• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

Attempted exploit blocked after I checked site with Safe Search

A technology and cool things site I have read for years geekaresexy.net started delivering exploit attempts: Exploit toolkit 32, Exploit toolkit 33, Sweet orange Exploit kit. I have had seven high risk attacks blocked this year, four of them have been in October. Because of this I started checking sites with Safe Search and I did so today with geeksaresexy.net and Safe Search reported the site as safe. Then another Exploit toolkit 32 intrusion was blocked.

How does Safe Search report a site is okay but an intrusion attempt happen. Obviously I won't go that site anymore.

回复

Accepted Solution
好评2 Stats

Re: Attempted exploit blocked after I checked site with Safe Search

Hi aberfoyle,

Norton Safe Web ratings are based on periodic testing of websites and provide a score based on what was found at the time that a site was last tested.  It sometimes happens that a site will be clean when it was last checked, but the site will have been compromised at some point afterward.  Norton Intrusion Prevention System works in real time and spots attacks as they happen and blocks them.  This is why you may find that Norton has blocked an attack from a site that was rated "Safe" by Safe Web.  This is an example of layered security, where you are not left to rely on one means of protection alone.

The real value of Norton Safe Web is that it helps you to avoid the sites that are known to be malicious by marking them as "Unsafe."  That is one risk averted.  For other sites, particularly popular sites that are generally considered to be safe, yet may be open to compromise, IPS provides realtime protection against possible attacks. 

You can add another layer of protection on top of these, as well.  Many attacks begin with malicious JavaScript embedded in a page or in an ad appearing on a page.  By using a browser add-on like NoScript to block JavaScript, except on trusted sites, you can lessen the chances of your browser being redirected to sites where exploit kits are hosted and poised to attack.

http://krebsonsecurity.com/2011/05/blocking-javascript-in-the-browser/

好评0

Re: Attempted exploit blocked after I checked site with Safe Search

May be there is some problem in verification. But all of the scans on the site 'geeks are sexy . Net' gives it cleansheet. ( https://www.virustotal.com/en/url/62babeedcd2b1db2908df1e298db8177cbbae9... ) May be you can help submiting it for analysing at https://submit.symantec.com/false_positive/ . Other than that, are you sure your system is clean and url you have is right?
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
好评0

Re: Attempted exploit blocked after I checked site with Safe Search

Thanks SendOfJive. That answers a large part of my question, is Safe Search a periodic check of sites or operating in real time. So probably a drive by download attack?

What I have read on that: A 'drive-by-download' attack is a malware delivery technique that is triggered simply because the user visited a website. Malware may be served as hidden codes within a website content, served content like banners, advertisements and used as a vehicle for hacking and other cyber-crime. I cannot imagine being on the internet without virus protection. 

To answer Nikhil_CV, is the system clean. Well NIS has been used since the machine was new, daily scans are run manually, all windows updates that are important or higher are installed, NIS blocks the intrusion, full system scans only turn up tracking cookies, the computer works normally.....

Do I have the right URL, yes, if NIS working in real time then that is the site I was on when the attack happened. 

One of my friends said, well it has sexy in the title, what do you think is going to happen. 

好评0

Re: Attempted exploit blocked after I checked site with Safe Search

But then I doubt why the VT results were all clean. I tried securi site check and it didnt show anything much serious. IMO, please check if you have any DNS Server or Proxy server configured on your machine and run a scan with scan with Malwarebytes antimalware from www.malwarebytes.org to make sure everything is okay at your side . . . Not blaming your system security, but since an attack is being triggered, there must be a source somewhere. May be others will have a different opinion.
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
好评0

Re: Attempted exploit blocked after I checked site with Safe Search

I downloaded malwarebytes from the above link, ran a scan all the way through heuristic analysis and it found one object Adware- BlekkoInstallChecker in app date\local\temp. It has been there since 5/5/2012. From what  had read it does not seem to be real threat.

Now, do I keep malwarebytes? Will it interfere with NIS?

好评0

Re: Attempted exploit blocked after I checked site with Safe Search

Hi,Aberfoyle. Yes, you can run MalwareBytes Free as an on demand back up scanner.

Some users have reported that the real time version works well with Norton, but I believe that you should only have one real time program, in case there are any conflicts.

Windows 10 Home X 64 Norton Security Premium Latest Version

This thread is closed from further comment. Please visit the forum to start a new thread.