Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 16 Sep 2014, 13:50
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Is your PCs browser being redirected?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Wed 25 Apr 2012, 14:50    Post subject:  Is your PCs browser being redirected?
Subject description: Do you trust the FBI to see?
 

I recently read an article on some servers that were set up to redirect web site requests for malicious purposes.
It claimed there were a lot of infected computers that may loose their internet access when the FBI takes down two servers that it set up to replace confiscated servers that were redirecting users to their sites for malicious purposes.
I have already checked out the site the FBI says one should visit to see if their PC is infected.
If you are adventurous, you can visit that site at
http://dcwg.org.

I did not post the address as a live link, so you would have to copy and past it to your address bar in your browser.

You can find the original writeup by USA Today at.

http://www.usatoday.com/tech/news/story/2012-04-20/internet-woes-infected-pcs/54446044/1
Back to top
View user's profile Send private message 
majorfoo

Joined: 07 Mar 2011
Posts: 445
Location: Wish I knew

PostPosted: Sat 28 Apr 2012, 15:58    Post subject: Re: Is your PCs browser being redirected?
Subject description: Do you trust the FBI to see?
 

8-bit wrote:
I recently read an article on some servers that were set up to redirect web site requests for malicious purposes.
It claimed there were a lot of infected computers that may loose their internet access when the FBI takes down two servers that it set up to replace confiscated servers that were redirecting users to their sites for malicious purposes.
I have already checked out the site the FBI says one should visit to see if their PC is infected.
If you are adventurous, you can visit that site at
http://dcwg.org.

I did not post the address as a live link, so you would have to copy and past it to your address bar in your browser.

You can find the original writeup by USA Today at.

http://www.usatoday.com/tech/news/story/2012-04-20/internet-woes-infected-pcs/54446044/1


Interesting article - I tried http://www.dns-ok.us/ and my computer came back green, which is supposed to be ok.

Guess we will have to wait and see what happens in July.
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Sun 29 Apr 2012, 06:24    Post subject: Is your PCs browser being redirected  

Hi 8-bit,

From what I have read so far, this security breach has impacted Windows and Mac systems. I haven't found any evidence (yet) that a Linux based system has been infected with this malware.

Can anyone confirm this?

Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sun 29 Apr 2012, 07:03    Post subject:  

8-bit thanks to taking up this subject.

I don't trust them but tested anyway and it says Green
but like Monsie above I guess it only work on Win and Apple?

So suppose I have it on WinXP or Win7 and never test
it booting into MS Windows then it is Green on Linux
and I have no idea what happens when I finally boot
into Ms Win? some months from now when I need to
update or upgrade a smartphone using Ms Win.??????

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Sun 29 Apr 2012, 08:19    Post subject:  

u can check if u are infected:

from this site:
http://www.publicsafety.gc.ca/prg/em/ccirc/2011/in11-002-eng.aspx.

u can find "Known Malicious DNS Server IP ranges":
Code:

    85.255.112.0 through 85.255.127.25
    67.210.0.0 through 67.210.15.255
    93.188.160.0 through 93.188.167.255
    77.67.83.0 through 77.67.83.255
    213.109.64.0 through 213.109.79.255
    64.28.176.0 through 64.28.191.255


from this site u wil find how to get your current DNS servers for Linux and Windows:
http://www.cyberciti.biz/faq/how-to-find-out-what-my-dns-servers-address-is/

if your DNS IP is in one of above IP ranges u probably get infected if not everything is ok
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Mon 30 Apr 2012, 00:21    Post subject:  

That is interesting additional information.
My IP is not in the range of addresses you showed and running Puppy, the site I gave shows it as good.
I also tried my laptop that boots to Win7 64bit and it also reported clean.
I wonder if it depends on whom one uses as their IP.
Mine is through Century Link (also known as Quest).
I imagine that bigger IPs check to see that their IP address is not being hijacked/redirected.

Also, did you know that when you do a web search using Google, the link they give to the information you are searching for is not a direct link?
It is instead a Google link that takes you to the ending link.

Also, I have noticed in Windows that it seems I get a lot of pop up notices of Flash Player wanting to update itself.
I used to use a Toshiba Laptop that ran fairly fast with the factory install of Windows XP.
After a long series of Microsoft updates, XP has became so slow as to make the PC unusable.
I installed Puppy on it to get the usability back.

I could and maybe should also mention that my other Toshiba laptop that runs Windows 7 64bit from the factory screamed as to speed.
After again a number of Microsoft updates, the laptop has slowed down and it is noticeable in I now get the busy circle icon a lot more as well as desktop icons that redraw a few times before everything stabilizes.

Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?

In my case, I am tempted to try doing a recovery factory install on my older laptop, turning off Microsoft update and all the other stuff that wants to update itself and see if the speed returns.

But.......
I have not checked that laptop for being physically clean and it just possibly could be that the processor is running at a lower mhz due to heat from being dirty.
I say this because the daughter's Acer laptop with Vista was running very slow. I disassembled it and found a genuine block of lint that was blocking 3/4 of the passage to the cooling fins as well as the blades on the cooling fan also being chocked full of lint.
After cleaning, the speed was back to what she said it used to be.
Back to top
View user's profile Send private message 
Adagio

Joined: 06 May 2011
Posts: 126
Location: TerraAustralis

PostPosted: Mon 30 Apr 2012, 01:50    Post subject:  

Quote:

Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?


I thought it was well known that they do that in the months leading up to a new version.
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Mon 30 Apr 2012, 02:09    Post subject:  

Quote:
...the site I gave shows it as good.

i think this site is doing thae same that u can do manually using method from my post (it is possible to read DNS IP server), eg. on this page:

http://www.dnswatch.info/

put your IP (i think that your site is reading your IP automaticaly) in the Hostname or IP field and click ok, u should notice that one of printed IPs is your DNS server (should be two last positions) - so your site is doing something similar - is taking your IP and look for DNS server IP and chceck if it is in the bad range

Quote:
I wonder if it depends on whom one uses as their IP.


yep i think that everyone retrieve DNS IP from own internet provider when login to own provider network, eg. in Windows i have 2 DNSes: one is from my provider and one is some trusted country DNS server, but i think that a virus (DNS Changer virus or whatever could easily change this)

u can try to use DNS server for free from this page:
https://www.opendns.com/

and how to change it:
http://www.techsupportalert.com/content/how-change-dns-server.htm

Quote:
Also, did you know that when you do a web search using Google, the link they give to the information you are searching for is not a direct link?
It is instead a Google link that takes you to the ending link.


yep i've noticed this earlier, i think it was browser dependant: in IE i didn't saw redirection, but in FF with earlier version NoScript Plugin i saw it (this Google redirection stuff is JavaScript command so NoScript blocked it, i've checked this redirection stuff, because when i saw this information i clicked stop button in a browser and coud check redirection source code, it didn't send me to another location), now with new version of NoScript i don't see info about redirection, i think new version is compatible with Google code, i don't know if Google make this for safety or for their own bussines, but i think it was not virus

Quote:
Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?


maybe, i'm using Vista 32bit (but my favorites were 98 and 2000, i've got Vista with laptop and i will not go for 7 or 8, i think that if i will buy new laptop someday i will want it with Linux or without any system) with firewall, antivirus and Spy Search and Destroy app working, and i don't have problems, everytime when i uinstall something (especially big) i'm using cleaning tools to erase all files and registry entries that left and make hd/registry defragmentation (i'm doing hd defragmentation from my Vista live CD disk, i think that is quicker that doing that in system booted from hd)
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Mon 30 Apr 2012, 03:52    Post subject: Is your PCs browser being redirected?  

Adagio wrote:
Quote:

Do you think MS is trying to force the users to update to their latest version of windows by doing updates that slow down the PC?


I thought it was well known that they do that in the months leading up to a new version.


This sounds like an urban myth... where is your evidence?

Respectfully,
Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Mon 30 Apr 2012, 10:33    Post subject:  

I do not know how well MS update cleans up after itself, but on all my PCs that do MS updates, there are empty directories left on C:\ .
Also, I do not know how well it cleans up the registry as when a reboot is required to finish an update, I assume the updating process temporarily adds to the registry to tell the PC to continue the update process.

Of course a lot of try it type games with a time limit on them also write to the registry and an uninstall of the game leaves traces to make sure the user does not try to reinstall the game with the time limit restored.
One can verify that using wine in Puppy and looking at the registry after an uninstall.
You will find that the information for the game is still in the registry and the more garbage that is left in it is overhead that possibly can slow the PC up.
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Mon 30 Apr 2012, 12:23    Post subject:  

yep windows day by day is collecting more shit, but u can clean it a little using those tools (they not clean all shit but it is better than nothing):

numbers mean - my steps to clean shit from windows

1) this tools is good to instal on fresh windows and install all stuf using it (it monitor all registry/hd changes, if not all most of them)
http://www.ashampoo.com/en/usd/pin/0803/Tools_and_Utilities/Ashampoo-Magical-UnInstall

2) this is for cleaning orphans, old backups, old logs etc.
http://www.piriform.com/ccleaner/download
after using this app is good to lokk into programs folder to check if nothing left + clean all cache from any browser

3) to clean registry:
http://www.auslogics.com/en/software/registry-cleaner/download/
http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
http://www.glarysoft.com/products/utilities/registry-repair/download/

4) to defrag registry:
http://www.auslogics.com/en/software/registry-defrag/download/

5) to defrag hd:
http://www.auslogics.com/en/software/disk-defrag/download/

it is not perfect solution but it is better to do something than nothing
and it is good to reinstall windows sometimes (i didn't reinstaled mine since 2 years, i have all patches etc. and it is working quite good in my opinion, it is not a rocket but i didn't exopected from Vista to be the best system, i wish Miscrosoft to return to systems like 98 or 2000)
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Tue 01 May 2012, 03:42    Post subject: Is your PCs browser being redirected?  

Let's go back to my original question: Can anyone confirm whether or not this malware affects users of Linux based operating systems? Is it possible that this malware could have been passed on through e-mail somehow, such that it might not matter which operating system one is running?

I think there is a danger that we can become too complacent in thinking that because we run a Linux distro that we are basically immune to malware.

Thanks,
Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Tue 01 May 2012, 05:14    Post subject:  

from http://techland.time.com/2012/04/23/dnschanger-fbi-warns-infected-computers-will-lose-web-email-access-in-july/

Quote:
How did the malware work? DNSChanger targets Windows or Mac systems (Linux, iOS and Android users are in the clear) by manipulating Domain Name Servers (DNS), which translate syntax-based URLs into IP addresses.


but it is good to make a backup of /etc/resolv.conf and put in a safe place and after july form time to time check this file if the DNS adresses are the same
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 01 May 2012, 05:51    Post subject:  

This disk-defrag-setup.exe would that work in wine on puppy or any other linux?
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
puppy_apprentice


Joined: 07 Feb 2012
Posts: 135

PostPosted: Tue 01 May 2012, 06:22    Post subject:  

nooby wrote:
This disk-defrag-setup.exe would that work in wine on puppy or any other linux?


u can find some portable (zipped, do not need instalation) windows apps to defragment hard drive and run from Wine (i'm not sure because i'm not use Wine), but they are designed for windows filesystem not fo Linux, and Linux file system don't need defragmentation, there are some tools, but this is not necessary, more there: http://www.ehow.com/how_4473590_defrag-linux.html

but if u installed Puppy as frugal - all files are stored on Windows partition - it is good to defragment this Windows partition (so ur linux files will be in one "place", and acces should be quicker to those files), but u can do this from Windows only (u can use Windows own defragmentation utility)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1029s ][ Queries: 12 (0.0044s) ][ GZIP on ]