Stramge virus like behaviour across KDE/X screens

English Applications
#1

Opensuse 11.4
I use KDE and have 6 desktops in use.
One for working, one for Opera, Firefox,Music,monitoring, amd spare.

For some changes I opened Yast and moved the Yast window to the upper left, all of a sudden I saw an animated ad for a tobacco free cigarette happening on the white background of Yast.
hmmm…This isnt good, I continued my work for a short time and opened some more application windows. here it is again but only appearing on a white background, for example when i opened the “Add Channels” to Kmix, I saw it again.

It also appeared on some Firefox pages that have a white background.

Upon closer inspection I could see the animated advert animating within the text for my icons on the desktop. The actual white text “My Computer”, “Firefox”, “Online Help”
I went through all my software in Yast to see if somehow I had installed some sort of ad loader, ticker tape, or whatever.

I rebooted, opened yast again and saw the ad once again within the WHITE TEXT ONLY had changed to a familiar icon I had previously seen on a webpage I visit. Now I had a clue to its origin.

I use opera and regularly have about 16-20 opera pages always open, Even after a reboot, opera automatically re-opens with all these sites opened as tabs, The Icon I saw in this nuisance background was from an opera website, no less than Cornell Uni,
heres the cut and paste from Opera:-
http://ebooks.library.cornell.edu/cgi/t/text/pageviewer-idx?c=kmoddl;cc=kmoddl;rgn=full%20text;idno=kmod026a;didno=kmod026a;view=image;seq=86;node=kmod026a%3A10;page=root;size=100

Now It was the blue “KMODDL” icon that appeared against the white background of any open window.

Because the earlier reboot had displayed a different ad (cigarette icon) I suspected foul play from within Cornell website.

Anyway I went through Opera’s history and saw a website that I did not consciously visit, and its name was a dead giveaway:-
http://altfarm.mediaplex.com/ad/fm/7474-142431-17922-55?mpt=587386534&mpvc=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%2…”

I dont know how this site was in the history, it must have popped through from another site I visited, but because the Cornell Icon “KMODDL” was showing through the white background, is that a safe assumption that this nuisance website may be associated with the Cornell page I visited?

I put it in the blocklist and I havent seen the problem since.

BUT… WHY and HOW has linux allowed this to happen?..
and which components allowed this to happen?

Is this a whopping big hole in KDE or X or Opera or general linux security?
This is the sort of thing I expect to see happening in an MS environment.

This animated image appeared across all my desktops, and like I said earlier even in the white text fonts associated with my desktop icons.

Shane, Brisbane, Australia

OS: Linux 2.6.37.6-24-desktop x86_64
Current user: shane@host18
System: openSUSE 11.4 (x86_64)
KDE: 4.6.00 (4.6.0) “release 6”
Display Info
Vendor: nVidia Corporation
Model:
2D driver: nvidia
3D driver: NVIDIA 304.64
CPU Information
Processor (CPU): AMD Phenom™ II X6 1090T Processor
Speed: 3,221.93 MHz
Cores: 6
Memory Information
Total memory (RAM): 7.8 GiB
Free memory: 4.8 GiB (+ 1.3 GiB Caches)
Free swap: 7.8 GiB

OPERA Version 12.02
Build 1578
Platform Linux
System x86_64, 2.6.37.6-24-desktop

#2

Sorry I was typing in the dark, the title is meant to be:_
:STRANGE Virus like …"

Shane

#3

On 2012-12-27 20:26, dwyersm wrote:

> Is this a whopping big hole in KDE or X or Opera or general linux
> security?
> This is the sort of thing I expect to see happening in an MS
> environment.
>
> This animated image appeared across all my desktops, and like I said
> earlier even in the white text fonts associated with my desktop icons.

I have seen previously flash animations that should remain inside
firefox, outside firefox in all the desktops. I had to disable hardware
acceleration for flash.

And flash has security holes discovered regularly.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

#4

From your story: this is Opera related, not KDE. At least, I read that Opera autostarts. My bet is that, if you open Opera with an empty start page, the phenomenon won’t be there.

#5

Flash is at the top of my “Top Ten Unwanted Software” list.
It is a nuisance, a major security hole and risk, memory hungry, upsets other software outside its scope, generally mis-behaves and constantly updated with nothing fixed!
The sooner we all go without Flash the better.
Anyway How does one stop flash from doing this within our OS?
Shane

#6

On 2012-12-27 21:06, dwyersm wrote:
>
> Flash is at the top of my “Top Ten Unwanted Software” list.
> It is a nuisance, a major security hole and risk, memory hungry,
> upsets other software outside its scope, generally mis-behaves and
> constantly updated with nothing fixed!
> The sooner we all go without Flash the better.
> Anyway How does one stop flash from doing this within our OS?

In my case, disable accel in the flash contextual menu.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

#7

Yes Knurpht, I havent tried it but I believe you will be correct. However the more sinister matter is that the issue is most likely Flash related.

Is it also impractical for me to open a blank opera and then load all my tabs.

As far as i can determine, this issue should not happen, and a mechanism should be available to prevent it from occurring.

Shane

#8

Did you try Carlos’ suggestion, disable hardware acceleration in Flashplayer?

#9

On 2012-12-27 21:36, dwyersm wrote:
> As far as i can determine, this issue should not happen, and a
> mechanism should be available to prevent it from occurring.

I understand that accelerated graphics means that the application is
responsible for directly drawing on the screen. Once you give it that
power, you are sold.

So just disable that as I told you.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

#10

Ok
I ran “Adobe Flash Player” from the KDE menu, and I turned off anything I assumed was a security matter, mainly camera related stuff, and cleared all other stuff
Went to a webpage in Firefox and right click on a flash animation and turned off “accelerated graphics”

Now do I have to find and load a web-page in Opera that contains a flash animation and right click to get the context menu to again turn off “accel graphics”

After all, the suspect websites were loaded from within Opera.

or is turning off “accel graphics” it in Firefox a global flash setting for the whole OS?

I get somewhat confused with Flash,
My understanding is that one has to install Flash software , and then it appears that one has to again install/load/plugin Flash within your browsers.

cheers,
Shane, Brisbane Australia

#11

you may need to do turn off acceleration in each of the browsers you use individually
For example i have shown you settings for Opera(opera:config) http://paste.opensuse.org/images/43735728.png

#12

similar settings for SeaMonkey(successor for Mozilla suit)
http://paste.opensuse.org/images/99705002.png