Monthly Archives: September 2009

Loop Mount .iso in FreeBSD

I needed to mount an .iso file this morning, which I’ve done dozens of times in Linux, and I realized the command I’d normally use in Linux does not work. For example:

Linux

mount -o loop image.iso /mnt

This works fine in Linux and lets you “mount” the .iso file as if it were burned and in the drive. This does not work on FreeBSD. You get an error like:

mount: image.iso mount option is unknown: Invalid argument

FreeBSD

The solution (the only one I’ve found so far) is to use a much more in-depth command like:

mount_cd9660 -o ro /dev/$(mdconfig -a -t vnode -f /path/to/file.iso) /mount-point

Hopefully this little note helps someone else have less trouble than I did in mounting .iso images in FreeBSD.

Facebook Fan Check Virus

I read an article today regarding an alleged Facebook based virus from the “Fan Check” application. I will admit I’ve been sucked into the Facebook, but to my defense I primarily stick to just a few applications. Reading about this makes me glad that I’m running Chromium browser on Linux. I think, between the two of those, my chances of becoming infected are pretty slim. The chances of becoming infected with any kind of virus are pretty limited by using Linux in the first place, but that is pretty obvious.

What I found interesting about this article and the related “infection” is that, so far, there haven’t been any proven cases of the Facebook application actually directly infecting anyone. The infection is caused by third-party websites provided through search engine results, and then by way of social engineering. Whether from the Facebook application or the third-party websites, this infection does not rely on browser vulnerabilities or outdated software. It is all done with the permission of the user.

Think about it. Your friend invites you to “join the fun” and use a Facebook application. Each application has to be given permission by the end user in order to access required data. If the application itself were the cause of the infection, the user would have to give permission for it to happen.

In the more roundabout situation the user is afraid they were infected directly by the application (may or may not be the case), so they use a search engine to find a tool that will verify this for them. The search results are then populated by pages telling them they are infected and to download security software immediately. Again, if the user decides to download and install the “security software” they have allowed the infection into their machine.

I decided to try some of these search results to see what it is they tried to do. I was honestly pretty impressed with one of them. If I didn’t know any better, and if I were running Windows it would surely look legitimate to me.