CentOS - Apr 2009 - OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

My belief is that this is not possible, but there are many extremely
knowledgeable people participating on this list and I would like to
know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully
updated. Browser is Mozilla Firefox v.3.0.7.

I believe both times this happened, once yesterday and once today, I
was surfing on the web site of my favorite singer/musical group; or in
the forum, which is a highly restricted area. Today when it happened,
I believe I was looking at a video coming from YouTube.com

I contacted the webmaster, someone I communicate with frequently,
thinking that something on one or more of his web pages is infected,
but he wrote back, thinking that my box (dual boot MS Windows XP and
CentOS on the same hard drive) is infected by this malware and that
his web site is clean. Below is part of the description he sent me in
an email. I have seen the pop ups, a request to install
Install-2006-60.exe which I declined...., etc. Comes from
<http://antispywarepcscanner.com>  Is there any way the Firefox web
browser could have been corrupted by this, while using CentOS Linux?
 TIA!  Lanny

16.04.2009 | Malware Type: Browser Hijackers

Malware Description:
Antispywarepcscanner.com appears to be another web pimp of the
hazardous fake anti-spyware tool called Personal Antivirus. Do not get
flattered by the seemingly decent-looking and pleasant design of
Antispywarepcscanner.com website; the fact that it pushes rogue
anti-spyware automatically makes this domain a fraudulent one.
Besides, Antispywarepcscanner.com may act as an obsessive
browser-hijacker that redirects your web-surfing to its URL without
the slightest hint of your approval. The forced diverts to
Antispywarepcscanner.com are explainable by the fact that these
redirections are preceded by the intrusion of Zlob trojans that
obscurely trespass on your PC and forcedly modify browser settings.
When you hit Antispywarepcscanner.com, you will see either the
misleading advertising of Personal Antivirus scareware, or witness the
deceptive online scan performed by the above-mentioned rogue utility.
No matter what tricks the fraudsters prepared for you on
Antispywarepcscanner.com, do not believe a single thing you see on
that site. The advertising misinformation praising Personal Antivirus
is totally deceptive and ought to be ignored. The worst thing about
Antispywarepcscanner.com is that you will keep getting redirected
there until you do something about the malicious activity of the
corresponding hijacker on your computer. So, you first and the most
reasonable step should be Antispywarepcscanner.com hijacker removal.
After that, you are strongly recommended to check your system for
additional malware with the aid of a trustworthy automatic removal
tool

Lanny Marcus <lmmailinglists at gmail.com> wrote:
> the forum, which is a highly restricted area. Today when it happened,
what exactly is *it*? 
> Install-2006-60.exe which I declined...., etc. Comes from
> <http://antispywarepcscanner.com>  Is there any way the Firefox web
> browser could have been corrupted by this, while using CentOS Linux?
no.


-- 
Spiro Harvey                  Knossos Networks Ltd
021-295-1923                    www.knossos.net.nz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090417/123a4761/attachment-0002.sig>

Lanny Marcus wrote:
> My belief is that this is not possible, but there are many extremely
> knowledgeable people participating on this list and I would like to
> know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully
> updated. Browser is Mozilla Firefox v.3.0.7.
> 
> I believe both times this happened, once yesterday and once today, I
> was surfing on the web site of my favorite singer/musical group; or in
> the forum, which is a highly restricted area. Today when it happened,
> I believe I was looking at a video coming from YouTube.com
> 
> I contacted the webmaster, someone I communicate with frequently,
> thinking that something on one or more of his web pages is infected,
> but he wrote back, thinking that my box (dual boot MS Windows XP and
> CentOS on the same hard drive) is infected by this malware and that
> his web site is clean. Below is part of the description he sent me in
> an email. I have seen the pop ups, a request to install
> Install-2006-60.exe which I declined...., etc. Comes from
> <http://antispywarepcscanner.com>  Is there any way the Firefox web
> browser could have been corrupted by this, while using CentOS Linux?
>  TIA!  Lanny
My experience is that when browsing on any OS and you come across an 
error message stating that your computer is infected and you need to 
install such and such software, the web site I was visiting has an XSS 
exploit that was taken advantage of to try and get you to manually 
install a piece of malware.

Install the FireFox extension "noscript" and be very careful about
what
domains you authorize scripting from.

The fact that an XSS attack was able to give you a phony message means 
the same site could have XSS that reads your cookie and steals your 
session ID.

Noscript reduces the odds of such attacks being succesful.

On Thu, Apr 16, 2009 at 10:18 PM, Spiro Harvey <spiro at knossos.net.nz>
wrote:
> Lanny Marcus <lmmailinglists at gmail.com> wrote:
>> the forum, which is a highly restricted area. Today when it happened,
> what exactly is *it*?
Spiro: When I saw the pop ups, their file waiting for me to click, to
OK it for download, etc.
>
>> Install-2006-60.exe which I declined...., etc. Comes from
>> <http://antispywarepcscanner.com> ?Is there any way the Firefox
web
>> browser could have been corrupted by this, while using CentOS Linux?
>
> no.
Thanks! Lanny