adf.ly malware on my computer
I am currently running Xubuntu 12.04. I have noticed today something different about my computer. Whenever I browse the internet, my browsing will occasionally be interupted by a redirect to a website called adfly. My adblocker, as well as extra plugins designed to thrwart the redirection don't work, as the intrusive ads do have a "redirect" option, supposedly to redirect me to where I wanted to go in the first place, but it ends up redirecting to google. So far, I haven't found any information on how to remove the malware from my linux system.
I seriously want to strangle whoever had the balls to make that ad program....what was he thinking?!
Fogman
Veteran
Joined: 19 Jun 2005
Age: 57
Gender: Male
Posts: 3,986
Location: Frå Nord Dakota til Vermont
Fogman
Veteran
Joined: 19 Jun 2005
Age: 57
Gender: Male
Posts: 3,986
Location: Frå Nord Dakota til Vermont
Apparently it's not malware: http://adf.ly/
Are even NoScript and AdBlock Plus failing to block them?
_________________
Giraffe: a ruminant with a view.
Fogman
Veteran
Joined: 19 Jun 2005
Age: 57
Gender: Male
Posts: 3,986
Location: Frå Nord Dakota til Vermont
adyf.ly could also be using persisant storage in your browser cache as well, so you might want to set your browser to not keep cahed web content. In Firefox, this is accomplished thusly:
go to Edit>Preferances>Advanced, then select the 'Network' tab, and look on the bottom of that tab, where it says 'Offline Web Content and User Data'. You will see a box that has a list of sites using persistant content storage on your computer. Click the 'Clear Now' button for this section, which will clear them out, and then go to the checkbox on the top left hand side of the box that listed the sites that used persistant storage and add a check to the box, which will at least ask you when a website tries to install 'helper' apps for a website.
Furthermore, if you happened to see 'adf.ly' amongst the list of sites that were using persistant storage on your computer, click the 'Exceptions...' button immediately below the 'Clear Now' button, and copy/paste the adf.ly entry into the box that pops up to ensure that the site is not allowed to use persistant storage on your machine.
_________________
When There's No There to get to, I'm so There!
Malware on Linux is about as common as hen's teeth.
Well, nothing much: links etc just work as expected and there seems to be no adf.ly present at all; checking the list of scripts blocked by NoScript, I see... adf.ly.
So maybe you should install it ASAP!
_________________
Giraffe: a ruminant with a view.
I found noscript to be a little bit intimidating to use, although thanks for telling me that the script specifically shows adfly among them. I find some scripts useful, so maybe I can block adf.ly ones alone. And yes, I've had the adf.ly problem on other websites, not just deviantart. Occasionally even on the school website I have to access every day. Just a few seconds ago, it even occured on this site.
Second of all, I know that it's malware because of the fact that nobody else has the same problem. I've also looked up malware on linux, and found out that even though it's not as effective, it does indeed work on wine, and I have wine on my system.
I wouldn't be so angry about this if the damned adf.ly s##t would only redirect me to the link's original destination, which it never does. It always links to google, or whatever website was being advertized, like Pirate 101 or stuff like that.
I know you said it wasn't malware, but this worked of or me renoving several viruses a long time ago...a programme called malwarebytes that you can download, the free version works just as well. Redirect viruses can redirect you to pages filled to the brim with viruses and worms an Trojans and god knows what else. I had one a while back. Not the same one you have though.
Good luck. I know how frustrating viruses are.
I'd like to see sources on that information.
UNIX-like systems impose such a heavy separation between privileged and unprivileged processes, as well as user and system files, that it's virtually impossible for regular use of software to lead to malware infection. Just because it's only happening for you doesn't necessarily mean it's a virus (if it were a virus, other people would have things like this happen, and a fix would have been released quickly), and the odds of such a thing are so low that it may as well be discounted alongside gremlins and demonic possession as far as troubleshooting is concerned. Even with wine, you'd really have to go out of your way to help a Windows-based virus infect the Linux system, assuming that it would even work to begin with.
I would say, try temporarily creating another user on your system and using the browser as that user, to see if the problem still happens.
You can do that on a terminal with:
where '$otherusername' is something other than your existing login (you'll probably have to prefix the command with 'sudo'), and then,
assuming you use firefox as a browser.
If the problem goes away, then it's something in your firefox configuration.
He's running Linux, so not only will Malwarebytes not run, it's utterly pointless.
EDIT: If this is happening while browsing deviantART, it's also entirely possible that dA occasionally redirects through adf.ly as part of its advertising policy, or that users link their works through it (which is also a common practice amongst Minecraft modders; I absolutely hate it). I'm not a regular browser of dA, so I really couldn't comment authoritatively; except that you might keep an eye on the statusbar when clicking links to see if they use the adf.ly URL shortening.
Last edited by drh1138 on 24 Mar 2013, 3:05 pm, edited 1 time in total.
If you check the adf.ly site I linked a few posts back you'll see that it works through scripts and if those scripts are allowed to run, most likely the default situation for many browsers, then it will be intrusive and annoying irrespective of the OS and the browser.
I Googled stopping adf.ly which turned up quite a bit that may be of interest to you, and all of it involved preventing or bypassing the sneaky tricks the adf.ly scripts try to pull with your browser. There is no malicious code installed because (quite apart from it being commercial suicide) there is no reason to do so.
Linux is totally and utterly different in its operation and it is impossible for Windows malware to affect it, because the Windows-related vulnerabilities (caused by specific flaws in specific parts of Windows OS code) simply do not exist in Linux. I don't just mean that it is basically "more secure" than Windows; more that the code which malware expects to use as an easy infection route is not present at all - quite apart from the many, many other differences in the way the OS works.
It's like saying that an insult spoken in French will also be offensive to someone understanding German only. It's never going to happen.
I suggest you Google for wine malware for a wider description.
ETA: plus everything drh1138 said, who posted while I was writing this.
_________________
Giraffe: a ruminant with a view.