Debian User Forums

[kedaha]

I chanced to come across a fake site recently offering Windows antivirus protection when looking for news about the election results over in the UK. The window minimized and a popup looking like an iceweasel message came up saying:

Warning! Your computer is at risk of malware attacks.
We recommend you check your system immediately. Press OK to start the process now.

I pressed to cancel but to my surprise a website page appeared which looked like some kind of Windows folder and a green progress bar simulated a check of my hard drive "(C:)" and reported that 9 viruses and medium to high levels of risk had been found. Shortly afterwards, a similar pop up appeared telling me I had chosen to open a Windows exe file. All rather surprising since I don't use Windows!

[emariz]

It would be helpful if you provided the website's address and reported the site (Help > Report...). On the other hand, remember that there can be hundreds of infected files in a GNU/Linux station. They won't affect it, true, but they can infect other Windows stations.

[Soul Singin']

I pressed to cancel but to my surprise a website page appeared which looked like some kind of Windows folder and a green progress bar simulated a check of my hard drive "(C:)" and reported that 9 viruses and medium to high levels of risk had been found. Shortly afterwards, a similar pop up appeared telling me told me I had chosen to open a Windows exe file. All rather surprising since I don't use Windows!

On the other hand, remember that there can be hundreds of infected files in a GNU/Linux station.

The advertisement does not really search your C: drive.

It's a fake designed to scare gullible MS Windows users into purchasing their anti-virus crapware.

Install Adblock Plus and never worry about it again.
.

[Raffles10]

These sites aren't even run by unscrupulous AV manufacturers, they're just fraudsters after your credit card details. It's surprising how many people fall for it each year.

[gradinaruvasile]

I chanced to come across a fake site recently offering Windows antivirus protection when looking for news about the election results over in the UK. The window minimized and a popup looking like an iceweasel message came up saying:

Warning! Your computer is at risk of malware attacks.
We recommend you check your system immediately. Press OK to start the process now.

I pressed to cancel but to my surprise a website page appeared which looked like some kind of Windows folder and a green progress bar simulated a check of my hard drive "(C:)" and reported that 9 viruses and medium to high levels of risk had been found. Shortly afterwards, a similar pop up appeared telling me told me I had chosen to open a Windows exe file. All rather surprising since I don't use Windows!

You are joking i suppose.

(BTW first time i have seen this thing i was using Windows. I was really surprised... But the interesting thing is that i have seen this recently and the first instinctuve reaction was to close the browser window (i didnt really did it, but it crossed my mind at first). And i use Linux for more than 2 years...

[nitehawk]

These sites aren't even run by unscrupulous AV manufacturers, they're just fraudsters after your credit card details. It's surprising how many people fall for it each year.

What!?? You mean I DIDN'T have 9 viruses on my Debian drive "C".....?

[edbarx]

It would have been more credible for the site if it checked for the OS communicating with it before assuming everyone uses Windows! A message saying that, say /sbin, /bin, /usr, /lib or /boot were infected would have been more credible.

A sample message:

You miser are using Linux! I screwed you: now you have a rootkit installed. Oh, how lovely infecting /boot while having access to compilers and source code!

Having access to your /etc/shadow and /etc/passwd made my day! With compliments to /boot/vmlinuz a.k.a swisscheese.

[kedaha]

It would be helpful if you provided the website's address and reported the site (Help > Report...). On the other hand, remember that there can be hundreds of infected files in a GNU/Linux station. They won't affect it, true, but they can infect other Windows stations.

Yes I went to Help and reported it then wiped out the browsing and cookies just to be on the safe side. But I think Iceweasel does a good job; it's only the second time I've ever come across such a site.

[sossego]

This action- the popup- is quite normal on unsecured sites.
As mentioned earlier, adblock and noscript.

[kedaha]

Install Adblock Plus and never worry about it again.
.

Thanks for your advice. I've installed adblock-plus to stop any pages like that ever creeping again into my browser and no-script as advised by sossego, both with Synaptic.
I've noticed that, when editing this post, I see a message at the bottom of the browser which says:

Scripts Currently Forbidden | <SCRIPT>:7/>OBJECT>:0

After going to options and enabling "allow debian.net" I am able to use the text format bar again and enter smileys

[kedaha]

This action- the popup- is quite normal on unsecured sites.
As mentioned earlier, adblock and noscript.

adbock integrates nicely in Iceweasel but noscript seems a bit too effective, it stops my using the Youtube without Flash Auto Greasemonkey script with gecko-mediaplayer even though this is enabled but I haven't figured out how to exempt this particular user script yet.

[cynwulf]

This action- the popup- is quite normal on unsecured sites.
As mentioned earlier, adblock and noscript.

adbock integrates nicely in Iceweasel but noscript seems a bit too effective, it stops my using the Youtube without Flash Auto Greasemonkey script with gecko-mediaplayer even though this is enabled but I haven't figured out how to exempt this particular user script yet.

Stick with noscript. Just allow scripts for the sites you want to allow. Once you have it set up for the sites you commonly access, it's less trouble. Just be careful what you allow. I tend to add a lot of the data mining/adware domains to "untrusted". If you need to remove them later for whatever reason it's easy enough.

[Absent Minded]

While this was obviously a farce, it is possible to have Windows viruses in your cache from time to time. There is no cause for alarm as these viruses can not be exicuted on Linux unless you have installed Win software into your browser plugins which then in-turn uses Wine to run them.

As far as Linux being used to transmit a Win Virus it is very unlikely as again... the virus code must be exicuted in order for it to replacate it's self over the network. This would almost have to be done intentionally as in Linux exicutables must be marked as exicutable. However, wine does use the Windows extention system to idenify it's exicutables. So unless you have the browser senerio above you would need to manually run the said virus infected file for it to propogate or to infect "your" user files (assuming that you are not using your root account to exicute said file). If you are using root to exicute said file then maybe you deserve to have to learn from your mistakes the hard way (as obviously warnings against such actions haven't done any good).

Having said that. In the past I have had cases where a storage share has been infected by a Windows virus. This however was not propogated using any of my Linux machiens. Instead it was done from the one remaining Windows box I have on my network. I used Linux tools to clean things up and then blocked write access from the remaining Windows box and no problems since have occured.

If someone has proof positive of a Windows virus being propogated on Linux in some other senerio than I have listed above I would be interested in reading it.

AM

[craigevil]

Might be a tad overkill with already using NoScript and Adblock plus with Firefox, but I also use a hosts file from http://www.mvps.org/winhelp2002/hosts.txt . It has helped keep crud off my wife's laptop that runs Xp and does away with a lot of crap period. I use 3 adblocking lists, EasyList+EasyPrivacy+Adult/Dating Blocking (by fanboy), who wants to see stupid ads,

As for popups can't remember the last time I saw one that I didn't need to see.

[Soul Singin']

As for popups can't remember the last time I saw one that I didn't need to see.

At work, we still use an antiquated version of Lotus Chokes. Its webmail is one pop-up after another. They should call it "pop-up mail."
.