trojans and Ubuntu

[sktsee]

On Fri, 18 Jan 2008 12:13:36 -0600, Tim M wrote:

> Yesterday a friend of mine asked me about identity thief protection
> sites and she sent me a link to one asking if it was okay. I clicked on
> the link on my laptop running 10.7 (also protected with NoScript).
> Anyway this morning I was talking to my boss he is in charge of Internet
> security for a major company (I work for him part time in his own
> business). He said that if she clicked on that site she could have
> introduced a Trojan into her computer. I will not post the site address
> here . . . anyway, he might have misunderstood me or I might have
> misunderstood him. Now I need to tell my friend, who suffers from panic
> attacks) to reinstall her system. I guess I should listen to my boss . .
> . I am wondering what the group thinks about what he said and that if my
> system might be compromised also.
> 
> 

Your boss is probably right. If your friend is using a Windows platform 
system, is browsing with javascript enabled, and visits one the 10,000+ 
sites that have recently compromised in a rash of website infections 
since mid December of last year, its possible that her system might be 
compromised. See the following links for details (some links culled from 
messages on Full-Disclosure list)

http://blog.trendmicro.com/e-commerce-sites-invaded
http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/
http://www.securityfocus.com/news/11501
http://www.finjan.com/Pressrelease.aspx?id=1820&PressLan=1819&lan=3
http://www.webhostingtalk.com/showthread.php?t=651748
http://isc.sans.org/diary.html?storyid=3864

So far, I don't believe anyone has figured out definitively how the 
servers, which are primarily linux servers running various versions of 
Apache, are being compromised.


-- 
sktsee