| Rich Freeman on 23 Jan 2019 09:57:39 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Mining for Cycles (Pavel Kovtunenko) |
On Wed, Jan 23, 2019 at 12:48 PM jeff <jeffv@op.net> wrote: > On 1/23/19 11:19 AM, Michael Lazin wrote: > > > > If it's a desktop you may have been infected by browsing a site like > > this. I recommend if you use firefox to use noscript. This blocks all > > javascript other than what you explicitly allow. > > It's the first extension I install. > Apparently the user disabled it for the wrong site. If this were just a javascript cryptominer you could get rid of it by simply closing the tab or hitting reload after the site removes it (assuming they didn't put it there to begin with). Certainly noscript would stop it as well. However, this is a pretty harmless "intrusion" as it is running in a sandbox. What you had was a full rooting of your system. Based on the info you posted there is no way to be sure it even got in via a browser, let alone javascript. There are many ways (in theory) such an attack can take place, and if your system were free of exploits it simply wouldn't have happened in the first place. I wouldn't assume that the whole thing wouldn't have happened if you had been running noscript everywhere. That /might/ have stopped it, but not if it came in via some entirely different route. And of course even if hostile javascript were running it requires both a browser exploit and a local root exploit to progress to a full rootkit like what you had installed. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug