Spyware on FreeBSD!?
frank at esperance-linux.co.uk
Tue Feb 8 18:15:32 GMT 2005
Bad news, looks like my machine has been infected with some Spyware.
I noticed that on surfing to: http://news.bbc.co.uk/ or anything under
that domain, I was getting some outgoing activity and Firefox was
after a URL (as shown by the status bar) somewhere under the domain:
A quick Google on 2o7.net confirmed my worst fears: spyware!
and a 2o7.net cookie planted on my machine.
I cached some pages in my proxy <excerpt>:
Looks like some sort of perl script which returns a 2x2 gif, whilst
harvesting your browsing habits (and screen & windowsize - by calling
I wonder if they use different sub-domains to collect stats on
different sites. This particular variant seems to be only activated by
a visit to BBC news.
I had a grovel in the source of the BBC news homepage but found no
reference to 2o7.net (For a minute I thought the BBC had turned evil
I'm going to do a little bit more investigation on it - I tried
removal by obliterating my Firefox profile but no joy. The only thing
I saved was my bookmarks file, which looks sound.
Spyware on a unix machine? Tell me it's not so! :(
I know the latter has some vulnerabilities and I'll update it in due
course (and the OS).
I think I'm going to build Links/Lynx with SSL and use that for my
banking from now on (if I can).
Anybody aware of other reports of spyware infecting Unix machines?
Anyway, I'm gutted. I feel like I've been violated and humiliated. In
short, I feel like a Windows user does everyday!!
The truth: I feel a bit pissed off but I urge people to take no action
against 2o7.net like DOS or cracking their webserver and trashing
it.....I'll do that myself ;)
print "f r a n k @ e s p e r a n c e - l i n u x . c o . u k" | sed 's/ //g'
--->PGP keyID: 0x10BD6F4B<---
More information about the Ukfreebsd