Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
StMechanus2014-04-25 13:36:19
contextual advertising
StMechanus, 2014-04-25 13:36:19

Adware virus in Ubuntu and Windows

I don't really know where to even begin. The fact is that just a couple of days ago I managed to pick up an Adware virus on Ubuntu, and later, when I did a little research, it turned out that all computers in our network were infected. The essence of the virus, as far as I understand, is the addition of pages in any browser with advertisements that are not blocked by AdBlock. After digging around on the Internet and not finding a solution, I decided to try to cure the system myself. First of all, I looked at what Get requests are being executed on the pages. It turned out that on any page in any browser, an iframe is always loaded, which actually shows ads.
We load the frame with the address vseogames.com - a site for games.
Also, in get requests, there are always calls to mobnumbers.com. JS code is loaded.
The funny thing is that this ad is loaded even in the Steam browser.
I tried to find a file in the system that loads this iframe (it always has a static ID), but found nothing.
For the time being, as a temporary patch, I wrote a Chrome extension that removes this iframe from the pages, and also set up a redirection of the mobnumbers domain to localhost.
What ideas do you have about finding and eliminating this virus? Again, it is present on all computers on the network, in Windows and Ubuntu.
Before that, I had never encountered such a problem. Windows systems have antiviruses and firewalls. And in Ubuntu, I didn’t expect at all that you could pick up a virus

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

8 answer(s)
Report
T
Tolik, 2014-04-25
@StMechanus

Based on other answers, I must agree about the router! But I will add: it can be a stupid replacement for the DNS server.
PS Whatever it is, I advise you to install Google, it is supposedly faster (what?)
If it turns out that the router, then:
1) Reset settings
2) If it didn’t help, reflash
in any case: put a normal password on the router (and on WiFi, if it is, you can also put it harder)
Since there is an audience for Linux, it’s small. So why should they write a virus specifically for it?

Report
H
hOtRush, 2014-04-25
@hOtRush

somehow strange, maybe your router / modem is infected?

Report
J
jurasarts, 2014-04-25
@jurasarts

Once the entire network is infected, then first of all it is necessary to look at the router, especially if the virus even infected Ubuntu.

Report
P
Pavel Vasterov, 2014-04-25
@zxc80

What is the question? Look here -> en.wikipedia.org/wiki/Computer_security_conference , I think your level allows it.

Report
V
v_prom, 2014-04-25
@v_prom

install clamav on ubuntu. maybe he will find it.

Report
N
Nikolay Shamanovich, 2014-04-25
@Shm13

Survived - viruses on ubunt. And if you try to access the Internet not from this network?

Report
O
Oyc, 2014-04-25
@Oyc

on ubuntu try to remove all add-ons from the browser (add-on)... some of them like friGate can do similar things.

Report
S
StMechanus, 2014-04-27
@StMechanus

Thank you all for your help. The virus really ended up in the router. Resetting to factory settings solved the problem

Similar questions
L
LebedevStr2017-10-14 21:41:05
How do Adwords coupons work? 1Reply
F
fortoster2017-10-31 11:42:01
Where is the Adwords ad? 1Reply
A
Artihardy2020-03-15 11:07:29
Why is contextual advertising dumb? 4Reply
D
Damir I2017-12-17 20:04:38
What would you recommend contextual advertising management systems? 1Reply
P
Pavel2018-01-24 16:50:13
Does a site become commercial if it shows ads? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question