[ubuntu-uk] Malware targeting Linux.......

[Ivan Wright]

Blackhole exploit has been doing the rounds long enough, and my Ubuntu
system got infected last November back when Adobe Flash was vulnerable.
I found with Wireshark that my computer was beaconing out to a Polish IP
address, fortunately I had a full disk backup from a few days before so I
just flattened my system and restored the backup.

The majority of these Java exploits cause massive resource usage on the
browser and cause it to damn near crash. So they put a simple message on
the screen like "Please wait while page loads"
After its done exploiting your system they dump you back on Google, so you
think nothing is wrong and carry on as normal.
If you've ever seen that your computer may have been infected.

My job is a Network Security Analyst and I monitor a very large network.
This year I've seen Blackhole migrate from Adult sites to pretty much
run-of-the-mill sites such as: Holiday, Car, Shopping, Wordpress, and
Family history websites.
Its no surprise these malware/viruses would progress further as exploit
paths get patched.

I don't like running NoScript as it turns your faithful Linux system into
an annoying little brat like Windows - always asking you questions instead
of just getting on with the job.

My preference is to use OpenDNS and do Top Level Domain (TLD) blocking.
I've set mine to block:
.info - Information
.cc – Cocos Islands
.cn - China
.vn - Vietnam
.cm - Cameroon
.in - India
.ru - Russia
.am - Armenia
.tk – Tokelau
.pl - Poland
.co.be – .co sub-domain in Belgium
.co.tv - .co sub-domain in Tuvalu
That small list ends up blocking the vast majority of malicious websites.

Heres a video I did showing how to setup OpenDNS in Ubuntu:
http://www.youtube.com/watch?v=h2Qa1xqO2v4

Regards,
Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20120711/eb6094e3/attachment-0001.html>