[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Fri Apr 17 04:14:18 UTC 2009
Michael A. Peters <mpeters at mac.com>

Lanny Marcus wrote:
> My belief is that this is not possible, but there are many extremely
> knowledgeable people participating on this list and I would like to
> know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully
> updated. Browser is Mozilla Firefox v.3.0.7.
> 
> I believe both times this happened, once yesterday and once today, I
> was surfing on the web site of my favorite singer/musical group; or in
> the forum, which is a highly restricted area. Today when it happened,
> I believe I was looking at a video coming from YouTube.com
> 
> I contacted the webmaster, someone I communicate with frequently,
> thinking that something on one or more of his web pages is infected,
> but he wrote back, thinking that my box (dual boot MS Windows XP and
> CentOS on the same hard drive) is infected by this malware and that
> his web site is clean. Below is part of the description he sent me in
> an email. I have seen the pop ups, a request to install
> Install-2006-60.exe which I declined...., etc. Comes from
> <http://antispywarepcscanner.com>  Is there any way the Firefox web
> browser could have been corrupted by this, while using CentOS Linux?
>  TIA!  Lanny

My experience is that when browsing on any OS and you come across an 
error message stating that your computer is infected and you need to 
install such and such software, the web site I was visiting has an XSS 
exploit that was taken advantage of to try and get you to manually 
install a piece of malware.

Install the FireFox extension "noscript" and be very careful about what 
domains you authorize scripting from.

The fact that an XSS attack was able to give you a phony message means 
the same site could have XSS that reads your cookie and steals your 
session ID.

Noscript reduces the odds of such attacks being succesful.