Cross-browser firefox/konqueror malware on Ubuntu Dapper
Peter Garrett
peter.garrett at optusnet.com.au
Fri Aug 4 17:08:01 UTC 2006
On Fri, 04 Aug 2006 12:57:23 -0400
Ken Siersma <siersmak at ekkinc.com> wrote:
> Just thinking out loud. I do think (and hope) that what really happened
> is the user's files were modified, not the system files. But I have no
> idea which ones...
My immediate thought was "poisoned DNS". I think Michael asked the
right question - where are the addresses coming from? Is it possible that
another machine on the network is actually at fault? ( For instance, a
caching DNS server or similar).
It's difficult to see how this could happen to the machine's /etc/hosts if
that file has correct permissions ( that is, root:root and 644 ).
Peter
More information about the ubuntu-users
mailing list