[Gllug] Unasked for plugin "installed"

[Ian Norton]

On Wed, Sep 29, 2004 at 10:34:53PM +0100, M.Blackmore wrote:
> On my wifes computer just a few minutes ago a link brought up an 
> unexpected window saying a plugin "content adviser" summat or other had 
> been installed into Mozilla 1.6...
> 
> ?Que?!!
> 
> Was this malware? I had a look through the various mozilla folders for 
> plugins and couldnt' find anything remotely like this. Or would that 
> have been a smokescreen?
> 
> Suse 9.0, online updated ironically only an hour or so before.

Wierd...
 
> Should I wipe the disk and reinstall? Panic panic panic

Unless she was root or was in sudoers you dont really need to do that.

could it have been one of those nasty popups that look like a dialog box? (do
you have that wine crossover plugin thing installed ?)

(there is/was a nasty vuln with sudo where some basic trickery can allow
_anyone_ to view the content of _any_ file, - maybe there are others)

I suggest  you list all files that belong to her AND that are world writable. I
dont expect that there are that many, you should be able to interrogate those
one by one with some scripting to see if they are scripts or elf binaries,

If you dont find anything and are still worried, delete all her files (copy out
the ones you _know_ are safe)

Good Luck, 

> -- 
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug

-- 
/* www.darkspace.org.uk {
 web development, application development, consultancy, firewalls 
 */
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug