I stumbled onto a very bad website:
d1ykbfcai6wsme dot cloudfront dot net slash werrx01 slash
phone=+1 dash 888 dash 387 dash 3976 &# .
nslookup gives several IP addresses for it:
13.227.44.(3, 62, 26, 12) and
2600:9000:21fa:(ca, ce, 14, 2e, 7e, b6, c2, ee)00:1:6351:b980:21
firefox went fullscreen and kept telling me that
my computer was locked because, without my knowledge,
it had been used for bad things.
I should call the given number for help getting
rid of the malware and to get my computer unlocked.
Do not restart your computer or data loss and
release of personal information might result.
The mouse would only show up on the
always-on-top window of an expired timer.
I'd encountered similar before.
This time I switched to virtual console 3 and SIGSTOPped firefox.
When I got back to the GUI, virtual console 1, I had to log in again.
Didn't help. Computer was quieter, but still unresponsive.
I went back to virtual console 3. There was the GUI. Huh?
Ok, virtual console 5.
SIGCONT firefox and go back to the GUI.
Turn off networking before logging in.
That did it.
I took firefox out of fullscreen mode.
I got the above information and deleted
just the window I wanted rid of.
The first time I encountered this,
I wasn't as bright and just rebooted.
How is that sort of thing done and
how do I keep it from happening again?
I the meantime, how do I blacklist those addresses?
--
Michael hennebry(a)mail.cs.ndsu.NoDak.edu
"Occasionally irrational explanations are required" -- Luke Roman