This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Browser hijacker / web intercept for rbs.co.uk and natwest.co.uk in Linux Mint, not detected

Hello all

I've got a very unpleasant browser hijacker or something re-directing my web traffic, which Sophos Free for Linux doesn't help with.

I was using a public wifi point and connecting through a VPN. I had several tabs open -- nothing pornographic. All of a sudden my speakers were hijacked by the sound of what I suppose is meant to sound like a porn model in ecstasy, although it wasn't that convincing :)

I didn't close anything, but carried on listening, and over the hour that I was monitoring it, it produced intermittent spoken soundtracks of about 30 seconds long at a time, on topics -- always in American English -- as varied as vegan nutrition and some sort of relationship advice.

When I went to check my online banking, I received an error message -- widespread, I gather, from my searches -- "The requested URL was rejected. Please consult with your administrator. Your support ID is [arbitrary number]." It affects the sites in the subject line, but also others, like Sophos's and Clam AV's download pages (and also, strangely, site to do with cricket statistics).

I'm using Linux Mint 18.2, Cinnamon 32-bit. It affects FF59.0.23, and the latest installs of Chromium and Vivaldi. I've done a manual scan but the problem remains.

Any ideas?

Helen B



This thread was automatically locked due to age.
Parents
  • Hi Helen,

    In SAV for Linux, we do not have Web control, Malicious traffic detection, and Firewall. Please help me with the following:

    1. What is the VPN you used?

    2. Do you trust your VPN server (as they have access to your traffic)?

    3. Did you access the banking site from the same Acces point or a different access point?

    4. Do you suspect the Access Point to be a rogue AP

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello

     

    Many thanks for your answer.

    Here are my responses:

     

    1. The VPN is airvpn.org

    2. I have no reason not to. Reviews are consistently good.


    3. It used the same access point.

    4. Again -- I have no reason to distrust it -- it is The Cloud,which is run by the multinational media organisation, Sky.

Reply Children