• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

PC-pwning infection hits 30,000 legit websites

Does NIS 2009 protect against the threat described in this thread at dslreports?

http://www.dslreports.com/forum/r22466586-PCpwning-infection-hits-30000-legit-websites-And-counting

Replies

Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Does NIS 2009 protect against the threat described in this thread at dslreports?

http://www.dslreports.com/forum/r22466586-PCpwning-infection-hits-30000-legit-websites-And-counting

Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Hi car835 -

Certainly interesting information, but not enough of it, as no actual "signature" names were mentioned.

Therfore, I cannot confirm or deny. Nothing in Threat Explorer just yet.

Let's wait for more info.

Message Edited by Compumind on 05-31-2009 07:07 PM
CompumindNIS 2009, XP-SP3, Vista-SP2, IE 8
Kudos0

Re: PC-pwning infection hits 30,000 legit websites

In this Virustotal report, you will see that the malware noted here has a very low Antivirus detection rate.  The signatures change constantly, and it uses a type of Javascript on Web pages that may not trigger heuristic detection.

It  takes advantage of unpatched vulnerabilite, so we have to all be diligent in keeping our systems patched.

Disabling Javascript in IE will assist and NoScript in Firefox, provided no sites are whitelisted in NoScript.  It is similar to the Gumblar malware that tries to use the Flash player and PDF vulnerabilities.

The script is embedded in legitimate websites as a driveby.  According to the article you attached, if you are not vulnerable to those attacks, a popup for a misleading application will try to entice you to click on it to close it.

The website scanners may not be able to search enough websites daily to recognize this malware yet.

It looks to be very illusive at the moment and great care must be taken to keep updates current, and patches loaded for all vulnerabilities.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: PC-pwning infection hits 30,000 legit websites


delphinium wrote:

 . . . The script is embedded in legitimate websites as a driveby.  According to the article you attached, if you are not vulnerable to those attacks, a popup for a misleading application will try to entice you to click on it to close it . . .


What's the best way to close this type of misleading popup?  Is it ok to click on the red X as you would normally do to close a window?

Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Hi car825 -

I would suggest opening Windows Task Manager, identify the process that has spurned the window and terminate it.

Hope this helps.

CompumindNIS 2009, XP-SP3, Vista-SP2, IE 8
Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Physically break the connection to the internet by yanking out the internet cable - I did that when that Errorsafe popup was making the rounds, then closed the browser via task manager.

And if you click on a nasty popup, whether on the red x or anywhere else, it will take you to the website hosting the malware, and that's when you'll get infected at the very latest. 

Message Edited by Moby_Duck on 06-01-2009 01:27 AM
Your Norton Ladybug.
Kudos0

Re: PC-pwning infection hits 30,000 legit websites


Moby_Duck wrote:

Physically break the connection to the internet by yanking out the internet cable - I did that when that Errorsafe popup was making the rounds, then closed the browser via task manager.

And if you click on a nasty popup, whether on the red x or anywhere else, it will take you to the website hosting the malware, and that's when you'll get infected at the very latest. 

Message Edited by Moby_Duck on 06-01-2009 01:27 AM

Does this apply to Vista SP2 with IE8?  I was hoping the red X was not hackable with Vista SP2 and IE8.

Message Edited by car825 on 05-31-2009 07:52 PM
Kudos0

Re: PC-pwning infection hits 30,000 legit websites

I am unsure if like most misleading type apps it shows in Hijackthis

Quads 

Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Ctrl+F4 will close the tab immediately in both IE and Firefox.  Once there is only one tab left, it will close the browser.  Best to use the keyboard shortcuts rather than click on anything. 
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: PC-pwning infection hits 30,000 legit websites


delphinium wrote:

The script is embedded in legitimate websites as a driveby.  According to the article you attached, if you are not vulnerable to those attacks, a popup for a misleading application will try to entice you to click on it to close it.


This happened to me today while browsing a legitimate website I visit daily; I was suddenly redirected to a site offering antivirus and stating my PC was infected. I know Norton cannot detect the JavaScript redirect because of the changing signature but I would hope there is something about the page redirect offering AntiVirus that they can detect and block.

Kudos0

Re: PC-pwning infection hits 30,000 legit websites

Hi all -

This is supplementary information:

http://blogs.zdnet.com/security/?p=3476&tag=nl.e589

CompumindNIS 2009, XP-SP3, Vista-SP2, IE 8
Kudos0

Re: PC-pwning infection hits 30,000 legit websites


car825 wrote:

Does NIS 2009 protect against the threat described in this thread at dslreports?

http://www.dslreports.com/forum/r22466586-PCpwning-infection-hits-30000-legit-websites-And-counting


Yes N.I.S. 2009 should Protect you because, if you have the Pulse Updates On, then you will get any Change Threats make almost as soon as they are Discovered for most Threat.  And N.I.S. 2009 is the best Intrusion Prevention you can get because, in Tests, it Scored 100%.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos1 Stats

Re: PC-pwning infection hits 30,000 legit websites


delphinium wrote:
Ctrl+F4 will close the tab immediately in both IE and Firefox.  Once there is only one tab left, it will close the browser.  Best to use the keyboard shortcuts rather than click on anything. 
From a security perspective, is there any difference between using Ctrl+F4 and Alt+F4 to close the browser? I'm asking because I get them mixed up sometimes.
Kudos0

Re: PC-pwning infection hits 30,000 legit websites

On Firfox anyway, because I tried it, if you have several tabs open and use alt+F4, Firefox will bring up a pop up asking if you want to save your tabs.  You don't want to be clicking on "Yes/No."  Ctrl + F4 simply made each tab in successive order, along with Firefox go away.  Try it, althought I am surprised you didn't.

Perhaps you didn't try it with tabs loaded.  Most people will have more than one tab open. I've got three at the moment.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.