<br>
disabled Java in Opera.<br>
<br>
The moral is, if some phony app starts telling you about all the *Windows*<=
br>
viruses you've got in your Linux system, you can be sure it's bogus=
.<br>
<br>
[*] =A0I've actually omitted a bit here for brevity - I actually did Al=
t-1 to<br>
get to another window, used 'top' in a command-line window to find =
Opera's<br>
PID, and killed it. =A0 But when I reloaded Opera, it was set to reload its=
<br>
pages so the offending spoof came right back. =A0 That's when I figured=
I had<br>
to close that tab somehow.<br>
<br>
cr<br>
<font color=3D"#888888">--<br>
</font><div><div></div><div class=3D"h5">The linux-thinkpad mailing list ho=
me page is at:<br>
<a href=3D"http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpa=
d" target=3D"_blank">http://mailman.linux-thinkpad.org/mailman/listinfo/lin=
ux-thinkpad</a><br>
</div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>This email =
and any files transmitted with it may be confidential and legally privilege=
d. They are intended solely for the use of the individual or entity to whom=
they are addressed. If you have received this email in error, please notif=
y the sender by return email immediately, and then delete and destroy this =
message and its<br>
attachments.<br>
--001636ed6776a74cb904736c1a17--