Announcement

**richb** · Dec 17, 2013, 03:26 PM

Have not clicked on the link. Suspicious.

**nemrod** · Dec 17, 2013, 03:38 PM

Originally posted by richb View Post

Have not clicked on the link. Suspicious.

Obviously Please do not click on these links Above !

**richb** · Dec 17, 2013, 03:41 PM

Thanks for the addition. May not be obvious to some.

**GreyGeek** · Dec 17, 2013, 04:00 PM

Nemrod, what kind of harm has occurred on your installation and how did you confirm it? It is just to FF or have you identified files that are obvious infections?

I browsed to track.vocliq.com and FireFox gave me this warning:

Safe Browsing

Diagnostic page for vocliq.com

What is the current listing status for vocliq.com?

Site is listed as suspicious - visiting this website may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-11-28, and suspicious content was never found on this site within the past 90 days.This site was hosted on 2 network(s) including AS14618 (AMAZON-AES), AS16509 (AMAZON-02).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, vocliq.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.

It also gave me the option to back out and not go there.

Also, Linux has a different security model than Windows, and isn't as susceptible.

The second and third sites are gaming sites that provoked no alarms. The fourth site opens an obvious redirector with promises of an iPad.

Congratulations!
You are the lucky visitor of the day, be eligible to win an iPad!

Why was I chosen (e)?
Each week, we provide (1) new brand new free iPad to one lucky visitor an app or a participating site.

Hurry!
Please respond by 2:00. Otherwise, we assign the iPad to another visitor.

**nemrod** · Dec 17, 2013, 04:48 PM

At first, thx for your quick response.

Originally posted by GreyGeek View Post

Nemrod, what kind of harm has occurred on your installation and how did you confirm it?

As Iam not a specialist, the only harm that I've seen, I've felt, is an untimetly jump to these filthies pages, when Iam reading articles on Internet. I could not say more, but, It is really disturbing. Is there any way how, and where to see log pages on Kubuntu ?

Originally posted by GreyGeek View Post

It is just to FF or have you identified files that are obvious infections?

Right now, I've just noticed it occured only in Firefox browser, and I suspect -iam not sure- some plugins, that I've installed on FF.
For Informations, I've installed 4 other browsers, as Chrome, Chromium, Seamonkey, Midori, Reckong, none of them has this problem.
My simple question : Does it exist, in Kubuntu, an antispyware ?

Originally posted by GreyGeek View Post

I browsed to track.vocliq.com and FireFox gave me this warning: .... The second and third sites are gaming sites that provoked no alarms. The fourth site opens an obvious redirector with promises of an iPad.

I think, they are all the same virus, or malware, spyware, I do not know.
What, I could say, none of my files are or would damage, it seems to be a same spyware, only on Firefox.
Chrome seems to me more resilient.

Regards.

**Danum** · Dec 17, 2013, 04:54 PM

**/track*vocliq.com/***

Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2013-11-17 10:21:17 urlQuery Client 208.73.211.247 1 EXPLOIT-KIT Redkit exploit kit landing page

http://urlquery.net/report.php?id=7766676

**GreyGeek** · Dec 18, 2013, 10:06 AM

Originally posted by nemrod View Post

.....I think, they are all the same virus, or malware, spyware, I do not know.
What, I could say, none of my files are or would damage, it seems to be a same spyware, only on Firefox.
Chrome seems to me more resilient.

Open the "Preferences" selection on the "Edit" menu and select the "Security" tab. Make sure the first three check boxes are checked. Then you'll get warnings about infected destinations (IF FireFox knows about them.) As far as inadvertently jumping to undesirable pages, perhaps using the /etc/hosts file as a filter would help. Use the Kubuntu search option and search for a posting by Steve Riley about the host file. He has a neat script that keeps it automatically updated with all the sites you'd want to avoid, and you can add others yourself. It's a great tool to have on you system if you have children using a browser. Since they can't use sudo they can't change the hosts file.

**nemrod** · Dec 19, 2013, 03:29 PM

Sorry, I could not answer you immediatly, because, I had much work, chiefly before Xmas hollydays.

Originally posted by GreyGeek View Post

Open the "Preferences" selection on the "Edit" menu and select the "Security" tab. Make sure the first three check boxes are checked.

The first three were checked.

Originally posted by GreyGeek View Post

Then you'll get warnings about infected destinations (IF FireFox knows about them.)

Very good remarq, because, I forgot to tell you that, indeed, each time when FF jump to http://___track____vocliq___com/, I had message warning me it is Reported Attack Page! site. Indeed, I forgot to mention it.

Originally posted by GreyGeek View Post

As far as inadvertently jumping to undesirable pages, perhaps using the /etc/hosts file as a filter would help.

In my root, I have not this tree /etc/hosts/ none track of hosts folder. Do you mean I will have to create this new folder ?

Originally posted by GreyGeek View Post

Use the Kubuntu search option and search for a posting by Steve Riley about the host file. He has a neat script that keeps it automatically updated with all the sites you'd want to avoid, and you can add others yourself. It's a great tool to have on you system if you have children using a browser. Since they can't use sudo they can't change the hosts file.

Do you mean this link :
https://www.kubuntuforums.net/showth...ing-hosts-file
If this is the case, I will launch after this week-end, or after Xmas. Because, as you guess, very busy. Once I will apply this script, I will get back to you, in order to give you feedback.
Thx you very much GreyGeek, thx very much for helping me.

Regards.

**GreyGeek** · Dec 19, 2013, 07:41 PM

Do you mean this link :
https://www.kubuntuforums.net/showth...ing-hosts-file
If this is the case, I will launch after this week-end, or after Xmas. Because, as you guess, very busy. Once I will apply this script, I will get back to you, in order to give you feedback.

Yes, that is the correct link.

Every Kubuntu installation has the /etc/hosts file. If it is the default file it will contain something like this:

127.0.0.1 localhost
127.0.0.1 jerry-v3-771g

of course, you system will have a different 2nd line. There is also two other files in /etc/: hosts. allow and hosts.deny. Each contains a description inside itself that briefly describes what it does. You can also search google for additional information.

**nemrod** · Dec 26, 2013, 03:46 PM

Originally posted by GreyGeek View Post

Yes, that is the correct link.

Every Kubuntu installation has the /etc/hosts file. If it is the default file it will contain something like this:

of course, you system will have a different 2nd line. There is also two other files in /etc/: hosts. allow and hosts.deny. Each contains a description inside itself that briefly describes what it does. You can also search google for additional information.

Hello GreyGeek.
I launched the script at the middle of the afternoon. Untill now, I did not see any track of these untimely sites like track.vocliq.....
I think, now, I could not ask you to close this topic. I would prefer to wait at least a week, after that you can tag this subject as solved. I will keep you updated.

Many thx for your help.

Happy new year to you all.

**nemrod** · Dec 29, 2013, 06:01 AM

Hello GreyGeek.
Feedback about the scripts you proposed me.
After few days, the untimely links are still presents. I applied the script, I restarted kubuntu. However the links undesired links are still here.

Regards.

**GreyGeek** · Dec 29, 2013, 05:28 PM

Let's say that you browse to http://www.somewebssite.com in firefox...

firefox first tries to resolve somewebssite.com with help of local resolver ( libresolve.so ), then
the first check is either file (which means "/etc/hosts") or dns (which means /etc/resolv.conf"). Which is first depends on the setting in "/etc/nsswitch.conf", in the line "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4".
so it defaults to search in the file "/etc/hosts" first,
if somewebssite.com is not matched in "/etc/hosts" then it will refer to "/etc/resolv.conf", where it's check the nameserver tag. If nameserver is not configured then resolver send dns Query to localhost on port 53,
if nameserver defines "nameserver 8.8.8.8", for example, then it will send a query to "dig google.com @8.8.8.8", getting answer from the pubic dns.

If you don't want Firefox to visit track.vocliq.com then add the line"
127.0.0.1 track.vocliq.com
to /etc/hosts, and Firefox will get nothing from track.vocliq.com because the localhost won't supply anything. Great way to keep the kids off of pornsite.com.

**Feathers McGraw** · Dec 30, 2013, 07:12 AM

Originally posted by GreyGeek View Post

If you don't want Firefox to visit track.vocliq.com then add the line"
127.0.0.1 track.vocliq.com
to /etc/hosts, and Firefox will get nothing from track.vocliq.com because the localhost won't supply anything. Great way to keep the kids off of pornsite.com.

An optional extra: configure Apache to listen on localhost and serve a selection of images of you looking disapproving.

Then every time a "forbidden" site is visited they get a scare

hehe

**oshunluvr** · Dec 30, 2013, 04:50 PM

Originally posted by Feathers McGraw View Post

An optional extra: configure Apache to listen on localhost and serve a selection of images of you looking disapproving.

Then every time a "forbidden" site is visited they get a scare

hehe

lol, mine just says: "Daddy is watching!"

Announcement

[Kubuntu 13.04] How to remove these virus http://track.vocliq.com/, and few others

[Kubuntu 13.04] How to remove these virus http://track.vocliq.com/, and few others

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment