*** This bug is a security vulnerability *** Public security bug reported:
Ubuntu 12.10 Quantal AMD64, all updates applied as of 2013/01/08. My Chromium browser got infected by the Google Redirect "Findgala" malware. Symptoms : When a google results page is displayed, Chromium replaces all results links by a link to some numerical-IP URL that causes clicking on the "result" to reroute to a "findgala.com" webpage, which pretends to be another search engine results page, but actually is a scam / malware hosting site (WOT extension screams !). After shutting down Chromium then restarting it, it takes some times, then the infected behavior starts again. I have no clue about what this malware exactly does in Chromium, nor how to remove it :-( I assume it only can put the mess in Chromium, possibly my home dir, but not affect my base system ? All the information I could find about this on the web relates to infected Windows machines, and state that : a/ Removing this malware is extremely difficult (?) b/ It can be done using Windows "malware eradication software", which of course is not made for Linux. I would consider killing my home dir Chromium config and restore a backup, however I'm not sure it would be enough. This is the 1st actual "infection" (not talking about security breaches or exploits...) I see myself in 17+ years being a Linux professional ! Advice/help would be highly appreciated ! ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: chromium-browser 22.0.1229.94~r161065-0ubuntu1 ProcVersionSignature: Ubuntu 3.5.0-21.32-generic 3.5.7.1 Uname: Linux 3.5.0-21-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.6.1-0ubuntu9 Architecture: amd64 CheckboxSubmission: 1ea6109db29b53f721a523a77b7f3abf CheckboxSystem: d00f84de8a555815fa1c4660280da308 Date: Tue Jan 8 18:57:06 2013 Desktop-Session: DESKTOP_SESSION = cairo-dock XDG_CONFIG_DIRS = /etc/xdg/xdg-cairo-dock:/etc/xdg XDG_DATA_DIRS = /usr/share/cairo-dock:/usr/share/gnome:/usr/local/share/:/usr/share/ EcryptfsInUse: Yes Env: MOZ_PLUGIN_PATH = None LD_LIBRARY_PATH = None MarkForUpload: True SourcePackage: chromium-browser UpgradeStatus: Upgraded to quantal on 2012-08-28 (133 days ago) chromium-default: CHROMIUM_FLAGS="" gconf-keys: /desktop/gnome/applications/browser/exec = b'/usr/bin/chromium-browser\n'/desktop/gnome/url-handlers/https/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b'ubuntu-mono-dark\n'/desktop/gnome/interface/gtk_theme = b'Ambiance\n' ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal ** Attachment removed: "DiskUsage.txt" https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1097377/+attachment/3477222/+files/DiskUsage.txt ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1097377 Title: Chromium browser infected by Google redirect "Findgala" malware To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1097377/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs