[sf-lug] "RANSOM VIRUS" ATACHED TO WEB SITE?

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Jun 8 00:42:25 PDT 2017


Nice catch on Startpage!

I'd presumed incorrectly earlier on what that mention was.
Researching a teensy bit, I find:
apparently no corresponding package for Ubuntu "Xenial Xerus" 16.04[.x],
ditto for current Debian stable (+ backports)
searching a bit I find:
https://addons.mozilla.org/en-us/firefox/addon/startpage-https-privacy-search/
I notice:
a grand total of (a mere) 22 reviews (for an add-on dating from 2009-07-13)
looks like there's only ever been just the one version - from 2009-07-13
(no enhancements, bug fixes, security fixes, nothing for nearly 8 years!)
6,463 weekly downloads - that's pretty dang scary considering the above bits.
Presuming that's what's installed, how many dubious packages,
add-ons/plug-ins, and/or other software that's not from the distribution's
repository?
Guessing from the descriptions, and such, and "support" link, etc.
looks like the plugin probably just runs all the searches through
https://www.startpage.com/
peeking at whois ... - yeah, registrant hidden behind one of those proxy
services.
And what do we get for top two search result for startpage.com - if we exclude
results from startpage.com itself?
https://www.google.com/#q=-site:startpage.com+%22startpage.com%22
https://en.wikipedia.org/wiki/Ixquick#Startpage.com
(with a metion at:
https://en.wikipedia.org/wiki/Ixquick#Startpage.com
)
And search result #2:
Startpage.com is infected by trojans (this is the default search  
engine in fire and water foxes)
https://support.mozilla.org/en-US/questions/1046723
... "infected by JS:ScriptIPinf[Trj]"
(and why, pray tell, does Mozilla have it so readily as an install, with
no particularly clear caveats or warnings at all?
"Welcome to Firefox Add-ons.  Choose from thousands of"
*thousads*?  Seems rather excessive to me).

> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] "RANSOM VIRUS"  ATACHED TO WEB SITE?
> Date: Wed, 7 Jun 2017 23:02:20 -0700

> Quoting Mikki (mikkimc at earthlink.net):
>
>> I had just recently learned of Startpage, and it is called up after
>> getting firefox.               ^^^^^^^^^`
>
> Um, whoa, there.  Startpage?
>
> I'm finding mention of a proprietary Firefox extension called 'Startpage
> HTTPS Privacy Search Engine'
>
>    Add Startpage - The World's Most Private Search Engine - to your
>    search box.
>
> So, I'm guessing you have been adding at least this if not also other
> software from who-knows-where that was not packaged by your Linux
> distribution (Ubuntu).  When you install software from dubious sources,
> you end up doing so with root authority (using sudo, on Ubuntu), so you
> really have absolutely no idea, and no control over, what that software
> does.  This is an incredibly bad idea, and among other things exposes
> you to serious security threats.
>
> You don't need clamav.  You need to be (a lot) more careful about basic
> security (IMO).




More information about the sf-lug mailing list