Announcement

Collapse
No announcement yet.

Some shady script in Phoronix opening shady ad in new tab

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Browser extensions are cross-platform

    Originally posted by Mat2 View Post
    Do You have any ideas on what could have caused the breach?
    I had only the SQLite Manager installed and it looked legitimate (likely I have installed it after the breach).
    There was no other suspicious activity, no EXE and ELF files on my disk were modified.
    That's the thing: a browser extension that does not use native operating system executables at all and simply runs in browser should be as OS-agnostic as a Flash game. If I had a machine stolen and didn't know what OS the thieves had installed but could push a program to it by a known IP address, that's exactly how I would do it. A browser extension that keylogs passphrases entered into websites, for instance, is a monetizable cross-platform attack that could target not only your online accounts but your bank accounts too if you ever bank online! Also, for that malicious login don't forget plain old phishing, man in the middle attacks on wifi access points-even with WPS if a weak passphrase is used, all the usual stuff.

    Comment


    • #12
      My computer has not been stolen and hasn't been used by anyone except me. These are the extensions that I currently use in Google Chrome:
      • "Top Stories" Section Remover
      • Adblock for Youtube?
      • Adblock Plus
      • Better History
      • Chromebleed
      • chromeIPass
      • Flashcontrol
      • Google Apps Script
      • Google Docs
      • Google Drawings
      • Google Voice (by Google)
      • Google+ Notifications
      • High Contrast
      • Image Properties Context Menu
      • KnowURL: Expand tiny short links
      • NetBeans Connector
      • NotScripts (like NoScript for Firefox but in Google Chrome)
      • Password Peek
      • Personal Blocklist (by Google)
      • Plus Minus (For showing/hiding anyone/group in the main stream, but does not work with new Google+ and still worked on by developer)
      • Radium (EPUB reader for Chrome)
      • Responsive Web Design Tester (for testing to see if a website will fit well with a mobile device)
      • Scientific Calculator
      • Secure Shell
      • Take me to my Youtube? Subscriptions (Automatically redirects you to Uploads only of your subscriptions.)
      • User-Agent Switcher for Chrome


      And that's about it. I don't think any of the extensions would trigger adcash.com to open up a malicious site, so I'm out of ideas now. Well, at least I did not see any tabs showing up with porn/malicious site today while surfing the Internet.

      Comment


      • #13
        Is anyone else seeing Adcash while using Phoronix?

        Originally posted by GraysonPeddie View Post
        My computer has not been stolen and hasn't been used by anyone except me. These are the extensions that I currently use in Google Chrome:
        • "Top Stories" Section Remover
        • Adblock for Youtube?
        • Adblock Plus
        • Better History
        • Chromebleed
        • chromeIPass
        • Flashcontrol
        • Google Apps Script
        • Google Docs
        • Google Drawings
        • Google Voice (by Google)
        • Google+ Notifications
        • High Contrast
        • Image Properties Context Menu
        • KnowURL: Expand tiny short links
        • NetBeans Connector
        • NotScripts (like NoScript for Firefox but in Google Chrome)
        • Password Peek
        • Personal Blocklist (by Google)
        • Plus Minus (For showing/hiding anyone/group in the main stream, but does not work with new Google+ and still worked on by developer)
        • Radium (EPUB reader for Chrome)
        • Responsive Web Design Tester (for testing to see if a website will fit well with a mobile device)
        • Scientific Calculator
        • Secure Shell
        • Take me to my Youtube? Subscriptions (Automatically redirects you to Uploads only of your subscriptions.)
        • User-Agent Switcher for Chrome


        And that's about it. I don't think any of the extensions would trigger adcash.com to open up a malicious site, so I'm out of ideas now. Well, at least I did not see any tabs showing up with porn/malicious site today while surfing the Internet.
        If this shows up surfing Phoronix from a live disk, the problem is at Phoronix or at an adserver used by Phoronix. If this is so a lot of users should see it, at least in a single geographic area using the same browser.

        If one user only see this and it does not reappear when using a live disk, but DOES reappear on the main OS, than the problem is on that computer. If the problem does not reappear at all, diagnosis after the fact is quite beyond me.

        I cannot evaluate the listed extensions as I do not have Chrome installed due to distrust of Google. It's a lot of extensions overall, you might do a Startpage search checking each extension one at a time to see if any malicious updates have been reported. There have been several cases in Firefox where an originally safe extension was subsequently monetized by the addition of adware to it, waiting for users to update to the malicious versions. Also, is it possible in Chrome for the author of a malicious extenson to hide it from being listed?

        If you don't want to use adblocking extensions or want to whitelist sites for other adservers, you might want to 127.0.0.1 out adcash.com in your /etc/hosts file to prevent ever connecting to them again.

        Comment


        • #14
          Yeah, I'm going to 127.0.0.1 them out. Thanks.

          Comment


          • #15
            Originally posted by Luke View Post
            There have been several cases in Firefox where an originally safe extension was subsequently monetized by the addition of adware to it, waiting for users to update to the malicious versions.
            The problem of extention monetization was in Chrome, not in Firefox (it was some kind of an RSS reader AFAIR).

            Comment


            • #16
              I heard a report of different extensions being made malicious in Firefox

              Originally posted by Mat2 View Post
              The problem of extention monetization was in Chrome, not in Firefox (it was some kind of an RSS reader AFAIR).
              I heard a report somewhere of this shit turning up in firefox extensions as well, but can't remember where. Anyway, if it can be done for one browser it can be done in another, as the basic concept is exactly the same. Whatever it was, I DO recall more than one extension was involved. The problem of updates that do things you don't want (mostly just bugs or function removal, though) is ugly enough I keep known good .mozilla directory tarballs in case I have to roll back a bad update. I especially worry about Ghostery going bad in the future given who bought it and it's importance. If I get a crapware version in the future I will simply roll back.

              Comment

              Working...
              X