APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Windows Spam on Linux

© August 2009 Bill Mohrhardt
by Bill Mohrhardt

I was NOT on-line last night, actually reading a book instead, when my wife comes downstairs saying that our computer is telling her that it has been infected with spyware and that we NEED to download some software to fix that.

I chuckled, of course, knowing that our computer is RHEL5 using Firefox 3.0.x. But, being the 24/7 support person, I went upstairs. The odd thing was that the screen behind the dialogue box looked very Windoze-like. I went to a terminal window, and did a kill -15 on the firefox process. That killed it right away, and it was only using 5% of CPU, so it couldn't have been too evil.

I then did a find / -ctime 0 -print to see all of the changes/adds. Interestingly, there were some .wine files in our /tmp, which would explain the Windoze-like appearance. I am kind of curious now what the thing might have tried to do had we agreed to download their anti-spyware.

Anyway, I wiped out the /tmp stuff, and our Firefox is already configured for clearing out temporary Internet files upon exit. I then did a restart, and checked my ps -ef and everything was all clear. I will admit though, that Firefox 3.0.x (versus 2.0.x) seems to be a very busy program, using CPU time even after one closes it out. It is probably writing some cached database entries of some variety. Who knows?

Gee, maybe I need one of those Linux-based anti-spyware programs........ not!

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Windows Spam on Linux:

1 comment

Inexpensive and informative Apple related e-books:

El Capitan: A Take Control Crash Course

Take Control of Pages

Photos for Mac: A Take Control Crash Course

Take Control of Automating Your Mac

Take Control of OS X Server

More Articles by © Bill Mohrhardt

Wed Aug 19 01:51:10 2009: 6766   drag

I recently lent a Linux laptop to a friend that needed it for job hunting (she recently being unemployed). She is a fan of places like Myspace in the past and has recently discovered Facebook and is now happily tearing it up online during her period of joblessness. (Yay for people that have open wifi!)

She somehow gone to a web page that worked it's way around Firefox's (Iceweasel, actually) pop-up prevention and proceeded to convince her that she had no less then 150 different pieces of malware detected and she needed to run the anti-spyware software immediately.

Of course she panicked and didn't know what to do. Being the enterprising type she was hoping that she could resolve the problem without my intervention.

The next weekend I visited her and saw that she downloaded and attempted to execute about 20 different instances of the malicious 'anti-spyware' program. I didn't have Wine installed so none of them executed. A quick drag to the trash and it was history.

A example image of the sort of thing that people run into while using Linux:

Kinda amusing. Although I suppose it could of been a ELF executable as much as a Windows Exe. In that case she would of been screwed for a while.

Of course the machine is setup to use 'su', not sudo in the Ubuntu-style, and she had no idea what the root password would of been anyways... So the thing would of probably been limited to her user account (unless it was smart enough to figure out a local privilage escalation exploit, which (unfortunately) is not terribly difficult to find in any OS). Cleaning up a infection limited to a user account should be easy to clean up.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Perl: The only language that looks the same before and after RSA encryption. (Keith Bostic)

Linux posts

Troubleshooting posts

This post tagged:






Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)