Spyware on FreeBSD!?

Frank Shute frank at esperance-linux.co.uk
Tue Feb 8 18:15:32 GMT 2005

Bad news, looks like my machine has been infected with some Spyware.

I noticed that on surfing to: http://news.bbc.co.uk/ or anything under
that domain, I was getting some outgoing activity and Firefox was
after a URL (as shown by the status bar) somewhere under the domain: 


A quick Google on 2o7.net confirmed my worst fears: spyware!

and a 2o7.net cookie planted on my machine.

I cached some pages in my proxy <excerpt>:



Looks like some sort of perl script which returns a 2x2 gif, whilst
harvesting your browsing habits (and screen & windowsize - by calling
Javascript functions in Firefox?)

I wonder if they use different sub-domains to collect stats on
different sites. This particular variant seems to be only activated by
a visit to BBC news.

I had a grovel in the source of the BBC news homepage but found no
reference to 2o7.net (For a minute I thought the BBC had turned evil
on me!)

I'm going to do a little bit more investigation on it - I tried
removal by obliterating my Firefox profile but no joy. The only thing
I saved was my bookmarks file, which looks sound.

Spyware on a unix machine? Tell me it's not so! :(




I know the latter has some vulnerabilities and I'll update it in due
course (and the OS).

I think I'm going to build Links/Lynx with SSL and use that for my
banking from now on (if I can).

Anybody aware of other reports of spyware infecting Unix machines?

Anyway, I'm gutted. I feel like I've been violated and humiliated. In
short, I feel like a Windows user does everyday!! 

The truth: I feel a bit pissed off but I urge people to take no action
against 2o7.net like DOS or cracking their webserver and trashing
it.....I'll do that myself ;)



print "f r a n k @ e s p e r a n c e - l i n u x . c o . u k" | sed 's/ //g'

                      --->PGP keyID: 0x10BD6F4B<---                          

More information about the Ukfreebsd mailing list