Find the answer to your Linux question:
Results 1 to 6 of 6
I went to a web site today that obviously tied to install some sort of spyware. The computer appeared to go to "My computer" and said that Windows (neither of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2009
    Posts
    9

    Spyware in Ubuntu?


    I went to a web site today that obviously tied to install some sort of spyware. The computer appeared to go to "My computer" and said that Windows (neither of which are on this computer, hence knowing that it was bogus) had found spyware infections and went through the beginnings of a bogus virus scan and also reported trojans. Firefox would not close, so I shut down the computer and restarted it, when I restarted firefox it went right back to the fake site (twice). So I disconnected my cable modem, restarted the computer, opened another Firefox window, and cleared personal information and made sure the home page was still google (it was). The only personal information I save on the computer is a password to my verizon phone account (which I immediately changed), and it seemed to be wiped out of the verizon minutes plug-in (although I checked it after clearing personal information, so I may have done that).

    I'm running Ubuntu, I use Firefox, and Firestarter reports the firewall as active, so I imagine that I am pretty safe, but the fact that I turned off the computer and was directed to the fake site has rattled me a little. The site was tithed.info (which was linked via google), has any one heard of it? How can I reassure myself that I don't have spyware or some other nasty sitting on my computer. Also, since I do have Vista on the computer, could something transfer over to that system?

    Thanks for any advice.

  2. #2
    Linux Guru
    Join Date
    Jul 2008
    Posts
    4,205
    I have ran into this drive by malware more times then I can remember, Not just using Ubuntu either. Clearing History and browser cache is all I usually have to do. No need to shut down computer. I just kill Firefox with terminal if it won't close.

    You can kill Firefox in terminal by using the top command to open up something like Task Manager and can kill Firefox from there.

    On my other Distros I just make a Xkill button or entry in Menu.

    Sounds Like a cookie or something like that got Firefox to take you back to the site when it opened. After you deleted

    So I disconnected my cable modem, restarted the computer, opened another Firefox window, and cleared personal information and made sure the home page was still google (it was). The only personal information I save on the computer is a password to my verizon phone account (which I immediately changed), and it seemed to be wiped out of the verizon minutes plug-in (although I checked it after clearing personal information, so I may have done that).
    You probably erased all trace of that malware crap from your browser. For me Just Clearing History and cookies and cache is enough. I never have any problems after that. We have admin locked up with a password and no dlls so I wouldn't sweat it. At least I don't and I have seen this malware a bunch on the web. I finally installed WOT add on into Firefox to help me cut down on that crap.

    It's more of a nuisance in Linux than something to really sweat over.

  3. #3
    Linux Newbie
    Join Date
    Nov 2007
    Posts
    232
    HI Dave, this happend to me 3 weeks back, using ubuntu 8.4, it was a legit online edition of a newspaper website that got mine... I tend to think it is an attack on firefox, and not so much ubuntu, although this makes 2 ubuntu comps reporting it. I have a feeling this is giong to be reported alot in the next few weeks/month. looking back, I wish i would have posted the website link in the forums to have some of the gurus go have a look. I run mint 7 now, and no further incidents.

  4. $spacer_open
    $spacer_close
  5. #4
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    For whatever it's worth, Norton Safe Web considers it a slight risk for Windows users because of the JS.Downloader.Trojan:

    Norton Safe Web, from Symantec - report for tithed.info
    oz

  6. #5
    Just Joined!
    Join Date
    Sep 2009
    Posts
    9
    Thanks for the advice. It popped up again later, but wasn't quite so tenacious - it allowed me to "X" out Firefox and restart without problem. I don't even know if the two instances were connected, but I'll pay attention. But I won't sweat over it. Now if I was running Windows....

  7. #6
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,045
    Quote Originally Posted by dave104 View Post
    ... The site was tithed.info (which was linked via google), has any one heard of it?
    ... looks like another one to add to /etc/hosts list as here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •