Research shows antivirus products vulnerable to attack

Well that's the smart thing right there to be looking at! Common sense put to use!

In fact when people utter how much safer the other OS is and why you don't need anywhere near as much protection... Surprise! One Linux Mint site was just hacked to see the iso downloads laced with a new malware! Linux Mint while not as old as other distro grew popular faster being more Windows user orientated to draw the crowds and once something get popular it becomes a target as well!

The key thought for the day would be "Think before you leap"!

Cr00zng said:

Fedora, Debian, etc., all had their ISOs laced with malware at one point or another in their history, this is nothing new. What's new with Linux Mint is that the site is still down, instead of resuming operation like others did after the security breach has been identified and remediation completed.

While Linux Mint is popular, it is generally very bad when it comes to security. Linux Mint does not issue security advisory for their distribution and security updates are disabled by the default. Yes, one can enable the security updates, but how many people coming from the world of Windows actually know and do this?

Interesting discussion about the Linux Mint ISO compromise here...

Well as I have said all along Linux isn't so safe and secure as many would believe! Bugs and viruses for Linux is actually old news at this time and date as well as bugs for the Fruit company having been seen over the years. What is interesting about UNIX by itself however is that even MS utilizes it was well as the other guy's OS. UNIX was developed primarily for the web. HTML: The UNIX Platform

As for the page you have there the news will move fast on the various Linux blogs for sure! That spread like wild fire when you consider PC World or ZD Net carrying news on anything Linux as well as MS you can be sure of that. You can see the ZD Net report on this at Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads | ZDNet

Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads

The hacker said their prime motivation for the backdoor was to build a botnet.



By Zack Whittaker for Zero Day | February 22, 2016 -- 01:28 GMT (17:28 PST) | Topic: Security



A lone hacker who duped hundreds of users into downloading a version of Linux with a backdoor installed has revealed how it was done.


(Image: file photo) News broke on Saturday that the website of Linux Mint, said to be the third most-popular Linux operating system distribution, had been hacked, and was tricking users all day by serving up downloads that contained a maliciously-placed "backdoor."


The surprise announcement of the hack was made Saturday by project leader Clement Lefebvre, who confirmed the news.


Lefebvre said in a blog post that only downloads from Saturday were compromised, and subsequently pulled the site offline to prevent further downloads.


The hacker responsible, who goes by the name "Peace," told me in an encrypted chat on Sunday that a "few hundred" Linux Mint installs were under their control -- a significant portion of the thousand-plus downloads during the day.


But that's only half of the story.

The report there goes on to explain how the forum itself had been breached and about 71, 000 accounts were loaded into it!

I ran right smack into a scam site while searching for a micro atx board finding the link right on a regular shopping site. Anyone can pay for a link to be listed on these types of sites. Later I ran into a thread on the consumercomplaint.com site about the same site only have been up a few months..

The site even had the "https:" in the address "S" being secure and finding no one ever got anything they ordered! It goes to show you never know just what you are going to run into out on the web! While your av program won't be able to tell you about fraud sites having web filtering protections can however steer you away from malicious coding or suspect sites if something doesn't seem right.

This is why paying that little bit more for an internet security suite over just the typical av only software will be a much greater preventative measure. If you can't get to a bad site due to it being blocked you can't get infected with anything.

slyphnier said:

well rather than saying things, why not show some real prove, tell us those scam sites u found
or else what true from your saying ?

anyway google have been filtering out web (not sure since when, but i think already few years), its not perfect but it works okay
and either chrome and firefox (other browser might too, but as i only use firefox so i am not sure) integrating the database ... so when u visit a "filtered" sites u will get unsafe notice
it even prevent/block any download by default (even if the downloaded files are clear), so u cant download anything from "flagged" sites...
now if the sites is real scam and lots people visit it, then it should be already "flagged" out by google
u instead run a thread on consumercomplaint.com ? lol
report on these next time :
Google Safe Browsing: Report a Malware Page
Report a Phishing Page
PhishTank | Join the fight against phishing
https://www.us-cert.gov/report-phishing
Internet Crime Complaint Center (IC3) | Home

there are lots more i believe

You wouldn't know the half of it! And as far as a few scam sites I ran into as well as know of they ended up on consumercomplaints and psssdconsumers with a slight misspelling there! With the first one I got stung by that site closed up right after I placed the order and contacted the same to make an inquiry as to why I didn't receive any type of order confirmation and got a reply back stating the owner(a laugh of course) would make sure to step it up a bit to move it forward faster. Never happened!

The second instance wasn't even pc related or a bogus US site but one that turned out to be in Honk Kong! I lost track of that one since the exchange of emails didn't have that site in the heading but more of a private letter head first stating I would need to pay an additional $35 for shipping and then when stating I would take the refund instead I was told that would be seen to? Alarm bells went off but too late. I was able to get the owner's name but not for the site itself since I was unable to relocate it suggesting another fast hit and run site!

Back in the 90s when I was helping an NY state official bring down another type of scam artist it resulted in that one vacating the East coast entirely. Back in December 2010 when a friend had passed suddenly from a faulty heart valve he refused to corrective surgery for hit him when a plow truck blocked him and his wife in during a snow storm he collapsed when getting to shovel the blocked end of the driveway. His wife was able to push a life alert button since she was almost a vegetable herself and passed away 2yrs. after. When speaking to one of the sons he reported the same scam artist was setting up bogus sites taking Western Union instant cash for him payments for what he had on display with numerous photos. consumercomplaint.com as well as the other site had threads there indicating his product line had changed after burning people with the first site still claiming to be representing a non profit group! The second to follow however was followed again with a 3rd site only this time it was expansive pets he had photos for which that was all he had and never sent anyone a pet they paid for! Rippoff specialist!

Those types of sites won't be blocked by anything! Not noscripts, adware scans, malware detectors, nada! The scammer first gets advised on how to set up such a site from someone else first! And I know the particular scammer wouldn't be able to otherwise! The sites are made so they won't draw attention appearing as any other normal vendor site. These people know the loopholes!

It was actually a Western Union Moneygram the complaint seen at the consumercomplaints site had named from the 2008 purchase of a rather expensive breed of dog! On another site where the blogger was reporting on the NY State Supreme cChief of Investigations I left one there indicating the information was what it was incorrect! The scammer obviously contacted that source with bogus accusations to throw the heat off of his own activities.

But the main thing to compare this with in the long run is how that perp was a career criminal going from one type of operation into setting up the scam sites in later years! This is the type of thing being seen more so at this time as web activities as far as general commerce is much more commonly seen now then it would have been back in the 90s. Just ask yourself how times have you shopped online to get an idea of the now compared to the then.