*** This bug is a security vulnerability ***
Public security bug reported:
Ubuntu 12.10 Quantal AMD64, all updates applied as of 2013/01/08.
My Chromium browser got infected by the Google Redirect "Findgala"
malware.
Symptoms :
When a google results page is displayed, Chromium replaces all results
links by a link to some numerical-IP URL that causes clicking on the
"result" to reroute to a "findgala.com" webpage, which pretends to be
another search engine results page, but actually is a scam / malware
hosting site (WOT extension screams !).
After shutting down Chromium then restarting it, it takes some times,
then the infected behavior starts again.
I have no clue about what this malware exactly does in Chromium, nor how
to remove it :-(
I assume it only can put the mess in Chromium, possibly my home dir, but
not affect my base system ?
All the information I could find about this on the web relates to
infected Windows machines, and state that :
a/ Removing this malware is extremely difficult (?)
b/ It can be done using Windows "malware eradication software", which of
course is not made for Linux.
I would consider killing my home dir Chromium config and restore a backup,
however I'm not sure it would be enough.
This is the 1st actual "infection" (not talking about security breaches
or exploits...) I see myself in 17+ years being a Linux professional !
Advice/help would be highly appreciated !
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: chromium-browser 22.0.1229.94~r161065-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-21.32-generic 3.5.7.1
Uname: Linux 3.5.0-21-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.6.1-0ubuntu9
Architecture: amd64
CheckboxSubmission: 1ea6109db29b53f721a523a77b7f3abf
CheckboxSystem: d00f84de8a555815fa1c4660280da308
Date: Tue Jan 8 18:57:06 2013
Desktop-Session:
DESKTOP_SESSION = cairo-dock
XDG_CONFIG_DIRS = /etc/xdg/xdg-cairo-dock:/etc/xdg
XDG_DATA_DIRS =
/usr/share/cairo-dock:/usr/share/gnome:/usr/local/share/:/usr/share/
EcryptfsInUse: Yes
Env:
MOZ_PLUGIN_PATH = None
LD_LIBRARY_PATH = None
MarkForUpload: True
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to quantal on 2012-08-28 (133 days ago)
chromium-default: CHROMIUM_FLAGS=""
gconf-keys: /desktop/gnome/applications/browser/exec =
b'/usr/bin/chromium-browser\n'/desktop/gnome/url-handlers/https/command =
b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/https/enabled =
b'true\n'/desktop/gnome/url-handlers/http/command = b'/usr/bin/chromium-browser
%s\n'/desktop/gnome/url-handlers/http/enabled =
b'true\n'/desktop/gnome/session/required_components/windowmanager =
b''/apps/metacity/general/compositing_manager =
b''/desktop/gnome/interface/icon_theme =
b'ubuntu-mono-dark\n'/desktop/gnome/interface/gtk_theme = b'Ambiance\n'
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug quantal
** Attachment removed: "DiskUsage.txt"
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1097377/+attachment/3477222/+files/DiskUsage.txt
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1097377
Title:
Chromium browser infected by Google redirect "Findgala" malware
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1097377/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
