• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.

Web Attacks on Outgoing connections?

I just got 2 Vulnerability Blocked messages on my Norton Internet Security (Comcast version) which said  "Web Attack: Exploit Toolkit Website 67" and "Web Attack: Mass Iframe Injection Website 17".  The strange thing is, they were both listed as Outgoing connections.  What does this mean?

Note:  The Vulnerability messages appeared when I was redirected from a page I was viewing to some other page which didn't load because of Norton's block.  I don't know if this matters, though.



Re: Web Attacks on Outgoing connections?

WUVulnerability Protection works on both incoming and outgoing connections. It scans all network activity. You probably visited a Web site that had malicious content on it. Usually these are Web pages that were hacked so that they display something that will harm your computer when you visit the Web page, or attempt to steal some information from you when you visit the Web page. For example "Mass Iframe Injection" is an attack where the "bad guy" changes a Web site so that when you visit it, instead of displaying some content that it was originally going to display, it displays different content by injecting an IFRAME tag (I'm greatly simplifying things here).

These days Vulnerability Protection detects much more "Outgoing" attacks because of the high number of Web attacks (Facebook Likejacking is our #1 reported attack, and it is an outgoing attack that occurs while visiting Web sites with a Facebook "Like" button on them).

Ryan McGann Technical Director Norton Business Unit, Symantec

This thread is closed from further comment. Please visit the forum to start a new thread.