this post was submitted on 02 Feb 2024
41 points (87.3% liked)

Linux

48069 readers
772 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I opened firefox After about an hour of the system being in standby and in theSponsored Links row there were 2 new entries

http:/ /bom07s30-in-x03. 1e100. net/ (I dismantled the URLs to prevent accidental clicks)

pnbomb-ac-in-x0e.1e100

I right clicked and searched in Google and it showed up as this

pnbomb-ac-in-x0e.1e100 Sponsored it disappeared after a while, just to be sure I ran sudo lsof -i and noticed firefox was connected to this url

maa05s15-in-x03.1e100.net

I am not sure if am infected or this is just a glitch(I obviously didn't click on the links)

all 35 comments
sorted by: hot top controversial new old
[–] breakcore@discuss.tchncs.de 96 points 9 months ago (1 children)

1e100.net is google's catch-all domain. Many of their services run under this domain.

Read more here : https://support.google.com/faqs/answer/174717

It is a geeky pun, 1e100 is scientific notation for 1 followed by a hundred zeroes. This number is called a googol, which is similar sounding to google.

[–] h3rm17@sh.itjust.works 37 points 9 months ago (1 children)

Indeed Google is named after the googol

[–] arai_aroi@lemmy.ml 51 points 9 months ago (1 children)

Others have answered your question. I would like to add that when you want to "dismantle" the URL, there is a practice in cyber security called URL Defanging. Protocols are escaped, such that http becomes hxxp. Other significant symbols that are :// becomes [://] and . becomes [.]

Combining these, your URL becomes: hxxp[://]bom07s30-in-x03[.]1e100[.]net/

Which will be safer for others to navigate. It will take an extra effort to revert it back to the functional URL. Tools like CyberChef can perform this action if you seek a more streamlined solution.

[–] BaumGeist@lemmy.ml 3 points 9 months ago

TIL. I didn't know there was a standard, and I've never seen "hxxp", although the rest is familiar looking.

[–] somethingsomethingidk@lemmy.world 18 points 9 months ago (2 children)

Search 1e100, it's a google thing

[–] callyral@pawb.social 11 points 9 months ago

*it's a googol thing

[–] Artemis_Mystique@lemmy.ml 8 points 9 months ago (1 children)

Yes but why did it show up In the Sponsored links row?

[–] somethingsomethingidk@lemmy.world 27 points 9 months ago (2 children)

From mozilla. I'm guessing that the links were hosted/owned/etc. by google. When your system resumed it only partially loaded the sponsored links and you were left with the text of the url.

Your system is fine security wise, but privacy wise pinging google servers everytime you open a new tab is not ideal. This type of stuff is why I use Librewolf. Of course it's up to you how much it bothers you. You can disable alot in vanilla firefox too.

[–] mozz@mbin.grits.dev 7 points 9 months ago

Librewolf Librewolf Librewolf

[–] Artemis_Mystique@lemmy.ml 1 points 9 months ago (4 children)

Thank you, but is there anyway I can check whether i am infected or not just for peace of mind?

[–] RadicalEagle@lemmy.world 11 points 9 months ago

No. Peace of mind comes from trusting, not from knowing.

[–] somethingsomethingidk@lemmy.world 4 points 9 months ago (1 children)

Install clamav and run a scan. You will probably get false positives.

For instance the gnome polkit agent has a "malicious" image that it tries to load at start and if it succeeds it kills the program before it can run. This is to keep an actually malicious icon from being used. I spent days on that one lol

[–] Artemis_Mystique@lemmy.ml 3 points 9 months ago (1 children)

But isnt clam AV only for detecting Windows viruses?

[–] redcalcium@lemmy.institute 2 points 9 months ago

Depends on the malware database you use, but out of the box it'll catch wide range of stuff, even linux malwares (which is rare but exists and mostly infect vulnerable web servers).

[–] TexMexBazooka@lemm.ee 2 points 9 months ago

Not with 100% certainty outside of nuking your system. You’re probably fine.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone -1 points 9 months ago (1 children)

Antivirus programs are generally the go-to method...

[–] Atemu@lemmy.ml 9 points 9 months ago* (last edited 9 months ago) (1 children)

Note that anti-virus can only assert that you are infected, not the opposite.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 1 points 9 months ago (1 children)

You're saying even if you're not confirmed as infected, you're not necessarily confirmed as not being infected. In other words, you're talking about false positives.

Am I understanding you correctly?

[–] NotJustForMe@lemmy.ml 2 points 9 months ago (1 children)

The opposite. Not found negatives. Anti-virus software can only tell you that it didn't find a virus, not that there aren't any.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 1 points 9 months ago* (last edited 9 months ago) (1 children)

Yeah, what you just said is what I said I thought you said. (@_@)

We're on the same page; it's just that wording is hard.

Also, you all were right; I was wrong. Admission given. 👍

[–] Suspiciousbrowsing@kbin.social 1 points 9 months ago (1 children)

I think you're on the same page, but mean false negatives not false positive.
False negatives being the potential that you have the virus, but the scanner wasn't able to identify it so returned a "you're all clean" when in fact, you've got a dirty virus and should have listened in health class.

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 1 points 9 months ago* (last edited 9 months ago)

Yeah.

Like I said, words are hard. Lol.

[–] breadsmasher@lemmy.world 3 points 9 months ago (1 children)

installed any extensions recently?

[–] Artemis_Mystique@lemmy.ml 4 points 9 months ago

No, I only use Ublock origin which i had installed Approx 4-5 months ago

[–] nanook@friendica.eskimo.com 1 points 9 months ago

From what I've read 1e100.net belongs to Google, so yea it's a virus.

[–] NOOBMASTER@lemmy.ml 1 points 9 months ago (2 children)

wtf are Sponsored Links, and why do you need them?

[–] StefanT@lemmy.world 3 points 9 months ago

Sponsored links: Mozilla gets money for AD links showing up below the search url on the new tabs page. If you do not disable them (they are on by default).

[–] nanook@friendica.eskimo.com 2 points 9 months ago
[–] possiblylinux127@lemmy.zip -1 points 9 months ago (1 children)

I would go the nuclear route if I were you

[–] mub@lemmy.ml 1 points 9 months ago

Fuckin" aye!