The HeliOS Project is now.....

The HeliOS Project is now.....
Same mission, same folks...just a different name

Search the Blog of helios and all comments

Loading

Saturday, June 07, 2008

My Linux Box is INFECTED!

At least that's what they are telling me.

Hey, I wasn't doing anything a million other websurfers weren't doing...all I wanted was a link to a live webcam somewhere in Felton California. I just wanted to put a link up at the LINdependence 2008 website.

Felton isn't exactly the center of the universe. People might want to know a bit about it since LIN08 is going to put a spotlight on it shortly.

All I wanted was a live webcam shot.

This is what I got for my trouble from the google results. And if you don't have java enabled, and please do enable javascripts...I wouldn't want you to miss out on all the fun. I would advise you to brush up on your wack--a-mole skills prior to making that click. You are going to be killing popups faster than a 12 year old on a porn site. Let's take a look, shall we?


















Yep, that is a "live scan" taking place on my computer. Isn't that cute...someone thinks I can get a windows virus on my computer. In just about the time it took me to read the page and watch the progress dialog actually pretend it was doing something, I got this page popping up.



















Well isn't that cuter. The same someone thinks I actually have these viruses on my computer. No, that's not cute, that's fraud and I want to bring it to your attention right now. It gets worse.

I clicked the tab to kill the page. That's when it ceased to have any semblance of "cuteness".



















Am I sure I want to navigate away from this page? Ya Friggin Think? Yes I want to navigate away from your damned webpage. I should have known better...I really should have. This is the same game they play on astalavista.box.sk. AND PLEASE...if you are on a Windows machine, DO NOT click the afore-mentioned link. I don't need another half-dozen idiots suing me because they said I caused them to infect their computers.

I tried to close the tab. Christ in Heaven. Here they came.



Now note that I tried to close the tab. Instead of obeying the close execution, it opened a page pretty much telling me to go piss up a rope and install their damned software. I tried to close that one. Whack-a-mole 101 was now in session.



This time, they even gave me a pretty graphic explanation on just how to install this savior of my bits and bytes. How friggin' thoughtful. When I tried to close that, it refused to answer the clicks and acted like it wanted to freeze. Gotta love Java. When I was able to finally get it to shut, this is what I was met with:



And closing that after dozens of clicks managed to let them throw this at me, along with 8 others layered under it:



Notice that this time, they've thrown the sacred "credit card credential" threat at us? Another point of interest if that they seem to have a rotating list of viruses that "might" be on your computer...I was able to produce 4 separate and different virus lists all on the same template.

This time, no amount of X-clicking would cast the deamon back into the bowels of where-from-it-came. It eventually froze my computer to the point where even the last-ditch-effort control/alt/escape wouldn't produce the skull and crossbones I needed to vanquish it. It took a hard shutdown of my machine to kill it.

Folks, it was just a matter of time. Now, I have not tried this with Firefox 3. For my needs, and because the extentions I need to do my work are not yet included, Firefox 3 is crippled and I will stay with II until they are written.

And please...don't tell me "that's what you get for allowing Javascript to run in my browser." I refuse to be intimidated into crippling my computing experience. Extentions like no-script might take care of this but at what cost? No...let's fix the problem, not amputate part of the browsing experience for expediency.

Let's take a look at this exploit and get these people shut down. There are going to be millions of Windows users that fall for this BS and we are in a position to at least bring it to someone's attention. We're going to need some help getting it down as we at HeliOS Solutions are accelerating our efforts and resources to meet the LIN08 challenges. I recently went over to my boss' house to help him with a virus problem and saw this program running on his computer. I too was fooled into thinking it was a Microsoft-sanctioned or owned application but trying to get rid of it through add/remove programs was impossible. I ended up disabling it via the processes tab and it has been quiet since.

Do you think Microsoft knows that someone is mimicking their trademark in order to scare people into buying this product?

All-Righty Then


Edit: This is the link I am using to report the problem to Microsoft. Thanks to rijelkentaurus for prompting me to do something I should have done originally. My bad rij...

55 comments:

Anonymous said...

This isn't the only site that does this. Close the browser tab or backup to another page as soon as the first popup appears. Then, go to another website. Don't Visit Websites That Do This. If traffic goes way down, the owners of the site will get the message, unless this site is just there to provide a delivery point for these popups (which is likely).

Blog of helios said...

No...You CAN'T close the tab...I made that clear. Once you close the tab, it exponentially pops up other pages with each attempt.

No again. You don't ignore a problem and take it for granted the Universe will take care of it...you take action. Left to your advice, half the world will be infected. I didn't go to this site on purpose, but again, I made that clear in the article...a simple click on a google link put me square into this.

I've already initiated a small team to find out who owns this site and someone is going to notify Microsoft of copyright/trademark infringement if nothing else but we could use some help. I doubt they will take anything from my IP address.

I doubt you should have to do anything though...others will take care of it.

h

Anonymous said...

Why not just kill firefox (or whatever browser is being unforgiving)... switch to a pseudo terminal with say cntrl-alt-F1 (or however you have them mapped) run ps aux and find your browser PID and just kill it?

Not a nice solution but that would save the tab adventure.

Andrew said...

Helios is right. I just hit the link and it did just as he said it would. Man that thing is tenacious. It won't take no for an answer.

Helios I have emailed you. Let me know how I can help. There are going to be thousands of people that think this is a Microsoft product. Normally I would say it was good enough for them but that's not right. We can't let people get away with this sort of scam.

Blog of helios said...

Not a nice solution but that would save the tab adventure.

You are missing the point. So a handful of people that read your post may know in the future how to deal with it. The article was written for a couple of reasons. One...Firefox needs to be fixed and as I stated, it might have been in FFIII. the other point is that this shouldn't be happening in the first place. The couple of posts to this blog fairly well identifies the apathy most people have for the problems of others.

Anonymous said...

I have come across this type of issue a couple times (while doing, err, ummm, research, yeah "research" on the availability of porn), and I've found that when you get the first dialog asking if you want to download the file, say OK - once the Save File dialog is up, you can close the offending tab(s), then close the Save File dialog.

Blog of helios said...

Not so with this bad boy and besides...

You are offering a cure for the problem after it occurs. How much clearer do I have to state it?

Anonymous said...

MAN! This thing is a beast! Even in my best WhackaMole days I couldn't beat this thing. Yeah, this needs to get pulled down. How can I help?

Randy

Blog of helios said...

I am trying to track down the website owner now but you can't get to the site without these things jumping in your face. I've emailed Microsoft to what I think is SB's personal email address (thomas help me out here).

I think if enough people complain to MS, they will get it shut down. My experience with websites and such is minimal so I may have to ask our resident expert Sander from LXer the best way to find out who these people are.

h

rocktorrentz said...

Alt-F2 then
killall firefox-bin

rijelkentaurus said...

I love NoScript, you can set it to allow scripts globally so that it sits there waiting to be told what to forbid. I went to the site (ff2) and then after cancelling the first popup, when the scan starts, I hit the NoScript icon to forbid the site and it killed it right away. That way, h, rather than crippling your browser experience you can use NoScript as a defensive tool. It's rather like being able to defend yourself if someone attacks you.

On to stopping the attacks in the first place...quite frankly, I am not certain how to proceed on something like this, so I will take the lead from you. What can I do? What's that specific email address you're using for MS?

Anonymous said...

Just FYI, FF3 and/or AdBlock does seem to stop the attack after the first javascript confirm box. However, that doesn't change the fact that most users won't know any better and will give pause to such a website. Most common users won't realize these "warnings" are coming from the website itself, NOT from their antivirus program. And as you point out, this post is for those running Windows, thereby requiring an AV program.

i see a lot of the comments on your post are completely missing the point and giving YOU instruction on how to kill the attack (most are Linux-specific instructions).

Unfortunately it's tough to fight against sites like that. i clicked the link several times to test FF3 against it (with and without AdBlock, which helped kill what Firefox itself couldn't). The link itself seems to be a random redirect. After the first few clicks, the page would hit 404 errors, or go to "video feed" pages that ask you to download the "correct codec". Again, a real risk for under-educated Windows users.

i like your approach: it's not about the browser, or the OS, or even the user. It's about making an effort to clean the net of those kinds of sites. However, it's a steeply uphill battle.

(PS: It seems the link is hitting all 404 errors now.)

Blog of helios said...

Thanks for the heads up rij on the extension. I was under the impression it was an all or nothing thing with it so I appreciate the tip. It was just installed.

https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1214

That is the link to contact MS about this...it is also in an edit at the end of the orignal article.

h

James Dixon said...

> Thanks for the heads up rij on the extension.

Ditto. The last time I checked no script it wouldn't do that. Time to try it again.

John said...

Helios,

I went to the link you posted using Firefox 2.0.0.14 on my Linux box. Like you, I did see the warning that my Linux box might be infected. Instead of clicking on the "OK" or "Cancel" buttons, I simply clicked on the "X" at the top right of that dialog box. I was then able to close the tab that was pushing the antivirusxp garbage without seeing any further windows.

FWIW, I minimized all the windows on my desktop after closing the antivirusxp tab. I found no residual effects from this scam. With that said, though, I totally agree with you that the purveyors of that spyware need to be taken down yesterday.

jb

Blog of helios said...

I simply clicked on the "X"

How odd. I wasn't near as lucky, in fact I had almost an opposite effect. Every time I clicked the X, it would just spawn another dialog box showing me the different "infections" on my box. That's how I discovered they had made several boxes for presentation to unsuspecting victims.

As an aside, I contacted my boss and asked him how he ended up with this program on his computer. He purchased it thinking the virus scan was indeed real and to boot, they double charged his credit card. They also run it as a "subscription service for 90 day intervals...it seems you have to OK them to take the amount out every 90 days. Man, we gotta shut these people down. I've just lodged a complaint with the Texas Attorney General's Cybercrimes unit. Like that's going to do any good.

h

Anonymous said...

Hi, I found this little bugger a week or so ago. Gave me a fright too at first even though I use linux.
Say yes to everything and you download "XPantivirus2008_v880253.exe". For more info have a look at this blog:
http://bharath-m-narayan.blogspot.com/

Regards,
Alan

medicdave said...

It took me quite a while to realize this post isn't rooted in sarcasm! I was getting a good laugh up until you started sounding serious.

This is yet another phishing site, one of thousands on the Great Interweb exploiting the popular "expectation of insecurity" in all things Microsoft, as well as trademarks, color schemes, nomenclatures and other identifiers to try to look legit while stealing credit card numbers and propagating viruses/spyware.

Odds are good that it's coming out of a server in Brazil, or somewhere in Asia, where our cybercrime and fraud laws are toothless. Yes, the popups are troublesome, but as long as there is a need for legitimate websites to open new browser windows (which is debatable, but a topic for another time), there will be ways for illegitimate web sites to do so as well. Just as no practical security scheme is impenetrable, no popup blocker is perfect.

I wish this wasn't a caveat emptor situation, but recognizing threats like this is as much a necessity of "being online" as learning basic situational awareness and self-defense is a necessity of modern living. Those who do survive and thrive, those who don't are often victimized. I don't like it, I don't agree with it, but it's the way of the world [wide web].

Nothing is wrong with your Linux box, any more than anything is operationally wrong with any Windows box that displays this web site (or its popups) to an unsuspecting and fear-laden user who then buys the software with the expectation that her computer is inherently insecure.

I for one believe that your time is uniquely valuable among Linux advocates - you believe The Message to the core, and you pound pavement to back it up. If even a few percent of those who believe in the potential of Linux would stand up and show the dedication you do, we could easily dwarf the most record-breaking of advertising campaigns. Instead of launching a crusade against an anonymous far-flung web site that, when squashed, will just spawn itself again in the digital underground like yet another popup window, I hope you'll stay focused on that message. Felton needs you!

prestochango said...

A close friend of mine hit an eerily similar piece of work with his Windows computer. It was connected to a link in Google's image search. It does a lot more than just create pop-ups if somebody is using IE. It turned his computer into a zombie that sent out hundreds of emails. The only good thing to come out of it was that he finally listened to me and gave up on using Windows. I use openSUSE, but I set him up with Ubuntu so it would be easier for him to migrate.

Thank you for the link to Microsoft. It would be nice to get something useful out of them. I still have friends that are scared to switch to Linux (I have no idea why), and ridding the net of that particular nastiness is the least Microsoft can do for them.

Anonymous said...

It was easy enough for me to get out of. I just hard-killed firefox (killall -s 9 firefox, or through your task manager of choice).

Bob said...

One more reason to have "anything other than" Microsoft.

Has anyone considered the possibility that MS already knows about these types of exploits and does nothing.

This fanning of the flames to incite insecurity on the web does nothing but lead people to purchase security subscriptions, many from MS itself.

This is a truly "HUGE" source of income for MS.

Just a thought.

Amenditman

Blog of helios said...

Dave,

I appreciate your concern...rest assured that this is being assigned to someone that can devote her full time to it. I will only step in if needed. Carly will see to it that any information gathered by the readers and participants of this blog will be assimilated and focused toward resolution. Will it pop up again...probably. And from what we can tell initially, this whole effort is being run out of Georgia...the one that used to belong to the old Soviet Union, not The Home of the Atlanta Braves.

h

Anonymous said...

Assuming I've gone to the right site, I clicked on the link you supplied.

I turned scripting on, but I got no popups, is this the correct link?

http://mmd02.00bp.com/men-swisf2/boulder-creek-california.html

But I'm using AdBlockPlus in conjunction with AdBlock Plus Filter updater, so the chances are I won't see any popups

tracyanne

Anonymous said...

In addition to using ADBlock Plus I also cahnge the default settings for how Firefox responds to javascript, even when javascript is turned on.

To do this I go to Edit->Preferences and in the Preferences Window I select Contentand after making sure the Enable JavaScript checkbox is checked I click on Advanced (for JavaScript) and in the popup window for Advanced JavaScript settings I uncheck all the Allow Scripts options except Change Status Bar text.

In other words I only allow javaScript to make changes to the text in the status bar.

tracyanne

Anonymous said...

Go buy an extra gig of ram and run ad block plus.

paul said...

I'm late to the discussion. I've seen this myself and was able to x out of it. I can't remember the circumstances exactly, but was relieved and amused at how well Linux and FF2 stand against this garbage. Unfortunately, I didn't think further like you did. I should not have ignored it. I should have raised a flag to shut these criminals down or, at least, make their lives more difficult.

On a positive note, I set my neice's P4 IBM computer up w/PCLinuxOS a while back. She encountered this web page from somewhere on Craig's List. I told her to quit FF. When she reopened, it was all good. THAT SOLD her on Linux. I'm going to use the link you shared to thank m$ for helping us spread Linux by making such a lousy OS. Now she knows first-hand and she will tell others. And I have another perfect example of why people should abandon winDOHs like a house full of black mold.

(If I may...) All righty then...

Anonymous said...

>>>
And please...don't tell me "that's what you get for allowing Javascript to run in my browser." I refuse to be intimidated into crippling my computing experience.
<<<

My eperience is to the contrary: javascript implies slow rendering and delays, incompatibilities and errors left and right. Not to speak of the idiocies meant to improve usability. And so it happens I can do without noscript. Because the sites I allow to use javascript are as a rare as white flies. Which save me the javascript inflicted crippling.

EmyrB said...

Ah sweet ***** these sites are a bane to my professional life. I agree whole heartily with Helios on this, these sights need to be shut down, for ever.

An example of my last run in with this kind of site: - I get a phone call from one our customers about a possible infected PC. I go out and it turns out it is a PC owned by his father. There was nothing under handed here, no porn sites or anything, just happen to be surfing when a pop up said that his PC was infected and the PC needed to be scanned. Well he did just that, and the next thing he knew his PC was running like a stunned slug and this "anti virus" program kept opening a web site that wanted his credit card details to purchase this all singing and dancing subscription based program. At this point he called his son, who in the morning called us.

Now I am a ICT professional and when I saw what was happening I disconnected him from the interweb and removed his hard drive, drove back to our office and stuck it in our test PC and ran a NOD32 scan on it found at least 20 viruses and the list of spyware and malware just kept scrolling by happily.

The point is, I am aware of these things, but your average Windows user is not. I'm not casting assertions here, I know as I have to deal with it on a professional level every day. The everyday Joe and his family don't go to PCWorld (UK based here) and ask for specifics, they just want a PC to connect to the internet where they can surf, e-mail, listen to music and share photo's. I am with you all the way Helios, anything that causes these scumbags to close down and make the web a better place for all OS's, Windows included.

Not sure if I can be of help but a quick look on whois to track down the IP address of the site might be a first step. As some one pointed out in the replies above it might be from Asia or Russia and the IP address might give you some clue.

Cheers

Anonymous said...

FF3's phishing filter picks that up as "This web site at onlinescannerxp.com has been reported as an attack site and has been blocked based on your security preferences."

Ken Jennings said...

Well, that was a most freakin' annoying web surfing experience. Cancel should mean Cancel. I have suggestions that involve kneecaps and a ball peen hammer if someone ever finds the perpetrators.

Bob said...

Ken,

Sometimes the job just justifies a BIGGER tool.

I, being a trained professional where tools are concerned, humbly recommend a mattocks.

Amenditman

Simon Haynes said...

I wouldn't be game to browse unknown sites without noscript. It's a wonderful extension, although I'd also follow the instructions to prevent it showing you the page on their site after every (frequent) update.

Edward said...

Well somehow i didnt have the same problems as you did. i'm a bit above average user but i was able to close the few popups(roughly 4) withou any issues of freeze or anything like that....did you try ctrl alt backspace?

Anonymous said...

At the first popup (before you have a million javascript windows bogging down your machine to unresponsiveness) press alt-F2 and type "xkill", then click on any firefox window and the whole thing goes bye-bye.

Also works for that rickroll website.

zcat said...

http://zcat.geek.nz/img/denied.jpg

Sweet. I love firefox3.

Anonymous said...

I can't test this from work, but when this happens to me I hit Ctrl-W to close the tab.

Using the keyboard instead of the mouse doesn't fire the javascript event these scripts normally use.

No idea if your script is the same tho..

kees said...

In cases like this one where the graphical programs freeze? CTL-ALT-BACKSPACE is your friend. It restarts the graphical environment without a need for reboot.

Kees

Anonymous said...

You could report this thing also to Google. They might take the necessary steps to not display this site anymore.

zcat said...

OK, useful information if you seek to get this site shut down (again, just playing whack-a-mole, you'd do better encouraging people to use FF3 and starve these scum of customers)
Whis is registered through some privacy protection place. Good luck there.

Hosting is provided by Layered Technologies or a reseller. http://www.layeredtech.com. An email might be in order. If they don't act on that, several thousand individual emails from annoyed bloggers might get their attention.

zcat@mandela:~$ host onlinescannerxp.com
onlinescannerxp.com has address 72.233.40.60
zcat@mandela:~$ host 72.233.40.60
60.40.233.72.in-addr.arpa domain name pointer 60.40.233.72.static.reverse.ltdomains.com.

zcat said...

Oh.. I see there's another one as well (probably dozens,you getting the idea what I mean by 'whack-a-mole' yet?)

zcat@mandela:~$ host antivirus-scanonline.com
antivirus-scanonline.com has address 85.17.93.43
antivirus-scanonline.com has address 85.17.93.42
zcat@mandela:~$ host 85.17.93.43
43.93.17.85.in-addr.arpa domain name pointer hosted-by.leaseweb.com.
zcat@mandela:~$

Hosted by http://www.leaseweb.com/en/

Complaints to abuse@leaseweb.com

Anonymous said...

Glad I use Opera. They ignore these on close scripts - if you close a tab, they don't get to do anything.

Robin said...

Thanks for posting this link. It seems to cycle through various different infectious websites, some can be easily closed, some need a Firefox kill, some can be stopped by disabling JavaScript in between (with the Web Developer extension). I realize you don't need to be told, just wanted to mention that in case some people don't realize they might be talking about entirely different results of clicking that link.

The reason I am thanking you is that I was able to make some screenshots and will use them in lectures on computer security. One such lecture will even be tomorrow evening, and I hope the site will still be live enough then (errors 404 do seem to mount) to show the real thing, but at least I got some screenshots.

I like it when things happen just in time to be useful. ;)

Anonymous said...

It's seems that finding this site through Google is a common thread here.
Everyone that says they want to take action should file a report with Google.
http://www.google.com/contact/spamreport.html

Better yet, create a webmaster tools account (if you don't already have one)
https://www.google.com/webmasters/tools
and do it there. Reports from there are given more weight.

Also you should probably out a bit more of a warning on that link, you've worded as if it will take you to Google results not the actual spam site.

(Don't actually link to the site though, you'll pass them PR, obviously)

I'm sure Yahoo and Live must have a similar spam report.

P.S I just held down escape and it did the job for me. ESC should stop the execution of Javascript in your browser.

Kissing the carpet said...

Helios- re:your disabled extensions in FF3 - Why don't you try opening the xpi (~zip file) & editing install.rdf to allow version 3+.Some FF2 extensions work happily on FF3 if you try this, also check the homepages of disabled extensions,sometimes they've got a FF3 beta version that Add-ons doesn't know about. I didn't want to switch from 2->3 for the same reason, but I managed to get enough extensions working for it to be OK now.

Anonymous said...

ctrl+alt+esc = skull & crossbones of doom.

Press it then hit firefox. Mission accomplished, sans terminal.

Drop the fuss.

Jose_X said...

Education -- tremendous LiveCD/DVD opportunity

There is no substitute for education (to some degree) if you want to live in anything but a perennially crippled state (either without anything nice ever or having been powed).

A LiveCD/DVD set up to teach about web security is a great idea. Start with a severely trimmed down distro, then install tons of security features, practice webpages (running off a local apache, eg, to help teach how to react to some potential exploits), docs and vid demos, etc. Lecture, guide, tutor the user into good website practices using, eg, Firefox. In the process, teach them all about Firefox and the more useful plugins. [Do this teaching through videos and through extensions to the desktop and app to make the experience interactive. Also, provide a phone number and email if you want a more personal touch.]

A lot of users would appreciate this and take the opportunity to move to where a solution exists: on Linux (via the LiveCD/DVD).

This is one way to counter the proprietary vendors that are exclusive to closed-source Monopolyware. We provide the great services but taking advantage of the extra quality of Linux. Only on Linux can you do these things.

More generally, app makers should build distros that feature their apps. Make it easy to use and learn about the app. Go overboard with tutorials and videos and interactive sessions. This stuff will sell. The fact it's for Linux (on a LiveCD/DVD), safe, nonintrusive (LiveCD/DVD), sophisticated, free, freely distributable, freely remixable, etc, are the cream on top of the cream on top of the gravy.

Luck, people.

I R A Darth Aggie said...

Extentions like no-script might take care of this but at what cost?

It does. The cost is pretty low, actually once you've authorized all your favorite sites. In fact, the cost of not having noscript can be pretty high. For instance:

You are going to be killing popups faster than a 12 year old on a porn site.

Didn't happen for me, even after giving the offending website temporary javascript permission.

It took a hard shutdown of my machine to kill it.

Again, that didn't happen to me. Actually, that shouldn't have happened to you. A user-land program locked you up so hard it required a hard reboot? what about restarting X with a control-alt-backspace sequence?

That could have caused damage to your system. That's a pretty steep cost.

Let's take a look at this exploit and get these people shut down.

Best of luck with that. It'll be like playing whack-a-mole.

You really should give noscript a whirl for two or three weeks before passing judgement on it.

TripleII said...

I visited the site, I have NoScript active. I temporarily allowed the site. At that point it when through it's "scan". I was able to close the window without pop-ups as well as simply close the tab when I opened it up that way.

Lettting it finish it's "scan", it popped up a window. I closed it with no further pop-ups, and again either in new window or tabbed window, it closed with no pop-ups.

The worst I got was a stupid message saying that I should not close this window unless I want to stay infected when I clicked their "cancel" button, but who does that. I used the XWindows close x button.

I can only imagine how annying this could be without pop-up blocker, but at any time, since I temporarily allowed the site (NoScript is great), I can simply revoke temporary permission and poof the site is dead.

NoScript is absolutely essential in todays world, with cross site scripting, the above, etc. It is easy to use, you only have to teach it any given site once.

TaNK said...

I gave this blog link to SANS Internet Storm center for their input. I'll be curious to see if they respond here and what they will advise.

Anonymous said...

used your link to send the site to Microsoft... I don't know what happened or where it came from it just popped up \
was able to stop it though and get the site:
http://antivirus-scanonline.com/1/?xx=1&in=2&h=1

so how do we return the fuck to the sending asshole?

Anonymous said...

When this happen I jump on my Ctrl-Alt-Delete opening my Task Mamager and shut down my browser that way. Using FireFox 2 I "restore session and try to catch the link page to the malware site that Google gave me to use in my "research". I report this link to Google security and from what I have seen in the past Google does remove them from their search engine. All we can do is trace out their IP and report to their ISP. If we in the know keep doing this maybe one day we'll get them shut down.

matthekx said...

Could just digg and slashdot it weekly they shut down all sorts of sites. :)

Anonymous said...

Warning, if you are using Windows do not attempt any of what I say nor open the following link or you will likely get
PWN3D!


http://www.google.com/url?sa=t&ct=res&cd=16&url=http%3A%2F%2Fmmd02.00bp.com%2Fmen-swisf2%2Fboulder-creek-california.html&ei=A4lKSLD4D4mkhATd6-2xAw&usg=AFQjCNHzNCx2Rbd6K9gDQGFFoh_wgrFbjA&sig2=_JJubBlxoOyBk8fl5aE8Nw

Sorry I cant get the spyware to take over, I downloaded setup_100677_3_.exe and it woulnt run in wine, maybe it needs something to work.

All I get is a bunch of lame pop up windows, the skull and bones still works, but it wasnt necessary.

Yes one of the malicious pages it links me to wont allow you to exit out and plays a good game of wack-a-mole, so instead of cancel or X, i clicked Ok, downloaded the windows exe file, and then clicked home on my browser.

It seems this link actually redirects you do several different pages at random and I have opened the link 5 times now.

Yes, java is enabled in firefox.

So there must be a logical explanation to why this webpage made your linux box crash and CTRL+ALT+ESC / CTRL+ESC woulnt work. I will not deny certain linux apps do not crash or do not have bugs, but no worse than M$.

I am using PCLinux2007 with KDE 3.5.9, and Firefox 2.0.0.3 and I would be very interested to know what is running on your box so perhaps I could duplicate the situation.

Perhaps the virus was written in java and caused your java VM to crash the desktop? (unintentionally)

Linux may be user-hostile, buggy, and generally a pain in the rear to set up, but at least I still do not have to worry with spyware and malicious code and from just surfing the internet, I never will.

Blog of helios said...

erhaps the virus was written in java and caused your java VM to crash the desktop? (unintentionally)

Precisely,

This is an old blog so there wasn't much reason to belabor the point, but you nailed it. That is exactly what happened. I've written a little python hack to fix it and all they have to do is incorporate it. Now, let's see if the Kernel Devs work with it.

h

Anonymous said...

My wife almost fell for one of these scamware sites. I pointed out that the lovely turd brown window borders in Ubuntu don't look anything like the XP dialog box she was seeing, she paused a second and did a facepalm.