FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-25-2012, 06:27 PM
"Edward C. Jones"
 
Default monstermarketplace malware for linux?

I use up-to-date Debian testing (wheezy), amd64 architecture.

When I do a Google search, I sometimes get a window asking if I want to
do a search at monstermarketplace.com. For Windows, there is a piece of
malware with this name. Does this malware now exist for linux systems?
If so, how do I get rid of it?



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 5061F7AF.5050306@comcast.net">http://lists.debian.org/5061F7AF.5050306@comcast.net
 
Old 10-01-2012, 01:59 AM
Joel Rees
 
Default monstermarketplace malware for linux?

So I do a search for this monstermarketthing and it looks like reverse
shilling spam.

On 9/26/12, Edward C. Jones <edcjones@comcast.net> wrote:
> I use up-to-date Debian testing (wheezy), amd64 architecture.
>
> When I do a Google search, I sometimes get a window asking if I want to
> do a search at monstermarketplace.com. For Windows, there is a piece of
> malware with this name. Does this malware now exist for linux systems?
> If so, how do I get rid of it?

If my suspicions are unfounded, are you running as root? If so,
consider yourself hosed. I'm not sure I'd even trust the motherboard
any more.

If not, if you do your day-to-day work from an non-admin account,
start with clearing all your cache, cookies, and history, and
un-installing any suspicious browser extensions. Clear your bookmarks,
too, all but the ones you really need and know you can trust. Restart
your browser.

If it still happens, un-install all extensions and clear all
bookmarks. If there's a bookmark you really need, think twice, three
times, and if you still think you trust and need it, open up a text
editor and copy-paste the url into the text editor. Repeat, only for
necessary bookmarks, and save the text document as something like
"bookmark_urls.txt". Then clear your bookmarks and restart your
browser.

If it still happens, shut your browser down and nuke your .mozilla
configuration directory. As in "rm -rf ~/.mozilla/*".

If you still get re-directs, you have six options, take you pick which
you go with first:

(0) Consider where you spend your time on the web. You could be fixing
your problem every time you shut down your browser, only to have a
website you regularly visit stuff a piece of malware javascript that
never goes away into your browsing session.

(1) Check your DNS infractructure. Can you trust the servers that are
matching your domain name requests with IP addresses? One might be
occasionally feeding your requests to a troll.

(2) Nuke your user account. Back up your data first. Don't back up
your configurations, because something could be hiding in there. Grab
the text-only bookmarks you saved (but remember the problem I
mentioned in (0)). Log in as an admin and erase the account.
Completely. Make a new account. Maybe even a new user name/id,
definitely a new password. Use a good password, of course. Restore
your data, using chown as appropriate if you changed the userid.

(3) Back up all user data for all accounts on the system, wipe the
system, and re-install.

(4) Hey, it's a good time for a new hard disk, anyway. Install a fresh
system on the new hard disk and mount the old one under /suspicious
and carefully move the data you need from the old drive to the new
one, as you need it. Maybe do some forensics on the drive in your
spare time.

(5) Maybe it's a good excuse to update the motherboard with the new
disk. (See (4).)

--
Joel Rees


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAAr43iNBPqx8PTEbXR78a86CeR2-mTOvgKsnYx3dqu8gNuVoBQ@mail.gmail.com">http://lists.debian.org/CAAr43iNBPqx8PTEbXR78a86CeR2-mTOvgKsnYx3dqu8gNuVoBQ@mail.gmail.com
 
Old 10-01-2012, 04:10 AM
Stan Hoeppner
 
Default monstermarketplace malware for linux?

On 9/25/2012 1:27 PM, Edward C. Jones wrote:
> I use up-to-date Debian testing (wheezy), amd64 architecture.
>
> When I do a Google search, I sometimes get a window asking if I want to
> do a search at monstermarketplace.com. For Windows, there is a piece of
> malware with this name. Does this malware now exist for linux systems?
> If so, how do I get rid of it?

This is javascript code that runs in an extension or plugin context.
You can confirm this by disabling javascript in your browser. It's
platform agnostic and will affect *nix and Windows browsers.

If it's listed in your extensions or plugins simply uninstall it. If
it's not, it's buried in your browser profile directory somewhere and
you'll have to find and delete it manually. In the Windows world there
are myriad anti-malware programs that will remove many such rouge
programs. I'm unfamiliar with any for Linux though I'm sure they exist.

Simply scanning your browser profile dir for .js files with a creation
date stamp correlating with the appearance of this problem, and deleting
them, should do the job.

--
Stan


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 506917B4.7090007@hardwarefreak.com">http://lists.debian.org/506917B4.7090007@hardwarefreak.com
 

Thread Tools




All times are GMT. The time now is 07:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org