JP Vossen on 18 Jan 2009 13:51:41 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fun with Viruses, really

Date: Sun, 18 Jan 2009 13:23:37 -0500
 > From: Art Alexion <>
 > Subject: [PLUG] Fun with Viruses, really

 > That link redirects to  That site tries to
 > install Antivirus 2009 on your system.  The first indication was a
 > javascript message box telling me I may be infected and asking me to
 > do a scan.  Being I was using Linux, I figured I'd have some fun and
 > let it try try.  I was presented with a web page that had an embedded
 > animated GIF that was purporting to do a scan of my EXEs and DLLs (ha
 > ha).

I got that one several times a couple of weeks ago, sadly from Google 
alerts for searches I am monitoring.  It was bad enough that I was 
deliberately saving Google alerts to check the only from a Linux box, 
even though I use FF and NoScript on my work Winblows box.  The Google 
alerts have been a bit better lately, but...

So yeah, it was really fun to watch it scan DLLs on the Linux box, and I 
agree it looked pretty convincing.  What do normal people do with this 
stuff?  (Yeah, I know, get infected...)-:

I ran one through lynx to watch it and it's easier to see the redirects. 
  So I did a packet capture and watched it bounce through several 
redirects from other compromised or malicious machines:
$ host domain name pointer
$ host domain name pointer
$ host
Host not found: 3(NXDOMAIN)
$ host domain name pointer

On a related note has an amusing article about trying to get 
Windows viruses to run under Wine.

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --