Welcome, Guest. Please login or register.
Amiga Kit Amiga Store Iridium Banner AMIStore App Store A1200/A600 4xIDE Interface

AuthorTopic: Linux virus/spyware?  (Read 922 times)

0 Members and 1 Guest are viewing this topic.

Offline motorollin

Linux virus/spyware?
« on: February 05, 2010, 08:13:19 PM »
My sister phoned me tonight to say that her PayPal account has been hijacked. She said she only ever logs on the PayPal on her Linux netbook, and hasn't responded to any phishing emails. Is it possible that a virus or malware has found its way on to her Linux machine? Do Linux viruses and malware even exist?

--
moto
Code: [Select]
10  IT\'S THE FINAL COUNTDOWN
20  FOR C = 1 TO 2
30     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NAAAA
40     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NA-NA-NAAAAA
50  NEXT C
60  NA-NA-NAAAA
70  NA-NA NA-NA-NA-NA-NAAAA NAAA-NAAAAAAAAAAA
80  GOTO 10
 

Offline Karlos

Re: Linux virus/spyware?
« Reply #1 on: February 05, 2010, 08:32:28 PM »
Quote from: motorollin;541723
My sister phoned me tonight to say that her PayPal account has been hijacked. She said she only ever logs on the PayPal on her Linux netbook, and hasn't responded to any phishing emails. Is it possible that a virus or malware has found its way on to her Linux machine? Do Linux viruses and malware even exist?

--
moto


There are some, but it's unlikely she'd have gotten any. I wonder if she's been the victim of a cross site scripting hack online?
int p; // A
 

Offline motorollin

Re: Linux virus/spyware?
« Reply #2 on: February 05, 2010, 08:36:38 PM »
Quote from: Karlos;541724
There are some, but it's unlikely she'd have gotten any. I wonder if she's been the victim of a cross site scripting hack online?


Cheers Karlos. How do they work? What would she need to have done to fall victim to it?

--
moto
Code: [Select]
10  IT\'S THE FINAL COUNTDOWN
20  FOR C = 1 TO 2
30     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NAAAA
40     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NA-NA-NAAAAA
50  NEXT C
60  NA-NA-NAAAA
70  NA-NA NA-NA-NA-NA-NAAAA NAAA-NAAAAAAAAAAA
80  GOTO 10
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
  • Total likes: 0
    • http://www.iki.fi/sintonen/
Re: Linux virus/spyware?
« Reply #3 on: February 05, 2010, 08:38:29 PM »
The most likely explanation is that she was tricked to give away her credentials somehow: phishing website or similar. That is by far the most effective way to steal logins.
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
  • Total likes: 0
    • http://www.iki.fi/sintonen/
Re: Linux virus/spyware?
« Reply #4 on: February 05, 2010, 08:39:23 PM »
Quote from: motorollin;541726
Cheers Karlos. How do they work? What would she need to have done to fall victim to it?


http://www.google.com/search?q=paypal+phishing
 

Offline motorollin

Re: Linux virus/spyware?
« Reply #5 on: February 05, 2010, 08:43:15 PM »
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.

--
moto
Code: [Select]
10  IT\'S THE FINAL COUNTDOWN
20  FOR C = 1 TO 2
30     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NAAAA
40     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NA-NA-NAAAAA
50  NEXT C
60  NA-NA-NAAAA
70  NA-NA NA-NA-NA-NA-NAAAA NAAA-NAAAAAAAAAAA
80  GOTO 10
 

Offline Karlos

Re: Linux virus/spyware?
« Reply #6 on: February 05, 2010, 08:47:10 PM »
Quote from: motorollin;541729
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.

--
moto

Well, there are quite a few methods. She might not respond to phishing emails but there are other ways to catch people. Cross site scripting hacks basically involve the injecting malicious code into otherwise legitimate sites and using that to steal details:

http://en.wikipedia.org/wiki/Cross-site_scripting

The following firefox "noscript" plugin is pretty useful and is regularly updated: http://noscript.net/
int p; // A
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
  • Total likes: 0
    • http://www.iki.fi/sintonen/
Re: Linux virus/spyware?
« Reply #7 on: February 05, 2010, 08:49:27 PM »
Quote from: motorollin;541729
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
Well, paypal itself has had multiple Cross-Site Scripting vulnerabilities in the past. These could be abused to modify the website functionality and to steal login credentials. For the attack to work the user would still have to follow a link provided by the attacker (but it'd appear to be http://www.paypal.com).

For example: http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html

Observe.

The user lands the link provided by the attacker and enters the credentials:


The attacker modified website functionality could send the credentials to any address. In this example the website does not exist, however:
« Last Edit: February 05, 2010, 08:53:41 PM by Piru »
 

Offline Karlos

Re: Linux virus/spyware?
« Reply #8 on: February 05, 2010, 09:01:09 PM »
Quote from: Piru;541732
For example: http://news.netcraft.com/archives/2008/05/16/paypal_xss_vulnerability_undermines_ev_ssl_security.html


Quote
A security researcher in Finland has discovered a cross-site scripting vulnerability on paypal.com that would allow hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.


Was it you?
int p; // A
 

Offline motorollin

Re: Linux virus/spyware?
« Reply #9 on: February 05, 2010, 09:54:35 PM »
Thanks guys. Those explanations make sense to me, though I'm not sure she'll buy it. She is adamant she hasn't responded directly to any phishing attempts and that the only logical explanation is a virus. Despite the fact that I've told her that Linux isn't really vulnerable to viruses, she is still keen to run a virus scan. So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o

--
moto
Code: [Select]
10  IT\'S THE FINAL COUNTDOWN
20  FOR C = 1 TO 2
30     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NAAAA
40     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NA-NA-NAAAAA
50  NEXT C
60  NA-NA-NAAAA
70  NA-NA NA-NA-NA-NA-NAAAA NAAA-NAAAAAAAAAAA
80  GOTO 10
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
  • Total likes: 0
    • http://www.iki.fi/sintonen/
Re: Linux virus/spyware?
« Reply #10 on: February 05, 2010, 10:07:21 PM »
Quote from: motorollin;541738
So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o


http://www.clamav.net/download/packages/packages-linux/
 

Offline Fats

Re: Linux virus/spyware?
« Reply #11 on: February 05, 2010, 10:10:00 PM »
Quote from: motorollin;541738
So I'm faced with trying to talk her through installing a virus scanner on Linux when I don't even know how to do it myself 0_o

--
moto


You could ask to install chkrootkit and run it once to get her feel more comfortable. Although Linux viruses are possible in theory on Linux I haven't seen or heard about any onces that really could proliferate.

greets,
Staf.
Trust me...                                              I know what I\'m doing
 

Offline the_leander

Re: Linux virus/spyware?
« Reply #12 on: February 05, 2010, 11:38:16 PM »
Quote from: motorollin;541729
@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.


Facebook has been a breeding ground for such attacks for a while. I believe Twitter too has had its fair share.

For them to work, you need only browse an infected page as I understand it.

In the end it was their proliferation on Facebook that caused me to delete my account with them. It just felt like tempting fate too much.

Sorry to hear your sister has had issues.
Blessed Be,
Alan Fisher - the_leander

[SIGPIC]http://www.extropia.co.uk/theleander/[/SIGPIC]
 

Offline motorollin

Re: Linux virus/spyware?
« Reply #13 on: February 06, 2010, 06:36:42 PM »
Thanks guys. The good news is that PayPal have agreed to refund the £1,000!

--
moto
Code: [Select]
10  IT\'S THE FINAL COUNTDOWN
20  FOR C = 1 TO 2
30     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NAAAA
40     DA-NA-NAAAA-NAAAA DA-NA-NA-NA-NA-NA-NAAAAA
50  NEXT C
60  NA-NA-NAAAA
70  NA-NA NA-NA-NA-NA-NAAAA NAAA-NAAAAAAAAAAA
80  GOTO 10