Virus Reboots / Warning

I rebooted mail and ftp/www today at 1:15 PM Pacific time because it was the quickest way to stop a virus from propagating.

Last night I went to CraigsList looking for a cheap streaming device, preferably a Wii console, and I’m not sure if I went to the right place (I went to www.craigslist.com).  I got a banner telling me I’d won an Ipad and then it sent me to a bunch of surveys which were virus laden and managed to infect the Mac workstation I use with four viruses, (this is the first time I’ve seen viruses successfully infect a Unix based system since 1995).  It actually infected some aspect of TenFourFox, a PPC power of Firefox web browser.  If I shut the browser down the virus is inactive.

Sophos anti-virus detected it, but at least when run from an ordinary user account it wasn’t able to delete it. I’m running a full-scan now from the System Admin account with more aggressive settings on the scan hoping that will remove it, if not I’ll have to go virus hunting manually.

At any rate, if you go to CraigsList and get a screen telling you that you’ve won an Ipad, DON’T FOLLOW THE LINK, close the tab and start over.

If you find your mail session in Pine or an IMAP client suddenly goes read-only, or if you see the “delete” button disappear on web mail, that is a symptom of this virus because it causes your browser to open an IMAP session with your account information and that interferes with your real session.

And actually there were two copies of MyDOOM and two other viruses and I don’t at this point know which was doing what.  But whatever these are, they exploit something in Firefox and can affect Mac’s (and I’d be willing to bet by extension Linux since the protections and privileges of the two operating systems are pretty much the same).

Leave a Reply