Ceci est une ancienne révision du document !
On Thursday, March 13, 2014, I had a scary experience. I was using my computer remotely, using teamviewer, and opened a link in an advertisement to the website www.optionrepublic.nl This site was opening very slowly. I used Chromium and there was a message in the lower left corner saying it was waiting for some other website. I was at work, so I did not have the time to wait and continued working, leaving the chromium window open and minimizing the teamviewer window, so I could not see what happened at home. After some time I decided to look if the page has loaded and restored the teamviewer window. What I saw scared the hell out of me. The mouse was moving, opening the menu, starting the terminal. Some wget … command was copied and executed and the resulting …linux.tar.gz file expanded. When nano was started to edit some (system) file I unfroze. I did not want to wait to see if the intruder also found a way around the system password and simply shut the computer down. I do not think the intruder hacked his way into my computer through teamviewer.
Le jeudi, 13 mars, 2014, j'ai eu une expérience effrayante. J'utilisais mon ordinateur à distance, avec teamviewer, et j'ai ouvert un lien dans une publicité vers le site Web www.optionrepublic.nl
Le site s'ouvrait très lentement. J'utilisais Chromium et il y avait un message dans le coin à gauche en bas disant qu'il attendait un autre site Web. J'étais au boulot et je n'avais donc pas le temps d'attendre et j'ai continué à travailler, en laissant la fenêtre de Chromium ouverte et en minimisant la fenêtre de teamviewer, ce qui voulait dire qu'il m'était impossible de voir ce qui se passait à la maison.
I think the site I opened was a malware site, downloading and opening a teamviewer-like program to take over my computer. If I did not see it happening, he would have started a trojan horse, hoping to catch my password and install something at system level. I changed my teamviewer password as well as several others, using my not-infected laptop and reinstalled Ubuntu from scratch on my home computer.
This experience proves we may not assume that Linux is safe to use and cannot be infected. Through a bad website all kinds of software can be loaded temporarily and used to infect your computer.
So, in conclusion, the best advice is: if it takes long to load a website: close the window, something bad is creeping in.
Michael Boelen: Malware on websites is definitely a common threat. The risk of getting infected via this method can be lowered by avoiding suspicious websites. Another proper way is to keep your browser fully updated at all cost. Each flaw in the browser will sooner of later be misused, directly via the website you are browsing or via a third-party website (e.g. advertising). In this case, Theo might be right and the website might be slow due to the malicious code freezing up the browser. Generally this is the cause due to the code trying to fit in “wrong data” in different memory locations, with the hope to load a malicious payload. On the other hand, a website might be simply slow because of the server being busy, or dealing with way too many clients and waiting for resources to free up. Advice I would give the readers is to use an up-to-date browser. Use addons like NoScript to prevent any javascript or similar from running (unless you trust it). Also scan your system on a regular basis with tools like ClamAV, Lynis, Rootkit Hunter, or any commercial anti-malware scanners.