Re: [PLUG] Fun with Viruses, really

JP Vossen on 18 Jan 2009 13:51:41 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fun with Viruses, really

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Fun with Viruses, really

Date: Sun, 18 Jan 2009 16:51:31 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.18 (X11/20081125)

Date: Sun, 18 Jan 2009 13:23:37 -0500 > From: Art Alexion <art.alexion@gmail.com> > Subject: [PLUG] Fun with Viruses, really [...] > That link redirects to radiantspywarescanner.com. That site tries to > install Antivirus 2009 on your system. The first indication was a > javascript message box telling me I may be infected and asking me to > do a scan. Being I was using Linux, I figured I'd have some fun and > let it try try. I was presented with a web page that had an embedded > animated GIF that was purporting to do a scan of my EXEs and DLLs (ha > ha). [...] I got that one several times a couple of weeks ago, sadly from Google alerts for searches I am monitoring. It was bad enough that I was deliberately saving Google alerts to check the only from a Linux box, even though I use FF and NoScript on my work Winblows box. The Google alerts have been a bit better lately, but... So yeah, it was really fun to watch it scan DLLs on the Linux box, and I agree it looked pretty convincing. What do normal people do with this stuff? (Yeah, I know, get infected...)-: I ran one through lynx to watch it and it's easier to see the redirects. So I did a packet capture and watched it bounce through several redirects from other compromised or malicious machines: $ host 209.160.1.146 146.1.160.209.in-addr.arpa domain name pointer summitmetrology.com. $ host 84.16.230.204 204.230.16.84.in-addr.arpa domain name pointer mail.hietzker.at. $ host 69.10.49.33 Host 33.49.10.69.in-addr.arpa. not found: 3(NXDOMAIN) $ host 89.149.227.196 196.227.149.89.in-addr.arpa domain name pointer 89-149-227-196.internetserviceteam.com. On a related note Linux.com has an amusing article about trying to get Windows viruses to run under Wine. Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Fun with Viruses, really
From: Art Alexion <art.alexion@gmail.com>

Prev by Date: Re: [PLUG] Recording Phone/Cellular Conversations Linux

Next by Date: Re: [PLUG] Fun with Viruses, really

Previous by thread: [PLUG] Fun with Viruses, really

Next by thread: Re: [PLUG] Fun with Viruses, really

Index(es):

Date

Thread