Find the answer to your Linux question:
Results 1 to 10 of 10
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    [SOLVED] Allert !!! Is my linux under attack?

    This morning I installed a new Linux O/S. Using Firefox, I was browsing a few sites I use to see. Soon one window opened, saying my system was under attack. It asked me to click a buttom, to do the cleaning. I disconnected my modem, and pressed ok.
    hen I was presented with the attached information.

    Does someone has a clue about what is this?
    Never happened to be before.
    I'm using inux, and the Linux o/s where this happened, since one year
    Attached Images Attached Images
    Last edited by wilifo; 05-03-2010 at 04:15 PM. Reason: Allert !!! changed to Allert ???

  2. #2
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    The Netherlands
    This is I think a malware website that you see, designed to look like a Windows security alarm.

    By the looks of it you're running Gnome (Ubuntu?) so seeing the Windows Explorer all red and warnings galore inside your browser should give a hint

    It's a scam, targeting non-technical Windows users. Basically they want your money. Stay away from there, you're not the target audience. You should be fine.
    Can't tell an OS by it's GUI

  3. #3
    Linux Guru techieMoe's Avatar
    Join Date
    Aug 2004
    I agree with Freston; this was a scam. Notice the website is designed to look like an open Windows Explorer window, complete with bogus antivirus scanner? You will never see a screen like this in Linux. No worries, move along. I would also warn against ever visiting that website again.
    Registered Linux user #270181

  4. $spacer_open
  5. #4
    Thanks Freston and techieMoe. I've calm down now. Your explanations make sense and this kind of schemes are nothing new or few in the net.
    What stroke me, is that (together with being using a just installed linux o/s) I was visiting sites that I use to visit, by routine, from long time ago, excluding a link I pressed, I cannot remember now, but I'll get back and check at history.
    Also, since I am using linux/firefox, ( in this case, as I said fresh install= few cookies) never ever anywhere, anything (even far) similar, had happened before. My first tough was some kind of vulnerability at Firefox, by the apparent easy manner how I was targeted with the said window, and even after I disconnected my net, after pressing the ok button, Firefox did still brought a new window showing a progress bar, that ended with what we see at the pick. And yes, its the last Firefox stable version that I was using.
    Anyway, I think I did well to post here. Sure it was nothing serious, your explanations helped and in case someone get scared with something the like, and come here for help, this thread may be useful.

    Thanks again friends.

  6. #5
    Just a quick humorous aside note.

    This is a "bad" collateral effects of only using Linux since a long period of time.

    After one year of clean browsing, one is exceptionally targeted with malware while browsing, and he seem to have forgotten all the crock net tactics, learn along more than 10 years with windoze. !!!
    Last edited by wilifo; 05-03-2010 at 04:31 PM. Reason: spelling

  7. #6
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    The Netherlands
    Sure, no problem! Better safe than sorry.

    There's many ways in which they could have done this to sites you're familiar with. I'm no expert on any of them, but XSS, DNS-poisoning and plain old HaXxx0R$ can achieve these things using a variety of vulnerabilities.

    As you, I've never seen such a site in the wild, but I understand there's a whole profitable industry based on it. It's one reason I run the NoScript addon in the browser.
    Can't tell an OS by it's GUI

  8. #7
    Freston said:
    "It's one reason I run the NoScript addon in the browser."
    Good point Frestone. After this, I'll do the same. Thanks !!

  9. #8
    As a parallel note, at this right moment, a very interesting "discussion" about online security, is taking place at the DWW. For those who may be interested to have a look, start looking comment n 43, and follow it.

  10. #9


    A few moments ago, I logged into the Linux o/s where the related problem did happen. I found out that I was not able to start it anymore. Technically, I do not know why.

    I did the following:
    Went to /home/paltest/.mozilla/firefox/xxx999.default, and copied all the files there to another folder.

    My idea was:
    directory by directory, copy all files under "/home/paltest/.mozilla/firefox" to a different folder.
    Then, delete all of them from it's original place.
    And at last, from another Firefox, installed in the same distro at other partition ( one install is a stable version, the other is a testing one) copy all similar files, to replace the deleted ones.

    Well, it worked. After the first replacement Firefox did start.
    I guess that one or more of the replaced files, become corrupted.

    Due to the malware, or
    due to myself, as I did shut down from the on/off pc box button, after I did the desktop pic and copied it elsewhere. One or the other may have corrupted some file.

    As I'm not sure, I'll report to Firefox and see if they are interested to look at the original files.

    I'll come back here, in case I'll get some feed-back from Firefox.

  11. #10

    Final Update

    Reported to Mozilla, at
    Bugzilla@Mozilla Bug 563855

    Final status: RESOLVED INVALID on 2010-05-05 11:57 PDT, by matti.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts