Blackhole exploit has been doing the rounds long enough, and my Ubuntu system got infected last November back when Adobe Flash was vulnerable. I found with Wireshark that my computer was beaconing out to a Polish IP address, fortunately I had a full disk backup from a few days before so I just flattened my system and restored the backup.
The majority of these Java exploits cause massive resource usage on the browser and cause it to damn near crash. So they put a simple message on the screen like "Please wait while page loads" After its done exploiting your system they dump you back on Google, so you think nothing is wrong and carry on as normal. If you've ever seen that your computer may have been infected. My job is a Network Security Analyst and I monitor a very large network. This year I've seen Blackhole migrate from Adult sites to pretty much run-of-the-mill sites such as: Holiday, Car, Shopping, Wordpress, and Family history websites. Its no surprise these malware/viruses would progress further as exploit paths get patched. I don't like running NoScript as it turns your faithful Linux system into an annoying little brat like Windows - always asking you questions instead of just getting on with the job. My preference is to use OpenDNS and do Top Level Domain (TLD) blocking. I've set mine to block: .info - Information .cc – Cocos Islands .cn - China .vn - Vietnam .cm - Cameroon .in - India .ru - Russia .am - Armenia .tk – Tokelau .pl - Poland .co.be – .co sub-domain in Belgium .co.tv - .co sub-domain in Tuvalu That small list ends up blocking the vast majority of malicious websites. Heres a video I did showing how to setup OpenDNS in Ubuntu: http://www.youtube.com/watch?v=h2Qa1xqO2v4 Regards, Ivan
-- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
