Viruses? can I get them?

For discussions about security.
Message
Author
User avatar
gposil
Posts: 1300
Joined: Mon 06 Apr 2009, 10:00
Location: Stanthorpe (The Granite Belt), QLD, Australia
Contact:

#41 Post by gposil »

Lobster,

Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc

Just thought those security conscious people would be interested.

Cheers
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#42 Post by Lobster »

Just thought those security conscious people would be interested
Guy
Mind viruses are the real enemy

For example the Dpup Beta 2 is uploaded to about 60MB at present
BUT
some people will download (gosh may even do it myself for that noob sensation]
check the md5sum
convince themselves their security is breached or some hacker is intercepting or . . .
[pause for breath]

is the worm in your head bigger than the threat
Answers in a crypted message to the usual drop zone :)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#43 Post by nubc »

Lately, I have acquired trojans from advertising popups, and the immediate remedy is to use the Adblock feature built into Puppy 4.3.1 (Seamonkey 1.1.18) to get rid of the advertising, and now getting no new viruses. This is why I desperately need Adblock 0.5 for Seamonkey 1.1.8.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#44 Post by mikeb »

Lately, I have acquired trojans from advertising popups
would you care to elaborate?

mike

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#45 Post by nubc »

...not only trojans, but rootkits as well...
http://www.murga-linux.com/puppy/viewtopic.php?t=48548

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#46 Post by mikeb »

From that thread you are talking about XP with Internet explorer installed...so normal behaviour...you don't even have to run IE to get those.

You made it sound like this had happend whilts using puppy...my misunderstanding sorry

regards

mike

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#47 Post by nubc »

@mikeb
Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#48 Post by mikeb »

Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
ah those things....they use javascript and then make a page look like windows explorer or similar, or as you mentions the you are infected tripe...if only they knew :D. I'm not sure how the javascript settings in preferences would affect these happenings..the ones designed to limit what javascript can do.

mike

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

Pop-unders

#49 Post by drongo »

I have seen those kind of "scare-windows" a few times whilst using Puppy. They are quite amusing - especially the ones that refer to directories which you don't even have on your Windows partition - which isn't even mounted!

You sometimes see a pop-under window which only appears after you close or minimise the browser but this is just a scary window, it doesn't mean they are scanning or installing anything on Puppy Linux. Some of them are quite persistent - the only way I can get rid of these is to kill the process.

As far as I know, though, all quite harmless if you are using Puppy. I know this might be alarming for would-be Windows refugees but is it possible the pop-under is generated by a site you visited before Puppy Linux? If the Puppy forum is the last site you visit before closing the browser that's when you'd see the pop-under.

I usually visit the Forum with adblock enabled either on Seamonkey in Puppy or on Firefox in XP. Is it possible that's why nobody else has reported this? If it comes from an ad I'd never see it.

The last thing we should be doing is allowing these rogues to scare people away from Puppy.

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#50 Post by nubc »

word to the wise: When I was getting those popups on Puppy Forum, I actually had one trojan and three rootkits in operation on my Windows computer, which I occasionally used to visit the forums. The rootkits prevented my security software from detecting them, as well as preventing Windows security patches and updates from AVG.

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

More details required

#51 Post by drongo »

Well tell us their names, then perhaps someone can scan the Forum for nasties - assuming it isn't some ad containing a cross-site script which is no longer present.

The problem with modern exploits like this is that one vulnerability may be used as an enabler or hook for something else to attack your system. You may have picked up the rootkits from elsewhere and these enabled some nasty on the Forum to try something else.

Worst infestation I have ever encountered (not on one of my own machines) was two and a half million files produced by a worm (I think it was) on a Windows Server. Couldn't even open that directory in Windows. If you opened a command line the machine rebooted. It modified something/System32/drivers/etc/hosts so that all common anti-virus sites were mapped to 127.0.0.1 . It prevented you viewing hidden directories or files which it had dumped on the machine and did a whole heap of other nastiness.

Fixed it with SLAX (Puppy wouldn't mount the RAIDed drives). Even that couldn't open a directory with millions of files in a graphical window so I deleted them all from CLI.

Point is, I have fixed broken/infested Windows boxes a few times with a Linux live-CD (usually Puppy)

I have never fixed a rootkitted Linux box with a Windows recovery disk!

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#52 Post by cthisbear »

" word to the wise: "

///////////

Dreamin.

http://www.imdb.com/title/tt0118826/quotes
" I am sorry to tell you in quite this fashion.

Tell 'im 'e's dreamin'

http://www.youtube.com/watch?v=dik_wnOE4dk

///////////

Wise up.
Did you not read my second post.

" I am sorry to tell you in quite this fashion.

But >>>>Absolute Bullshit Moment. "


http://www.murga-linux.com/puppy/viewtopic.php?t=48548

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#53 Post by nubc »

Oh, I know the nasties came from another source, not Puppy Forum. Sorry if I gave the impression the problem originates here. Point being, if you're seeing popups here, you may already have trojans, possibly rootkits. At least, I had those guests on my WinXP laptop when I was seeing popups here. The incidents I mention above are reports on another forum.
http://www.murga-linux.com/puppy/viewto ... 144#378144

I personally experienced rogue AV popups and spontaneous browser closing using Puppy Seamonkey 1.1.8 on the problem site (not Puppy Forum). That's why I requested Adblock, and user Patriot supplied a link to the latest version for Seamonkey 1.1.x. Works good, smooth installation, no problems so far.
Adblock Plus version 1.0.2
https://addons.mozilla.org/en-US/seamon ... sions/1865

@cthisbear: np
Last edited by nubc on Wed 06 Jan 2010, 02:09, edited 6 times in total.

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#54 Post by cthisbear »

" Oh, I know the nasties came from another source, not Puppy Forum. "

My apologies then.

Chris.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#55 Post by Aitch »

nubc

I find running ABP, + Noscript + WOT in either seamonkey or firefox/firepup works for most nasties

WOT will warn of sites before you visit, but spammer redirects are OS independent

https://addons.mozilla.org/en-US/seamon ... 7604afae7a

https://addons.mozilla.org/en-US/firefox/addon/3456


Aitch :)

benali72
Posts: 292
Joined: Wed 09 Aug 2006, 17:27

Malware is coming, we need to be ready for it

#56 Post by benali72 »

With all due respect to everyone here, I believe the sanguine attitudes in this thread about the immunity of Linux and Puppy to viruses and other malware are inaccurate and unforunate.

Malware today is predominantly criminal in intent. It is often developed in parts of the world that are largely immune to western legal prosecution and it is often well-organized, technically proficient, and highly capitalized.

When Linux malware gathers steam it could be highly effective simply because the Linux community as a whole does not yet take the threat seriously and has not prepared for it. Many Linux users don't know to turn on their firewalls (it's not on by default in Ubuntu and Puppy... why not? it is in Windows), and they are under the impression they don't have to install anti-malware scanners. This makes them easy prey -- so when significant Linux malware appears, we could really get walloped, and our well-deserved reputation for superiority to Windows in this area could become tarnished. We could end up looking pretty naive for having not prepared to repel even the less sophisticated attacks that are initially expected.

I hope the Linux community will start to take this threat more seriously before we find our reputation compromised.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#57 Post by Lobster »

A windows user was scammed
Bless her, she now has a website
She was featured in this weeks BBC Click program
and is campaigning to make Windows safer and offering tests like so
http://www.cyberfraud.org.uk/risk/isyou ... rsafe.aspx

Taking these test you will find Puppy is 'unsafe' (not quite true)
In fact you might like to read how the Borg will be defeated in another multiverse . . .
http://www.ariel.com.au/jokes/Star_Trek ... cript.html

anyways . . . I wrote to her and suggested she used Puppy.
Which is safer than any known Windows configuration

For those needing military grade software I would recommend
BSD - but then . . . many military outfits are using Windows.
The NSA I believe use a hardened Linux

Maybe this scam and bad site search engine will be of use . . .
http://www.jasonmorrison.net/is-this-a-scam/

Perhaps someone would be kind enough to write a Puppy Virus
so that everyone who needs one can study the code?
(Make it Open Source)
- Or you might not bother . . . :oops:

Normal tin hat paranoia is now resumed . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#58 Post by mikeb »

I hope the Linux community will start to take this threat more seriously before we find our reputation compromised.
If you had any understanding on why windows gets infected you would not make such statements....a common myth.
Microsoft have known the cause and the cure for years but will never implement it because having an OS that will fails after a year or 2 is good business for them.

I have in the past deliberately clicked on scam links, visited dodgy sites and run infected binaries on puppy and the worst I ever got was a browser crash....try it.

mike

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#59 Post by Aitch »

Perhaps someone would be kind enough to write a Puppy Virus
so that everyone who needs one can study the code?
Lobster,

Just for you :wink: [well not code, exactly as intended]

Image

or anyone else wanting to spoof their non-believing friends

He He - A Puppy-harmless-virus

Aitch :)

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#60 Post by mikeb »

Actually I seriously want a windows (and linux?) program to run an icon in the taskbar and have a pop up with reassuring 'you are up to date and safe' messages as the majority are so conditioned that viruses and antivirus crap is the norm they need a placebo I feel

mike

Post Reply