Re: How do I stop this malware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 26 Sep 2023 12:06:46 -0500 (CDT)
Michael Hennebry <hennebry@xxxxxxxxxxxxxxxxxxxxx> wrote:

> I stumbled onto a very bad website:
> d1ykbfcai6wsme dot cloudfront dot net slash werrx01 slash
> phone=+1 dash 888 dash 387 dash 3976 &# .

> firefox went fullscreen and kept telling me that
> my computer was locked because, without my knowledge,

> The mouse would only show up on the
> always-on-top window of an expired timer.
 
> How is that sort of thing done and
> how do I keep it from happening again?

I think it is done by running javascript through your version of
firefox.  Do you have noscript add-on installed?  That will block any
javascript from a site, and you will have to turn on the urls that you
want to be able to run javascript.  I'm not sure how effective that
would be in this case, since cloudfront.net is often needed because many
sites use it as their host.  But, I expect that the problem url would
show up differently in noscript, and you would be able to leave it
disabled.  Usually, cloudfront.net is disabled automatically for
other urls.  I'm not willing to test that expectation, for obvious
reasons. :-)

You could test whether this is the solution by installing noscript,
shutting down and restarting firefox to clear the cache of allowed
sites (that is a setting in the privacy tab), and then visiting the
site again. The site should be blocked, and you can click on the
noscript icon to see the list of urls that have been blocked from
running javascript.  If you want to experience the thrill again, you
can allow javascript from the above problem address for confirmation.
Then, turn it off, and the recovery is what you have already discovered.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux