Cross-browser firefox/konqueror malware on Ubuntu Dapper
Tony Arnold
tony.arnold at manchester.ac.uk
Fri Aug 4 17:03:45 UTC 2006
On Fri, 2006-08-04 at 12:08 -0400, ubuntu at rio.vg wrote:
> Charlie Zender wrote:
> > Help! My Ubuntu Dapper laptop has malware infecting its browswers!
> > About three weeks ago my Firefox browser started showing signs of
> > malware infestation. The symptoms are that the browser re-directs
> > my normal requests to click-for-pay sites www.ownbox.com and usseek.com.
> > To get rid of this malware I've tried
> >
> > 0. Re-booting
> > 1. Purging and re-installing firefox
> > 2. Deleting my ~/.firefox directory
> > 3. Running Konqueror instead
> >
> > None of these work. After a few hours of browsing the re-directs to
> > the click-for-pay sites begin again. So this cross-browser malware
> > has somehow installed itself in files that survive re-boots and
> > browser re-installs. I've found other reports of this malware related
> > to Windows PCs, but no instructions on how to erase it from Linux.
> > Any ideas
> >
> > 1. How to find it's source and erase it completely from disk?
> > 2. How to tell if it's phoning home my passwords?
> > 3. Sites that discuss this particular malware?
> >
>
> Check /etc/hosts for any entries pointing to those sites.
Note this file should not be writable by a non-root user, so if this
file has been modified, and you have not been running Firefox as root, I
would also check your machine for root-kits. There are some packages
around to do this, chkrootkit, I believe is one.
Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users
mailing list