Possible threat?

rikona rikona at sonic.net
Thu Dec 20 16:40:08 UTC 2012

Some folks on a mailing list have been infected with a virus that
seems to be spreading rapidly. I thought I'd get a little info about
who might be behind this by looking up the domain, which has been
changing more than once a day. Earlier domains were very recently
created, with a bogus admin contact, in the Ukraine.

The current one is newsonmsnbc.com. I thought I'd copy this and do a
whois. This time, though, I was in Claws mail, and not in my usual
client, TheBat. Unfortunately, Claws mail immediately opens the link
if you press the mouse button anywhere inside the link, and so it was
opening in Opera even before I could move the mouse to copy. As soon
as I realized this I went to Opera, stopped the access, and closed the
tab. BUT - there was a very large surge of continuous disk activity
which continued for a couple of minutes, with nothing else going on in
the box [running 10.04]. Maybe a coincidence, but worrisome.

So, what is the best way to check for a possible new malware problem
if one sees suspicious activity?

Anyone know what the newsonmsnbc.com link is trying to do?



More information about the ubuntu-users mailing list