after infection, if you log in as a different user, does the infection still work?! I am asking this because I know that the UNIX multi-user system prevents one user's account from infecting the others.

PS: LOL this was funny after I remembered my mac getting infected by a rouge antivirus. "Macs don't get viruses" yeah, right. Now I will remember to be more careful as I surf 0.o

Iptables u can use scripts to prevent ddos attacks and such to migrate your firewall, but u know sometimes it is hard to stop all bot net because these kids rather use their skills and knowledge to exploit and attack users instead to use linux and put ur skills in a smart professional manner, like me i can attack users and do all that, but. i rather use my skills in linux and do good to the community instead of bad,, i rather teach instead of being selfish and attacking people. no skills in that

Yeah these script kiddies rather make exploits such as that , and as well on yahooo chat networks and IRC chat networks , this been going on since the 90's hehe .. but u know linux is well secured in the last 12 years using debian, and slackware and fedora core i never had a virus thought i did got some "DOS" attacks which cause my interface to have a buffer / packet overflow and disconnect and had to manually reset my modem eh.. i dont usually use a fire i mainly work with IPTABLES :] thats it

This is a very informative video! Especially on tracking down the IP address, I've never been hit by Linux malware, but I'm a long term Linux user and I worry about my security.

I like this video :) Faved, liked and subscribed. Thank you :D

i cant understand why people like decorating their desktops with these shit wallpapers, add a normal girl on your desktop dude!!

@TheMitsaras98 I would, but art is a bit more politically correct

Excellent Job. Great info indeed.

Sid@linux.

Also; a few of us (myself 2) have been hit by other malware on various Linux Distros (incl. Ubuntu). One of my first was a Screensaver on Gnomelook dôt_org (replace dôt_org), which most Linux users should know about. Honestly, I don't think Linux is any different from Windows, in terms of the potential of getting infected by malware. Tbh, I think it's even easier on Linux based OS's. Even Macs are easier to exploit: nakedsecurity.sophos dôt_com/2011/10/03/mac-malware­-history/ (replace dôt_com).

Btw, thanks quidsup! You are one of the very few ppl, that actually admits getting hit by malware. On top of that, you even show HOW you presume it happend. I wish more Linux users were this open. This way, you actually help the community, by opening their eyes and telling them about the threats Linux users have, but which most (mostly the elitest and very hardcore fans) on the forums try to talk down or push it on something else, everything else, but the Operating System. Again: Thank you.

@AleXy86 Good point, thanks. More people need to know there is a threat out there. Have you seen I uploaded a video yesterday showing how I decoded a similar piece of malicious JavaScript that I talked about hitting me in this vid?

@quidsup Nope, haven't yet. I will do right now, though. Thanks for the tip! How do you find out about the malicious security concerns anyway (I mean, without any security solution)? You must be observing your system very closely. It's awesome! Maybe you could do a longer video and mention various security threats for home users, running a Linux based Distro (like, for example: Ubuntu). You have the know-how and the links below should give you some direct examples too. Anyway, keep it up! Thx.

Install a security solution (Antivirus, stronger Firewall etc.) like one from Sophos, Symantec or Kaspersky, just to be sure. The freebies are fine, the paid ones offer more though. This is not the only malware on Linux (there are a lot more already known and probably a lot more unknown). One general rule, that OS users learned in the mid 90's: No system is really secure. It can always be targeted and hit by something. Thus: You can only try to make it a bit safer but not 100% safe.

@AleXy86 Yeah I expect theres a whole lot more malware for Linux. At least some payfor AV makers are producing Linux versions, no doubt in response to the increased threat and a larger number of users using Linux.

@quidsup Yup, true. And what's even better: Most of the payfor security solutions are cheap and some are even for free. Like Android, the more popular something becomes, the higher the threat gets.

will add-ons like noscript protect you from this type of attack?

@MrDoscrazy Yes it would have done

MIKU<3

I had doubts to install or not to install wine, and after reading your work (especially the part about viruses with wine), you help me solve the dilemma of wine. It is better to find a replacement for some program insted to use Wine.

Thanks :D

viruses kill them all

@Hi675445 If only that was possible...

I have to admit, you scared me for a second there. Then I thought that out of your years in using Ubuntu, the many combined years of other people using Ubuntu, and this being the first Linux-based virus attack I have ever heard of... well... I'd say we're pretty safe ^-^

@XmasterjamoX I think we'll see more Browser based attacks over the next few years targeting Linux because of Android's popularity.

As long as you're not clicking on stupid links like I did you'll be alright.

@XmasterjamoX This hasn't been the first known security threat. For Mac AND Ubuntu examples: 1) nakedsecurity.sophos dot_com/2011/10/03/mac-malware­-history/ (replace dot_com). 2) Google for "Malware Gnome Look" (Screensaver) & look up the off. Ubuntu forums for a thread about this (only few users even noticed it, bc lacking sec. software installed). 3) answers.launchpad dot_net/ubuntu/+question/53948 (replace dot_net) 4) en.wikipedia dot_org/wiki/Linux_malware (replace dot_org) -- to name a few.

stop using adobe flash, or at least use flashblock for christ sake.

@tefan That takes the fun out of things. I will get around to using flashblock soon

That's why I don't ever download torrents.

Thanks for the reply happy new year.

Hi there, do you mind if a ask you

how did you get rid of the virus that hit you

thanks!?

@tArikeDuardo Fortunately I had done a full disk backup a couple of days before, so I restored that but lost a couple of days worth of work.

Now I know how to use netstat I might be able to find & remove a virus and not have to completely flatten the machine

@quidsup A great program for this is "EtherApe" search it in software center it's great it show all connections graphically, Very useful also you should use wireshark.

@silageman Thanks I hadn't heard of EtherApe before. I would have mentioned Wireshark but thats beyond most people

Love your Anime babes background!

Great vid Quids. Appreciate the work you put in to this vid and the other's.

@TheKC1ML Cheers mate

tutut, been a naughty boy then..

@sneekylinux lol no no not me :-)

about wine that the viruses may spread furher in the linux, how? how can a windows virus infect a linux machine? :S

Firefox is inherently insecure, you should you chrome.

@TheHackerCrab I never get on that well with Chrome

@quidsup Can you get chrome for linux?

@chefslot Certainly can

umm ive been on pirate bay and if you said the link was naughty something then you clicked on somethen like a s*x link lol but first of all you never go on ad's ever even more so on pirate bay rule 1 never click ads lol

@GAMINGfinaticts Yeah lesson learnt

haha man they picked the wrong dude to mess with.

Do you use the flashblock extension for Firefox or a browser that allows you to manually load plugins, like Opera? If not, wouldn't they have prevented this?

@Radexw @TheOriginalRuskin Both of your problems might be related to the graphics. I had freezing ubuntu and bad graphics, so I had to update xserver-xorg-video-intel and others using xorg-edgers ppa. It is known to break unity, but I got it working.

How did you solve the issue? Did you have to remove a virus from your main system or reinstall Ubuntu?

Would this have happened to your main system had you been using Ubuntu in VirtualBox?

@Laoch111 Fortunately I had taken a full disk backup a couple of days before so I restored it and sacrificed a couple of days worth of changes

@Laoch111 It could have infected a VM, no worries if it had they're expendable

Hi. good vid. Could anybody help me? I like ubuntu 11.10 but after i install ubuntu it moves fine , but after installing updates and rebooting de sistem everything slows down. The aplications opens slowly and also when im moving the windows they are moving slow.So its anybody that could help me?

Hey, someone help me. I installed Ubuntu on my other Computer, however I have had some problems. It keeps randomly freezing, and every 5 minutes. I have to remove power to get it working again. someone help?

@sdperez79 Yes Ubuntu will remain my primary Distro

@userslim2 I know but all this fancy stuff is too nice

Well well well...Oops! ,....What to say here?!! Yes HTML5 can be the best !dea... umm... even though, Linux is being developed by thousand software developer around the world..... So, Whoever creating android or Linux virus and being successful, is very smart and intelligent! ... So what will be the point for computing!!... Free project or commercial project.... nothing izz safe because of hacker,, malware ....bla bla bal.........xD......Bro another nice upload......:)

@sabbir2world Cheers Bro. Nope nothing is safe. These smart people deserve a job with AV or software companies

Hay pal..Is that means am I need to install antivirus softweare

@kokila550 Not much point for Linux, a firewall - either UFW or Firestarter is sufficient

lol browsing n00b ^^ , thanks for the "info" jk

thanks so much.

Great video, thanks for sharing.

Get Opera.

Pay no attention to the micro-trolls as this sort of stuff happens to everyone - regardless of OS or security. Glad to see you're back up and running. It's never fun seeing a linux virus/malware out in the wild. Hopefully it gets taken care of quickly. Cheers!

For malware and viruses would it make any difference if one uses Chrome browser rather than Firefox?

@InnerCityMuscle Im not sure it makes a lot of difference. Even if Chrome started off being more secure its rising popularity will make it a bigger target for Malware

malware is always "fun"

Ran ShieldsUP in Ubuntu 11.10 without any firewall, and it showed my computer as being completely stealthed. Maybe the test is out-dated, or maybe it's showing Ubuntu's already great default security?

Excellent. I've been ubuntu since 7.04 and never hit. I also do pirate. I've got basic gufw install but does linux need more? Could you do some vids on what security measures you think linux needs? The blogs are either don't worry or prepare for armageddon.

@euclidt Basic Firewall is fine. Im doing a Intrusion detection course next week, so Im sure I'll pick up some useful tips on what we really need for Linux. Cheers

Someone was downloading some hentai. 

By the Way quids i wanted to tell you that java and flash are commonly the two culprits for infecting linux java and flash are both cross platform

You must be really stupid to get a virus on Windows 7 within the first few months, and it effect you in a really bad way. I've simply got Microsoft Security Essentials on, when it finds an infection, you click remove and go on with your day. It's because you probably download loads of potentially funny files on a regular basis...

@windowspczone All that Security stuff in Windows 7 winds me up. I don't appreciate it treating me like an idiot so I turn it all off

@quidsup Haha that's the most ridiculous thing I've heard in a while! You can't blame Windows when it comes to security if you turn it all off, to make your self feel better as you don't want to feel like an idiot... haha, oh dear.

This is why I'm starting to dislike Flash because of the security flaws it has. Being cross-platform means some exploits can be used to attack different operating systems (as quidsup explained).

HTML5 is the way to go.

@sk8rked Too right HTML5 is the way to go

:o Miku, ur a Miku fan?

I do remember hearing about Flash being vulnerable (I remember because it effected all operating system that use Flash). I thought this got fixed?! It may not even be the same thing I'm thinking of. The detail goes a bit over my head but nevertheless it's fascinating :)

Thanks for explaining what happened.

@mousegeek Quite right there was one a few months back about a cross platform vulnerability in Flash player.

Seems to be the way with software in general that one exploit gets patched then another one is soon found.

Cheers

love the videos man!

First virus in 2 years, lol. I have been using Ubuntu for like 3 years and not got a single virus ever. I have got graphics collapses and wiped my drive many times by mistake in a partition editor, but viruses. They just don't exist in Linux as I already said. Linux is designed to be secure.

@LewisHNL Wish I had managed to go for 3 years or more without a virus. Its done pretty well considering what the world is like now.

The only system I've used that lasted longer was DOS which back then for me was never connected to the Internet

hehe.... that was great video... was thinking when viruses are gona start on Linux :)

BTW... You are like Lenard from "The Big Bang Theory", you have a thing for animated girls :D

@XW0RKS lol cheers

What I mean is that it cannot modify the system and usually they cannot access user data either.

@quidsup Can I just ask if this effected the entire system or just the browser, because I really dont understand this. Linux is virtually virus-proof, maybe if it exploited a hole in Firefox it could destroy Firefox, but for one thing, Linux requires the user (or Admin) password for all system altering programs. I don't mean to insult you, but you seem to be scaring people that they will just get viruses. Linux computers in general don't get viruses. Viruses in Linux can only infect program/data

@LewisHNL My thoughts were the same as yours that Linux is pretty much virus proof.

I found my system beaconing out to a Polish IP through Wireshark. The packets didn't contain anything much. There were no other apps open on my system and it still did that after a shutdown & reboot.

Wish I had remembered how to use netstat or at least managed to keep keep a copy of what happened.

But I played it safe and restored a full disk backup that I took a couple of days before.

@quidsup Oh kl, tbh I don't torrent, so I don't usually get viruses much on Windows computers, but, if I leave a Windows computer with my parents (who don't torrent, but do have problems sometimes telling whats a fake website, etc.) they get infected pretty after a while. On my linux box, i don't. And btw, can you try to find out what exploit this used?

@LewisHNL Linux is NOT virus proof. It's really time for people to realize that. Once some small exploit in the browser / Flash / file browser / thumbnail generator / pdf viewer etc enables you to execute arbitrary code, the game is over. You don't need root privileges to compromise the system, keyloggers work fine without root access.

And even if you go for root, it isn't unbreakable. Search here on youtube for "Linux root exploit" plenty of them.

@SeltsamerAttraktor I think most people know that it's not virus proof. Nothing that's electronic is virus proof... BUT it's Highly Improbable that you'll get a virus using *nix. Again, highly improbable doesn't equal impossible, but it's still better than Windows.

@SeltsamerAttraktor Find me a Linux virus that works on an updated Ubuntu 11.10 distro and I'll accept I'm wrong, until then, your talking shit.

@LewisHNL

3of3

Recent examples? CVE-2011-3544, CVE-2011-2494. And plenty more. Remember that local root exploit living in the kernel for over _8 years_?

And remember, all it takes is a little flaw in your Browser, $PDFReader, Flash, Java, $filebrowser, $randommedialib, etc.

So stfu, YOU are talking shit here.

@SeltsamerAttraktor These are local exploits which could be used, but again, I have no evidence of them being used maliciously.

@LewisHNL

2of3

Want a true virus? Just pay attention to all the patches landing on your box. These were once threatening vulnerabilities allowing evil guys to exploit them and built all kinds of malicious software around them. These guys trade vulnerabilities, and once Ubuntu/Linux reaches a certain market share, they _will_ make use of them.

@SeltsamerAttraktor As you say, there are exploits in Ubuntu, but they are patched before they are exploited, so there are no linux viruses, an exploit/bug isn't a virus until it is exploited!

@LewisHNL A vulnerability can potentially be exploited for a virus, that's what I said. And before it gets patched it was there to be used by malicious guys for an unknown period of time. Once Ubuntu / Linux is a valuable target, it _will_ get targeted and we will see plenty of viruses. There is no magical technology employed in the kernel or so that could prevent that from happening. Stop your shitty propaganda, it only hurts Linux by making people less aware of the threats.

@SeltsamerAttraktor I am not employing Linux propaganda, but showing a realist review, atm Linux viruses don't exist, they could do very soon, but, when that happens, it is still very unlikely that they will immediately become advanced and infect every popular normal site, so there is no need for anti-virus or commotion (which is the distinction from Windows).

@LewisHNL That is true, your previous statements however are not:

"Linux is virtually virus-proof, maybe if it exploited a hole in Firefox it could destroy Firefox, but for one thing, Linux requires the user (or Admin) password for all system altering programs. I don't mean to insult you, but you seem to be scaring people that they will just get viruses. Linux computers in general don't get viruses. Viruses in Linux can only infect program/data"

"Linux is designed to be secure."

@SeltsamerAttraktor Sure, maybe I was being a little to strong in my language but it is essentially true.

@LewisHNL

1of3

lol are you kidding me? Moving the goal post and double standards?

You said it yourself:

"if I leave a Windows computer with my parents (who [..] have problems sometimes telling whats a fake website, etc.) they get infected pretty after a while"

These are trojans, requiring a user to fall for them, not viruses. Want a Linux trojan? Go to gnome-look dot or or similar. There have been found plenty of them.

@SeltsamerAttraktor I have used gnome-look on many occasions and never got a virus. And you say they installed them, that is not at all what I meant, they aren't that stupid, they often go on dodgy websites by mistake, but they never install trojans.

are you making money of your videos because you should

@dka069 I make a bit of money through ad revenue... then end up donating most of it back to the Open Source community

@quidsup nice thats real cool of you and great vids

The url is offline now. And you didn't do any forensics with a live cd? I'd really like to analyse this stuff further.

@SeltsamerAttraktor Yes I looked at it at work using Malzilla and some Javascript decoding tricks I've learnt.

It was an encrypted JS which had exploits for nearly every OS - Win, Mac, Linux, BSD. The Windows exe payload was forced down through ActiveX or Sun JS App files. The Linux payload was through Flash player via some Shellcode.

Trouble is I asked for that PC to be rebuilt so no longer have a copy of the code :-(

There will be another soon enough and I can explain it then

@quidsup on the first time watching this video I didn't quite get it what kind of malware you encountered there (currently pre loading 1080p to be able to read the url and such). Was that thing targeting Windows systems and only hit you too because of cross platform software like Flash / FF plugin, or was the malware itself cross platform and thus explicitly targeting also Ubuntu / Linux systems? If the latter, I would applaud. Its time for it, and for people to get more aware of the danger.

Did you notice that YouTube is not a Firefox friendly website anymore ?

Icons on others channels sections, changed, even my avatar picture changed of size. =( On Opera, everything is fine. Anyway, this trick will not make me change for another browser. It's Mozilla firefox who launched the free of malware and spyware and stopped personnal data theft, not IE or what was not even in Google's heads =)

@IceFritzLanger I found YT to become slower and slower on FF, and some things don't work the way they should. The remove buttons of videos in playlists for example. Sometimes they work, most of the times they don't.

Quite worrisome what Google is doing there.

In fact it's a good thing it happened to you, you can teach us how it gets there and how to remove it =) Thanks Doc

@IceFritzLanger lol Good point. Cheers

stuxnet

@murtagh232 Yes thats right

window is more secure than this, if you use a secure browser then you wont get viruses on windows, thats why i use chromium its got less security holes than firefox, and its a lot more secure

@ADIMM0 Yes a window is more unlikely to get infected by viruses. But if you are referring to microsoft windows then no would be the answer. Of course every device connected to the internet are in risk of getting a virus, but almost no virus are programmed to harm anything other than windows.. So even here it can't damage the system, only Windows Systems.. So saying the windows is more secure is straight up Bullshit. Sorry

Strange, I just woke up from having a dream where my Lubuntu laptop was seriously infected with a virus,...

@munchluxe63 lol what a random dream

What virus? Quidsup, this is not virus. This is malware and not even dangerous. It jsut redirects your browser.

@MrEpaneznam True, but as I said in an earlier comment, it can be dangerous if it asks for root permission and you for some odd reason type in your password. I got a mal like that once. Also if you do root things and have a malware on your browser, and your browser is on. So don't be naive. It can be dangerous if you are "braindead" at the moment.

@MrEpaneznam It didn't redirect the first time thats the problem, it executed malicious javascript with a Windows exe payload that didn't show up in Google, and somesort of Shellcode against Flash player for Linux

Would the NOSCRIPT addon for Firefox have prevented this?

@HogRider357 Absolutely, it started with a malicious javascript, so noscript would have blocked it.

Doesn't noscript block a load of useful stuff? Thats what I thought might happen so hadn't tried it out before

@quidsup Yes it basically blocks everything - flash, java and so on. You can train it like a firewall and tell it to allow things permanently or temporarily. I use it on my Win7 machine in FF when I surf to unknown web sites.

@HogRider357 Thanks, I'll try it out

It's not viruses. These are malware. What people do is They use chrome and firefox extension / add-on scripts you have to click apply on, which you've obviously done. They can only mess with you browser's cache files As these extensions can only be read by your browser, and not the system itself

They can obviously only mess with your system stuff if it asks for root permission.

Clean your cache with bleachbit.

A bigger danger would be if you open up firefox And are in root at the same time.

@blackoutworm I know you mean there but it wasn't that. It was a definite driveby download with some sort of malware. I could see it beaconing out in Wireshark without any other apps open

@quidsup Okay. Because these things have happened to me before. And then it asked for root permission and messed up my browsers cache, and all that stuff. I believe it was on a rule34 site, and I use chromium.

@blackoutworm BS. FF doesn't need to run as root. It takes only two exploits: executing random code with user permissions ( FF / Flash / PDF Reader / JPG Preview / .. ), and then a root exploit (search here on youtube for examples). But then again, the system doesn't need to be compromised, only the user account, to spy on the user (keylogger and such), so only one tiny exploit.

You could also just package a deb with a screen saver and dump it unto gnome-look org. Even Linux folks fall for it.

@SeltsamerAttraktor I never said firefox need to run as root.

If you are logged in with root account while firefox is open. That's what I said.

For instance, if you use synaptic or the terminal for something.

I made a little mistake in my first comment =) I meant not THE ONLY THING which I like in ubuntu, I meant one of the the best things which I love in Ubuntu =))) sounds better I think

What's a virus? LOL. Sorry, I couldn't resist. Ironic, my Windows 7 machines have remained infection free so far, with good AV shields of course, but here you are...

@tostoday lol you need to go on some dodgy websites mate... or maybe you have and the AV can't see it

@quidsup Haha, maybe, either way, my PC still has been running smoothly since launch. This shows, however that nothing is impossible.

@tostoday Thats good going. I had to boot into Windows a few days ago (first time in about 3 months). My patience ran out at the end when it told me not to Unplug the computer... So I pressed the reset button. That'll be ok won't it? hehe

@quidsup Sure, go ahead with the "magic" reset button ;). Honestly, Win 7 for me has been flawless, surprisingly so I must admit but MS got this one right.

Thanks for the "heads up."

Some one at work asked me about viruses in linux and i told them that using windows with the best up to date antivirus was still more likely to get infected then a linux system with no antivirus. Would you agree with that statement or was i exaggerating? I was hit 4 times this year with mallware in windows, it was so bad i had to have some one fix it for me.

Any way we can get a copy of that paper you wrote? I thought it was very good.

@TBear0574 That statement is absolutely correct. Sorry to hear things got that bad with Windows, guess its not that surprising really from the amount of systems I've seen infested with malware. Makes for a good incentive to try Linux.

Sure heres a link to my paper: t(dot)co/aGXaai58

linux sucks ass install bsd

@nw0n since this is a browser thing and has nothing to do with what OS you are running, it would happen regardless. BSD, linux, Mac or Windows.

The only thing I really proud of Ubuntu is that you can actually count "viruses" on it mean while on Windows you have to stay on guard 24 h to not get virus. Anyway great video quidsup, waiting for other interesting videos.

@Icekroni Good point. I couldn't even guess how many viruses there are for Windows - hundreds of thousands / millions? Cheers

How can yo avoid this..? Is there some type of antivirus..?

@SuperDanny93 The AV checkers for Linux are built to catch Windows viruses, so for a home user there isn't any point in using them. In time if the problem gets a lot worse we will start seeing AV checkers specifically built for Desktop Linux.

As I mentioned it took me over two years before I got hit, and to be honest I was being a bit stupid clicking on links from Torrent sites.

@quidsup Oh okay lol. Thanks for the info..

@quidsup yes that can certainly cause problems. So what is best way to protect? Can't we just close that "infected ports" it really isn't that hard... And i think Linux is still 100 times secure than any other OS. Android is target , but with this wide range of community i doubt that it will ever cause problems, especially for desktop computers running desktop os like Ubuntu , Debian, Fedora , Susa , Arch...

@ivantomica Closing the infected ports is one option, but it doesn't really solve the cause of the problem.

I still suspect that one day an exploit in Android could spread to desktop Linux. But as you mention there is wide range of community, and Im sure they will fix any exploits very quickly