(windows?) trojan found in icedtea-cache - any danger?

Heya!

I was bored and did a clamav scan on my system.

It found “Trojan.JS.Selace-1” in the cache of the icedteaplugin in home directory

I had opened an infected web site a few days ago. Could it be from that?

More important however: Can I just delete the infected file and forget about it? Or do I have to worry that it has infected firefox somehow? Are the passwords etc. that I have entered in the mean time, safe?

Sorry for the stupid questions. I’ve been using Linux for years now but never really got into detail with it.

Any help is much appreciated! Thanks!
Peter

PeterRST wrote:
> It found “Trojan.JS.Selace-1” in the cache of the icedteaplugin in home
> directory

really, i don’t know for sure but i google “Trojan.JS.Selace-1” and
find a report of its existance since 24 Dec 10, and if googled along
with the word “linux” in the string, well in either case i find not a
single person reporting it as a threat to a Linux system…

there must be a place/forum where folks more worried about these
phantom threats than i am congregate and discuss while shivering…

you were not browsing in a root powered way, were you?


palladium

Nope, I wasn’t.

What happened to me was basically the same that happened to this guy:

*(http://blog.opensourcenerd.com/i-can-haz-virus)

Only that my firefox didn’t give me any warnings first. The site just spat 3 or 4 java dialogues (i remember clicking “no” but this could have been tricked aswell?) at me and then simulated a windows computer getting properly owned (must have been a talented java/flash artist)… lol I then just closed the window, emptied firefox cache and forgot about it.

But now I stumbled across that Trojan in my Java cache and don’t quite know what to think of it. I’m 99% sure I’m not at risk but then again, I’ve always been very paranoid… :D*

you call yourself very paranoid AND admit you did what the guy on the
blog did???

let me see, you have made TWO posts here…are ya just trying to
spread a little fear here, or what…your very first one ever here was
a scary story…

here is your answer: your machine is safe if you do not browse as
root and you exercise common sense, like:

-run trip wire
-run rkhunter
-don’t download executable files/scripts from strangers and RUN them
-run behind a firewall/nat router
-etc
-etc
-backup often

on the other hand, if you run Linux like 95% of the earth runs Windows
you might as well go ahead and buy yourself a anti-virus software
license and run it in WINE so you feel “protected”…


palladium
Ten years running Linux…never had a anti-virus program, infection,
crack, etc…not scared by PeterRST’s scary story…but, then again
i have no Redmond Malware Magnet on in my house…

Obviously I didn’t do what the guy did and tried to get the virus running in wine. But it was the same kind of attacking website I stumbled upon. Without a firefox warning unfortunately.

God no, I’m not trying to spread fear. It was a genuine question…

And it’s my first post because Linux has been running absolutely spot on for me for 4 years now. I simply didn’t have anything to ask in all that time. lol!

PeterRST wrote:
> And it’s my first post because Linux has been running absolutely spot
> on for me for 4 years now. I simply didn’t have anything to ask in all
> that time. lol!

you are one lucky feller! four years no problems…that is great…

really, i would just delete that file and press on…

for better help you will have to find someone with enough fear to keep
up with it all…really, i don’t…

or here is an idea for you to consider: Become an expert on such and
drop in here every couple of days and see if there are any hot virus
questions you can answer authoritatively … i mean we get folks in
here all the time with one day of Linux experience with nothing on
their mind but getting an anti-virus something installed RIGHT NOW!!

most of us can only say don’t worrry about it…it would really be
nice to have someone who has cared enough to study the situation, and
speak up…

ymmv

oh! one other thing i recommend you do: stop running a windows virus
checker against your Linux partitions…as it might scare you again,
needlessly!!


palladium