Ubuntu – PUA.Phishing.Bank Found


I scanned my machine (with the latest version of ClamAV) after looking at some images which were loaded from external sites and those sites seem to be dodgy hacking sites, and these were some of the results that I got about my Google Chrome cache:

/home/arthur-dent/.cache/google-chrome/Default/Cache/f_009bb4: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00b45d: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00afd9: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00b45e: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00afdc: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00b353: PUA.Phishing.Bank FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00b414: PUA.Phishing.Bank FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_000e30: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_0071e4: PUA.JS.Xored FOUND
/home/arthur-dent/.cache/google-chrome/Default/Cache/f_00b382: PUA.Phishing.Bank FOUND

Now, I often get the PUA.JS.Xored so I'm not really worried about them, but never before have I got the PUA.Phishing.Bank, so what are these and can they do any damage? I have cleared my cache and they seem to be gone now, but could they have done anything bad to my systems?

And yes, I have read this, but it wasn't much help for practical purposes: https://askubuntu.com/a/415146/364819

OS Information:

Description:    Ubuntu 14.10
Release:    14.10

Best Answer

  • Basically, if you didn't perform any bank payments on the computer you've downloaded these on between visiting these dodgy web sites and posting this question you're safe...

    What to do if you did perform bank payments:

    • Contact the anti-fraud department of your bank immediately!
    • Keep the date/time you started the conversation with your bank in a secure place (Not your computer! A paper agenda would be perfect)
    • From this point in time, you're protected according to EU rules and regulations (verify your statutory rights if you're outside of the EU)
    • Clear your cache

    Nothing more to do!

  • Related Question