BleepingComputer.com: Windows Rogue virus

We have a computer that's used (almost) exclusively by our kids. It had been hit a couple times by viruses, so, at my repeated urging, we finally made it a "Linux only" box. The kids have every functionality they need for school and recreation -- except Itunes. My wife is a Windows person, but still wanted to be the Admin on their computer. I didn't know that she hadn't installed NoScript. (We will!)

Tonight my daughter was on the computer doing research for a homework paper and was using a school site that linked to a science related site. All perfectly legit. As soon as she clicked on the link she was confronted by an official-looking warning screen from "Windows Web Security" that was claiming to find trojans, etc., on the "C:" (sic) hard drive, in folders like WINNT, etc.

My daughter freaked out a bit, but did exactly the right thing and called me upstairs. I told her we were in no danger -- it's Ubuntu ONLY and we don't have a C: drive, etc. I assume that the science site was hacked and that the malware executed a script within Firefox, but no actual virus could have been loaded (she doesn't have admin privileges) and it would be incompatible with Linux's file system and Operating System anyway. (But we cleared all of her browser history, cookies, etc., anyway.)

We also had a good laugh at the broken English warnings from the rogue anti-spyware!

I've linked a couple screen shots for the humor value. If I'm wrong about anything, please let me know!

Report it to the Site Administrator/Webmaster via the following:

Contact Us
Online Technical Support

> Email: support@factsonfile.com
> Phone: 1-800-322-8755 x. 4230

Online Sales Support

> Email: onlinesales@factsonfile.com
> Phone: 1-800-322-8755

Already on it.

Also, since it was for a school paper and the link was on a school resource site, I've told her to notify her teacher. Other kids, using the popular brand of OS, could have been hit already.

This post has been edited by Capn Easy: 28 October 2010 - 06:29 PM

Awesome work, and keep it up.

Thanks Capn Easy!
Good selling point for Ubuntu and instructive, too. Already sent this to other Ubuntu users.

While NoScript would have blocked the malware, I have found that many users, especially the younger
ones, will not use it properly and just choose to allow scripts globally. Your post will help to convince
them to do otherwise. Hopefully.

That is absolutely marvelous. You taught her well, too.

I will have to think about this.

Heh. When I was about 6 a similar thing happened on an Ubuntu box I was using. I raised an eyebrow and killed the browser. (I guess that shows that I'm still a nerd today.)
I've heard of sites serving rogues in both Mac and Windows flavors through user agent sniffing. I wonder if any malware writers would even offhandedly think that this could happen, or even consider an "odd user agent" option. I hope they don't.