Malvertising on the Rise

Discussion in 'Anti-Virus' started by David Kaye, Oct 2, 2010.

  1. [...]
    http://voices.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

    FYI, unless this isn't what you meant by 'reprogramming'.
     
    FromTheRafters, Oct 3, 2010
    #21
    1. Advertisements

  2. David Kaye

    David Kaye Guest

    I think we're saying the same thing but I expressed it poorly, or at least
    differently.

    I tend to look at a site as being "infected" when viewing it manages to do
    something malicious. To me it doesn't matter if the infection is in the code
    on the page itself or if the page points to malicious code elsewhere. As far
    as I'm concerned, web pages are almost always made up of external content, and
    thus the nature of a web page is a blending of internal and external content.
    Web pages that don't link to malicious code do not cause problems.

    In the case of my personal chef customer, I told her the other day that I felt
    her web page was somehow infected because visiting it caused problems. While
    there may not be actual code on her page, she or her host are using elements
    that are causing the same problem.
     
    David Kaye, Oct 3, 2010
    #22
    1. Advertisements

  3. David Kaye

    David Kaye Guest

    None. I don't wish to sandbox because I'm trying to run as close to an
    average user's environment as I can so that I can try to emulate their
    problems as much as I can.

    For the record I currently have 2 Linux machines, 1 running Vista, 3 running
    XP, 1 running 2000. Of the 3 XPs, 1 is a honeypot, 1 is protected with Avast,
    and 1 (my main computer) uses MSSE, an early Zone Alarm, and has every
    non-essential service turned off. Currently it's running 26 processes.
     
    David Kaye, Oct 3, 2010
    #23
  4. Generally, infection (as it applies to computer science) involves
    malicious code being attached to pre-existing code. For a page to have
    been "infected", its code will have been altered. Reversing the
    alteration is known as "disinfection" or "cleaning". If the page isn't
    altered, it isn't "infected" and cannot be "cleaned".
    Yes, and those that do can be said to have led to infection *or* have
    been infected themselves.
    Hopefully she will understand what you meant despite what you said. :eek:)
    Yes, but she won't be able to "clean" her webpages to fix it.
     
    FromTheRafters, Oct 3, 2010
    #24
  5. David Kaye

    ASCII Guest

    No way it could possibly be some mis-configuration on the part of the system
    trying to access that page, no, gotta be someone else's fault <g>
     
    ASCII, Oct 3, 2010
    #25
  6. David Kaye

    ASCII Guest

    You want to 'feel their pain', OK,
    maybe the years have left me a bit more calloused.
     
    ASCII, Oct 3, 2010
    #26
  7. David Kaye

    Dustin Guest

    (David Kaye) wrote in
    It's a hidden security bit. If you want to change the access rights on a
    Not if they are locked you won't. :)
     
    Dustin, Oct 3, 2010
    #27
  8. David Kaye

    Dustin Guest

    You know apps can detect the presence of sandboxie and refuse to run if
    your trying to run them under it? Sandboxie is a nice program, but even
    I've turned in executables to it's author that completely evaded
    sandboxing...

    Sandboxie has changed it's licensing system over to activate online every
    90days and each copy is hardware locked. change out your video card,
    sandboxie wants you to prove you bought it all over again.
     
    Dustin, Oct 4, 2010
    #28
  9. David Kaye

    ASCII Guest

    Very little beyond trying to sort out an OS install for someone.
    I wasn't in any computer related business before retirement,
    did maritime two-way radio work,
    plus a dabble into pirate broadcasting stations.
    I didn't even get my first computer until the debut of win95,
    that's not counting programmable calculators.
    I do remember conditional transfers and goto subroutines,
    which later became known as 'DLLs'.
    I guess I tend to think of my computer as a personal entertainment appliance
    and don't much relate to those who deal with the shortcomings of other users.
     
    ASCII, Oct 4, 2010
    #29
  10. David Kaye

    ASCII Guest

    I have the old fashioned regedit.exe and have been able to delete some
    unwanted 'legacy' keys simply by altering the permissions via the context
    choices from a right click.
     
    ASCII, Oct 4, 2010
    #30
  11. David Kaye

    ASCII Guest

    If some malware refuses to run, then great!
    I thought your contributions were the type that initiated within, but were
    able to escape and that issue had been addressed several versions ago?
    Just avoid the latest v3.48 and get the previous v3.46 instead.
    Might be good to go get a copy now while they're still all over the web.
     
    ASCII, Oct 4, 2010
    #31
  12. David Kaye

    Dustin Guest

    Actually, DLLS replaced the common old school library system. Think of
    them as a toolkit of subroutines and functions that can be called
    whenever the host wants them. It's not programming language specific.
    just the replacement for the dos based .lib system.
     
    Dustin, Oct 4, 2010
    #32
  13. David Kaye

    Dustin Guest

    No, I didn't just mean malware. Some legit programs (gamers crap
    mostly) detect for and refuse to run sandboxed. I suspect it has to do
    with online cheating more than anything else.
    I was able to write a proof of concept one which did the same thing as
    one I found in the wild, yes. They were fixed several versions ago; but
    by fixed, I mean the specific exploit vectors they used. It doesn't
    mean sandboxie couldn't still be exploited tho.
    Well, unfortunatly, something got buggered in v3.46 and prior code;
    many executables which have been packed with UPX will no longer run.
    It's being corrected in 3.5? betas.

    So, yes. staying with v3.46 will last for awhile; but due to bugs
    present, won't run everything.
     
    Dustin, Oct 4, 2010
    #33
  14. David Kaye

    Dustin Guest

    Yep. When you run regedt32; it's really regedit with the permissions
    context menu. <g>
     
    Dustin, Oct 4, 2010
    #34
  15. IIRC, most of his clients run as admin but are not computer savvy.

    ....I guess that keeps them coming back. :eek:)
     
    FromTheRafters, Oct 4, 2010
    #35
  16. David Kaye

    ASCII Guest

    I'll try not to dwell on that depressing likelihood too much,
    would be like when I came downstairs early one year
    and 'outted' sanny claws, or did a load of mescaline and witnessed
    the vacancy of the heavenly abode claimed to be occupied by god.
     
    ASCII, Oct 4, 2010
    #36
  17. David Kaye

    David Kaye Guest

    Turns out her web page is actually a Wordpress blog and she hired someone to
    optimize searches. The Sophos white paper on the topic indicates that a tool
    being used to optimize Wordpress and other sites is itself infected.
    Interesting...

    http://www.sophos.com/sophos/docs/eng/papers/sophos-seo-insights.pdf
     
    David Kaye, Oct 4, 2010
    #37
  18. David Kaye

    David Kaye Guest

    Possibly the guy she hired to optimize her Google ranking. According to the
    Sophos white paper, an applet used in Wordpress optimization is one of the
    culprits.
     
    David Kaye, Oct 4, 2010
    #38
  19. David Kaye

    David Kaye Guest

    You may forget what I do for a living. I fix people's computers, usually 3 to
    4 customers a day, sometimes 5 or 6. I need to get in, get on with it, and
    get out to the next client. I need to have several computers configured to
    match closely what I see every day in the real world. When I go out I need to
    know how to get my customers back on track quickly. This is why I can charge
    a lot of money for my work. I'm fast and I'm successful at what I do. I'm
    usually in and out with a fix before Geek Squad even returns a phone call.
     
    David Kaye, Oct 4, 2010
    #39
  20. David Kaye

    David Kaye Guest

    Well, then maybe you should shut the **** up, okay?

    My customer base includes 3 radio stations which must stay up 24/7 or they
    literally lose business because they can't sell ads. I have real estate
    firms, entrepreneurs working from home, two inventors, a number of
    restaurants, and the founder of a major gaming company.

    The gaming guy is interesting. He has a tech support staff for his company.
    He is also a progarmmer and obviously knows his way around computers. But,
    why does he hire me instead of using his in-house techies? He told me that he
    needs action immediately and someone who is up to the minute on problems. He
    said that at best his techies can wipe and reinstall and swap out standard
    hardwware. He needs more than that for his own critical situation. He keeps
    mission-critical material on his work and home computers and does not want to
    trust them to anyone else. I'm honored.
     
    David Kaye, Oct 4, 2010
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.