Welcome!

Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 beta 1 release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

FBI Drive-by Virus

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4871
Age: 2016
Joined: Sat Nov 11, 2006 10:42 pm

Re: FBI Drive-by Virus

#11 Postby uncle mark » Sun Oct 14, 2012 8:49 pm

lucky9 wrote:Although Microsoft is ultimately to blame.


I dunno...

Company A puts out a product that has widely known defects.

Company B buys it anyway.

Company C is contracted to install the product. It is aware of its defects, and also knows there are well known, documented ways to mitigate the potential damage from the product's defects. Company C does not include those mitigators in its installation.

Company B does not insist that the mitigators be included in the installation. Neither does it implement same said mitigators itself, post installation.

Company A cashes a check. Company C cashes a check. Company B saves a few bucks by not implementing the mitigators.

Company B gets bit by the widely known defects in the product it bought.

Who is to blame for Company B's problem?

Me, I say it's their own damn fault.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
qtech
Forum Regular
Forum Regular
Posts: 662
Joined: Wed Nov 28, 2007 12:21 pm

Re: FBI Drive-by Virus

#12 Postby qtech » Sun Oct 14, 2012 10:27 pm

uncle mark wrote:
lucky9 wrote:Although Microsoft is ultimately to blame.


I dunno...

Company A puts out a product that has widely known defects.

Company B buys it anyway.

Company C is contracted to install the product. It is aware of its defects, and also knows there are well known, documented ways to mitigate the potential damage from the product's defects. Company C does not include those mitigators in its installation.

Company B does not insist that the mitigators be included in the installation. Neither does it implement same said mitigators itself, post installation.

Company A cashes a check. Company C cashes a check. Company B saves a few bucks by not implementing the mitigators.

Company B gets bit by the widely known defects in the product it bought.

Who is to blame for Company B's problem?

Me, I say it's their own damn fault.


May I?

Company D gets call from Company B to repair the mess made by Company C who failed to implement the so called mitigations necessary to operate the defective product made by Company A.

Company D also happily cashes check before proceeding home to use OS from Company X... :p

User avatar
robert1
Forum Regular
Forum Regular
Posts: 188
Joined: Thu Jul 12, 2007 11:19 pm

Re: FBI Drive-by Virus

#13 Postby robert1 » Sun Oct 14, 2012 10:38 pm

uncle mark wrote:I dunno...

Company A puts out a product that has widely known defects.

Company B buys it anyway.


First hand, Company B does not buy it directly from Microsoft, they buy their PCs in bulk from a large vendor (like Dell). in most cases, the purchasing decisions are made by non-technical people who does not know that there is a alternative OS like GNU/Linux & the vendor is most likely a Microsoft partner. the vendor will never offer the purchaser Linux based PCs.

uncle mark wrote:Company C is contracted to install the product. It is aware of its defects, and also knows there are well known, documented ways to mitigate the potential damage from the product's defects. Company C does not include those mitigations in its installation.

Company B does not insist that the mitigations be included in the installation. Neither does it implement same said mitigations itself, post installation.


Again, in company "C"s case, it too, is most likely a Microsoft "Partner"
don't expect them to know any more about security then the average home user. their job, just like Microsoft, is to sell Microsoft software & to keep the customer on the upgrade treadmill forever. also, i must add that , company "B" does not always use a third party.

uncle mark wrote:Company A cashes a check. Company C cashes a check. Company B saves a few bucks by not implementing the mitigations.

Company B gets bit by the widely known defects in the product it bought.

Who is to blame for Company B's problem?

Me, I say it's their own damn fault.


i say it is STILL Microsoft's fault. because of all of the anti-competitive acts that they did against Linux (and other O.S.s) many people still do not know that Linux exists.

User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 11380
Joined: Wed Jul 12, 2006 5:54 am

Re: FBI Drive-by Virus

#14 Postby lucky9 » Mon Oct 15, 2012 3:50 am

Of course it's Microsoft's fault! But just in case you haven't read their EULA I'll refresh your memory. They do not claim to have a product that you can use for what you want to use it for. Period.

They do not claim impregnability. Period.
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
Fargo
Forum Regular
Forum Regular
Posts: 606
Joined: Thu Dec 09, 2010 3:44 pm

Re: FBI Drive-by Virus

#15 Postby Fargo » Mon Jan 13, 2014 2:58 pm

Linux is not immune to this virus.

Two months ago a friend and I built a computer for his parents and we installed SolydK for the OS. Which is a rolling release based on Debian testing and is updated regularily. One month ago they got high speed internet. This morning my friend called me and said they have malware on their computer. After some research it turns out their Linux machine (SolydK) is infected with the Reveton virus. How deeply its infected we don't know. They get the FBI warning pop up window, but the machine seems to operate ok. So it did not lock up the system as it would have done in Windows. But it still contracted the virus and gives them a popup they can not close or get rid of. Its unknown if any passwords or other information was stolen or if keystrokes are being watched. All we know is they got infected with this virus after being on Linux 2 months. I am still trying to figure out how much damage may have been done and how to remove the virus. There is no info out there on linux virus removal. If any one knows anything let me know. Thanks. Sorry for reviving such an old thread. But it seemed relevant.

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3757
Joined: Wed Jul 12, 2006 4:05 pm

Re: FBI Drive-by Virus

#16 Postby timkb4cq » Mon Jan 13, 2014 3:53 pm

Only the javascript browser exploit of this ransomware works in Linux. It's a simple javascript loop that keeps Firefox stuck on the page. The O.S. doesn't get infected.

Use Ctrl-Alt-Esc to bring up the task killer cursor and click on the Firefox window to force shut it.
The use Dolphin to rename your ~./mozilla folder. When you start Firefox again it should be fine.

If you have a lot of bookmarks or extensions, you might try deleting the contents on the 3 cache related folders in ~.mozilla/firefox/default{random characters}/ intead of renaming the folder. That should work while preserving your setup.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
Fargo
Forum Regular
Forum Regular
Posts: 606
Joined: Thu Dec 09, 2010 3:44 pm

Re: FBI Drive-by Virus

#17 Postby Fargo » Mon Jan 13, 2014 4:09 pm

timkb4cq wrote:Only the javascript browser exploit of this ransomware works in Linux. It's a simple javascript loop that keeps Firefox stuck on the page. The O.S. doesn't get infected.

Use Ctrl-Alt-Esc to bring up the task killer cursor and click on the Firefox window to force shut it.
The use Dolphin to rename your ~./mozilla folder. When you start Firefox again it should be fine.

If you have a lot of bookmarks or extensions, you might try deleting the contents on the 3 cache related folders in ~.mozilla/firefox/default{random characters}/ intead of renaming the folder. That should work while preserving your setup.



Thanks, I had suspected that only the java portion of the virus was working. I'll forward your suggestion to my friend.

I also wanted to add that its helpful post like this that make it hard to install anything other than Mepis.

User avatar
richb
Administrator
Posts: 15421
Joined: Wed Jul 12, 2006 2:17 pm

Re: FBI Drive-by Virus

#18 Postby richb » Mon Jan 13, 2014 4:36 pm

Fargo wrote:I also wanted to add that its helpful post like this that make it hard to install anything other than Mepis.

Or install any Linux and stay on this Forum for very helpful generic advice.
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX-15- 64 - migrated to MX-16 RC1
HD Test: MX-16 RC1
AMD A8 7600 FM2+ CPU R7 Graphics, fglrx driver, 16 GIG Mem. Samsung EVO SSD 250 GB, 350 GB HD

User avatar
Fargo
Forum Regular
Forum Regular
Posts: 606
Joined: Thu Dec 09, 2010 3:44 pm

Re: FBI Drive-by Virus

#19 Postby Fargo » Mon Jan 13, 2014 5:02 pm

Interesting thing here. I previuosly told my buddy to install ClamAV. So he did. They then rebooted the system without running anything and the popup was gone. Is clam setup to run automatically. Could Clam have removed it for them?

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 13660
Age: 59
Joined: Fri Dec 15, 2006 8:07 pm

Re: FBI Drive-by Virus

#20 Postby Stevo » Tue Jan 14, 2014 1:08 am

I don't use antivirus, but I can't imagine ClamAV would remove anything without any interaction with the computer operator. Maybe the Javascript malware is buggy, too (not uncommon).


Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests