Potentially Infected (java driveby) - GNU/Linux
Users browsing this thread: 4 Guest(s)
|
|||
So, I'm potentially infected by a java driveby. I accessed a webpage in iceweasel containing the malicious code without running noscript. To the best of my knowledge, if the skid who owned the website configured it to target GNU/Linux, it could very effectively, but he only had it configured to target Windows.
How can I check to make sure I am secure and not infected? I purged sun-java6-jre and installed NoScript in case I was lucky, but how can I be sure? What areas of my system should I be concerned about? For what it's worth, I was running ghostery and betterprivacy when page in question was accessed. |
|||
|
|||
No.
I don't think it needs to be run as root to compromise your system. It has to do with vulnerable versions of java. |
|||
|
|||
Yes but if it wasn't run as root then whatever was in the drive by (rat/keylogger etc) will not have permissions to do anything fatal
I do Byte
|
|||
|
|||
I'm pretty sure the security hole in older versions of java (Debian ftw!) allows the malicious code to circumvent that.
Basically, I just want a list of everything I'd need to monitor to see if a careless skid was up to something and perhaps the names of some packages which do that. That's it. I want to check for myself. |
|||
|
|||
I agree with NeoTerra. Nuke and pave.
BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.
Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC. |
|||
|
|||
I once tried to access the popular matrix private runescape server when I used debian, it erased my home directory. This was via the web browser and on windows it ran perfectly. I have no idea why this happened but it was the official server and not some java drive by, I should really report it but I can't be bothered.
|
|||
|
|||
check ss and netstat.
I dont know much about virusish |
|||
|
|||
Yup Simon!
Or as Neo told you, reinstall. It's always the best choice :) |
|||
|
|||
Install firestarter and have a look at the events and use the terminal to find out what application is causing it and if there is one you never authorize. Then you know.
Javadriveby does not need root privileges to harm your system. If java is old then well it will run. Normally you know by how much resources your browser is using. If the windows starts dimming down and web pages slow down then chances are its done something to you. Wireshark is ideal for spotting exactly what is going in and out of your computer so maybe look in to that if it happens again. |
|||
|
|||
htop to see if there are any weird processes.Also do netstat when all the connections you initiated are closed so you know what exactly is going in and out. ss also is a great utility. what more, get a firewall up and running. I would prefer a gui if it was for me since its annoying to handle the cli at such times. but up to you. And keep a track of what services are added to the startup. Just a few common steps towards confirmation
|
|||
|
|||
|
|||