[OFB Cafe] Potential Spyware Site
Donald R Spoon
drspoon at sbcglobal.net
Wed Jul 16 22:33:01 CDT 2008
My wife was doing a web search on fire ant bites this evening and all of
a sudden her web-browser was Hijacked. The site is unknown at this
moment, but it first did a webscan of the computer then reported a whole
bunch of spyware and trojan "infections" and offered to remove them.
When she refused another box come up for you to download their program.
It was supposed to be a spyware scanner called XPAinstall and demanded
to either install it or have a location to save it to. It was an EXE
file for Winders. You couldn't get out of this screen... no matter what
you did you wound back up at this point. There wasn't any "graceful"
exit. About this time she called me...
She was running Iceape under Debian "stable" as her web browser. This
is the first time I have seen a Winders hijack take over a Linux
program, but I suppose that Mozilla being a cross-os application has
something to do with it... It seemed to think I was running Winders XP,
but I wasn't, and the "system info" box on the original screen
identified Mozilla 1.8 as he browser and Linux as the OS. I believe
IceApe is running Mozilla1.8 or so, while Iceweasle is running 2.0.
I tried my usual tricks, but couldn't break the loop either. I finally
exited Mozilla altogether, which lost her links she was exploring....
not a great loss, but I couldn't trace the "offending" web site. I can't
find any "problem" with my linux system so far... I did some research
and found that Macafee had this blurb on it:
http://tinyurl.com/5btsub. It seem like once you install their scanner
you also get several other malware programs in the deal!!
I also did a google search on "spywareadvancedscanner.com" and found
Google was a bit suspicious too. It looks like a couple of other sites
are spreading this one now.
Just one man's experience FWIW.
Cheers,
-Don Spoon-
More information about the Cafe
mailing list