spyware in ubuntu?

Larry Grover lgrover at zoominternet.net
Tue Jul 19 12:20:31 UTC 2005

Charles Malespin wrote:
>>Did this happen when you were trying to load the google home page 
>>(www.google.com), after you entered some search terms, or when you 
>>tried to follow a link from the search results?  Which browser are you 
>>using?  Mozilla/firefox?
> It happened after I looked up "Ubuntu 686 kernel freeze" from the main
> google site(another story altogether....).  I am using Firefox btw.  

Have you asked on this list for help with your problem?  I've seen 
posts here that sound similar, so maybe some one who's experience the 
same problem can help you out.

>>This just seems weird to me.  The only time I've ever seen anything at 
>>all like this is in web page ads, where someone is trying to get you 
>>to buy some (dodgy looking) security software for windows by 
>>attempting to scare you:  "Warning! Warning! Your computer system may 
>>already be infected!!"
> I have a dual boot with XP so I am familiar with those messages that
> come up through windows, and it was nothing like that at all.  It looked
> straight from the google site, but obviously that doesnt mean it was
> real or not made to look like it was from google.  

Do you know what the URL was?

In another post in this thread Matthias mentions linux rootkits. 
Rootkits can include key-loggers for spying, so they can act like a 
kind of spyware.  I believe rootkits are typically installed manually 
after someone breaks into a linux system.  Windows spyware is 
typically installed automatically, by an email virus, web-site trojan, 

If you're running Ubuntu with a default install, you should be safe 
from attack and rootkits.  Attackers normally break into a system by 
exploiting a flaw in server software (like a bug in an ftp server or a 
web server).  The default Ubuntu install has all external services 
disabled (or not even installed), so there should be no way for an 
attacker to get into your system.

Matthias suggested getting and running a rootkit detection program. 
This isn't a bad idea, if only to put your mind at ease.  The 
chkrootkit program is in the Ubuntu repositories (not sure if it's in 
main or universe, so you might need to enable the universe 
repository).  It won't hurt to install and run it, just to see if 
anything turns up.


More information about the ubuntu-users mailing list