Amiga.org
Coffee House => Coffee House Boards => CH / Science and Technology => Topic started by: motorollin on February 05, 2010, 08:13:19 PM
-
My sister phoned me tonight to say that her PayPal account has been hijacked. She said she only ever logs on the PayPal on her Linux netbook, and hasn't responded to any phishing emails. Is it possible that a virus or malware has found its way on to her Linux machine? Do Linux viruses and malware even exist?
--
moto
-
My sister phoned me tonight to say that her PayPal account has been hijacked. She said she only ever logs on the PayPal on her Linux netbook, and hasn't responded to any phishing emails. Is it possible that a virus or malware has found its way on to her Linux machine? Do Linux viruses and malware even exist?
--
moto
There are some, but it's unlikely she'd have gotten any. I wonder if she's been the victim of a cross site scripting hack online?
-
There are some, but it's unlikely she'd have gotten any. I wonder if she's been the victim of a cross site scripting hack online?
Cheers Karlos. How do they work? What would she need to have done to fall victim to it?
--
moto
-
The most likely explanation is that she was tricked to give away her credentials somehow: phishing website or similar. That is by far the most effective way to steal logins.
-
Cheers Karlos. How do they work? What would she need to have done to fall victim to it?
http://www.google.com/search?q=paypal+phishing
-
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
--
moto
-
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
--
moto
Well, there are quite a few methods. She might not respond to phishing emails but there are other ways to catch people. Cross site scripting hacks basically involve the injecting malicious code into otherwise legitimate sites and using that to steal details:
http://en.wikipedia.org/wiki/Cross-site_scripting (http://en.wikipedia.org/wiki/Cross-site_scripting)
The following firefox "noscript" plugin is pretty useful and is regularly updated: http://noscript.net/ (http://noscript.net/)
-
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
Well, paypal itself has had multiple Cross-Site Scripting (http://en.wikipedia.org/wiki/Cross-site_scripting) vulnerabilities in the past. These could be abused to modify the website functionality and to steal login credentials. For the attack to work the user would still have to follow a link provided by the attacker (but it'd appear to be http://www.paypal.com).
For example: http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html
Observe.
The user lands the link provided by the attacker and enters the credentials:
(http://sintonen.fi/pics/paypal_xss_proof_of_concept1.png)
The attacker modified website functionality could send the credentials to any address. In this example the website does not exist, however:
(http://sintonen.fi/pics/paypal_xss_proof_of_concept2.png)
-
For example: http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html
A security researcher in Finland has discovered a cross-site scripting vulnerability on paypal.com that would allow hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
Was it you?
-
Thanks guys. Those explanations make sense to me, though I'm not sure she'll buy it. She is adamant she hasn't responded directly to any phishing attempts and that the only logical explanation is a virus. Despite the fact that I've told her that Linux isn't really vulnerable to viruses, she is still keen to run a virus scan. So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o
--
moto
-
So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o
http://www.clamav.net/download/packages/packages-linux/
-
So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o
--
moto
You could ask to install chkrootkit and run it once to get her feel more comfortable. Although Linux viruses are possible in theory on Linux I haven't seen or heard about any onces that really could proliferate.
greets,
Staf.
-
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
Facebook has been a breeding ground for such attacks for a while. I believe Twitter too has had its fair share.
For them to work, you need only browse an infected page as I understand it.
In the end it was their proliferation on Facebook that caused me to delete my account with them. It just felt like tempting fate too much.
Sorry to hear your sister has had issues.
-
Thanks guys. The good news is that PayPal have agreed to refund the £1,000!
--
moto