Author Topic: A virus in Linux? [solved]  (Read 2365 times)

0 Members and 1 Guest are viewing this topic.

Offline mikep

  • Full Member
  • ***
  • Posts: 213
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
A virus in Linux? [solved]
« on: December 04, 2016, 08:23:18 pm »
I'm having a problem with Yahoo in Ubuntu 14.04. Basically it's seized up, but the worrying part is that is says "transferring data from s.yimg.com", which appears to be a virus.

Only Yahoo sems to be affected so far, but it's the same story on a laptop and a desktop, both running 14.04.

Any ideas please?
« Last Edit: December 06, 2016, 11:41:59 pm by mikep »

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 16921
  • Karma: 426
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: A virus in Linux?
« Reply #1 on: December 04, 2016, 10:09:18 pm »
It's not going to be a "virus", it's actually registered by Yahoo

s.yimg.com resolves to 217.12.1.151

and a whois lookup says
Code: [Select]
whois 217.12.1.151
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '217.12.0.0 - 217.12.2.255'

% Abuse contact for '217.12.0.0 - 217.12.2.255' is 'abuse@yahoo-inc.com'

inetnum:        217.12.0.0 - 217.12.2.255
netname:        YAHOONET
descr:          Yahoo! Europe
descr:          =======================================
descr:          Abuse reports to uk-abuse@cc.yahoo-inc.com
descr:          =======================================
country:        GB
admin-c:        YEU-RIPE
tech-c:         YEU-RIPE
status:         ASSIGNED PA
mnt-by:         YAHOO-MNT
created:        2004-10-22T10:38:15Z
last-modified:  2006-10-13T14:12:57Z
source:         RIPE

role:           Yahoo Europe Operations Department
address:        Yahoo Europe Operations
address:        125 Shaftesbury Avenue
address:        London
address:        WC2H 8AD
remarks:        trouble: uk-abuse@cc.yahoo-inc.com
admin-c:        NA1231-RIPE
tech-c:         NA1231-RIPE
tech-c:         IG1154-RIPE
nic-hdl:        YEU-RIPE
mnt-by:         YAHOO-MNT
created:        2005-02-21T10:54:13Z
last-modified:  2014-03-25T20:11:11Z
source:         RIPE # Filtered
abuse-mailbox:  uk-abuse@cc.yahoo-inc.com

% Information related to '217.12.0.0/20AS15635'

route:          217.12.0.0/20
descr:          Yahoo-EU-NET
origin:         AS15635
mnt-by:         YAHOO-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:33:24Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.88 (WAGYU)

You could try clearing your web browser cache then restarting your browser .. and/or disabling any browser add-ons.

But as I said, it's NOT a "virus", if anything it'd be a simple hijacker .. but most likely just yahoo serving up adverts or something.

If in doubt and paranoid, reset your browser back to defaults by renaming it's config directory in your home folder .. if you want to do this (but be aware you'll loose ALL passwords/bookmarks/etc.) and you're running Firefox...

With Firefox closed, run:
Code: [Select]
mv -v ~/.mozilla ~/.mozilla-backup
now when you next open firefox it will be back to defaults and completely clean
« Last Edit: December 04, 2016, 10:12:45 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Full Member
  • ***
  • Posts: 213
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: A virus in Linux?
« Reply #2 on: December 05, 2016, 11:46:36 pm »
Thanks Mark,
As long as it's not a virus I think I'll do nothing. I've since discovered the problem doesn't exist in chromium, so I'll use that for Yahoo.

I'm still a bit baffled though. I thought these things couldn't sneak through in linux. I'm beginning to wonder about Firefox, although I like several of it's features enough to keep it in reserve..

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 16921
  • Karma: 426
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: A virus in Linux?
« Reply #3 on: December 06, 2016, 12:24:06 am »
Browser hijackers (or any other browser based hack) CAN "get into Linux", but they cannot do anything outside your home folder.

In fact they're unlikely to even break out of your browser config directory (hidden folder in your home folder).

So they can do limited (or no) damage.
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Full Member
  • ***
  • Posts: 213
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: A virus in Linux?
« Reply #4 on: December 06, 2016, 01:23:30 am »
OK thanks Mark,

Is there a browser you'd particularly recommend? As I said, FF has a couple of features I like, but otherwise it seems to be getting slow and saying "Well, this is embarrassing" a bit too often.

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 16921
  • Karma: 426
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: A virus in Linux?
« Reply #5 on: December 06, 2016, 02:49:26 pm »
Not really, Firefox has always been my firm favourite .. so if I were to recommend one it'd be Firefox.

Take your pick, there's a load of em out there ;)
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Full Member
  • ***
  • Posts: 213
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: A virus in Linux?
« Reply #6 on: December 06, 2016, 11:40:43 pm »
OK thanks Mark,

I'll stick with FF and Chromium for now, then.

Your help much appreciated as always. I'll mark this solved now.

M

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal