Lanny Marcus wrote:
My belief is that this is not possible, but there are many extremely knowledgeable people participating on this list and I would like to know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully updated. Browser is Mozilla Firefox v.3.0.7.
I believe both times this happened, once yesterday and once today, I was surfing on the web site of my favorite singer/musical group; or in the forum, which is a highly restricted area. Today when it happened, I believe I was looking at a video coming from YouTube.com
I contacted the webmaster, someone I communicate with frequently, thinking that something on one or more of his web pages is infected, but he wrote back, thinking that my box (dual boot MS Windows XP and CentOS on the same hard drive) is infected by this malware and that his web site is clean. Below is part of the description he sent me in an email. I have seen the pop ups, a request to install Install-2006-60.exe which I declined...., etc. Comes from http://antispywarepcscanner.com Is there any way the Firefox web browser could have been corrupted by this, while using CentOS Linux? TIA! Lanny
My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware.
Install the FireFox extension "noscript" and be very careful about what domains you authorize scripting from.
The fact that an XSS attack was able to give you a phony message means the same site could have XSS that reads your cookie and steals your session ID.
Noscript reduces the odds of such attacks being succesful.