Announcement

Collapse
No announcement yet.

New Malacious Websites: Internet Stoops to a New Low

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Malacious Websites: Internet Stoops to a New Low

    I was just talking with my boss, who's the senior network admin. Mind you, he's a professional. He was telling me how he just stumbled upon the most "hideous" website he's ever seen. Something got installed on his computer without his knowledge. His first tip off was the link he clicked on was slow to load and his hard drive was chugging away. Something was up. It started popping up ads on websites that never pop adds. It installed stuff in his favorites, added an X-rated toolbar to IE, and locked him out of Internet Options. And this is on his restricted plain user account! He ran Adaware, Spybot, but neither of them could clean this thing off completely. He found 4 processes running. He would kill one, and before he could kill another, the first one would pop up again with a different name. He found stuff in System32. He got rid of the last of it by denying himself access to a certain folder and then remote logging in to fix the registry.

    I'm looking into this personally. I have never (and neither has he) heard of anything this malacious on a website before, and it's beyond me how something like this could have installed itself. Java has severe security restrictions, JavaScript, too. It was my assumption that as long as you don't click "yes" to install, you're safe, but that's not the case anymore.

    What website? Well, he told me he was searching for software cracks.

    Be forewarned! I'll post any findings I come across.
    "Garlisk's got a lov-el-y bunch of coconuts."

  • #2
    Java tends to be quite secure, but activeX is the complete opposite.
    It's not my fault everything you like is terrible.

    Comment


    • #3
      This is why you shouldn't use IE. </modetwo+omega>

      Comment


      • #4
        Oooooold.

        It's called browser highjacking and dialers. Had a pretty big problem with those fuckers since my kid brother likes to browse on warez sites.

        Nothing Highjack This! and CWShredder can't handle.

        Comment


        • #5
          This is my cool sig.

          Comment


          • #6
            Originally posted by Dalai
            This is why you shouldn't use IE. </modetwo+omega>
            \

            Is that... is it... WHY YES! IT IS THE ANTI MICROSOFT BANDWAGON COMING TO TOWN! HOP ON EVERYONE!



            Just playin, Dalai. Hehe.

            Comment


            • #7
              On a further note, even if you don't suffer from popups and other crap, you should download and run those programs. There might be plenty of other malware on your computer, and adaware doesn't neccisarily pick all of them yup as well.

              Comment


              • #8
                Originally posted by -=V12US=-
                Band??

                Comment


                • #9
                  I got this same (or at least something similar) hijack awhile back, took me ages to clean it off. It's an exploit into a MS java implementation bug where the MSVM doesn't check for certain malicious code. Exploiting this bug lets the evil javascript run unchecked and with no security, which then intalls extentions to IE called DHOs. These are raw executables which run at system security levels (i.e., no restrictions) which allows tham to alter anything on the system. I had to run winxp as a command prompt only, then edit rather abstract registry entries to disable the extentions and the startup commands that reenable them if you delete anything related to the hijack. I had thought that by diabling microsoft's java and replacing it with the sun version would keep such hijacks from happening, but apparently what happened on my system is that the MSVM got reinstalled without asking me. :x

                  I got this bugger from a cracks site too, as I was looking for a way to disable the damned annoying windows activation crap. It's apparently part of the ad system these crack sites use to make easy money.

                  Comment


                  • #10
                    Originally posted by Dalai
                    This is why you shouldn't use IE. </modetwo+omega>
                    Opera

                    Mozilla Firebird

                    Originally posted by -=V12US=-
                    Is that... is it... WHY YES! IT IS THE ANTI MICROSOFT BANDWAGON COMING TO TOWN! HOP ON EVERYONE!
                    What? I haven't seen it... yet.

                    v
                    v
                    v
                    v
                    v
                    v
                    v
                    v
                    v
                    v
                    v
                    v

                    This is why you shouldn't use Windows!

                    Well, it isn't safe to expose Windows to the internet (otherwise it's OK).

                    Ahh, there's that bandwagon!
                    No Linux, No Choice.
                    Know Linux, Know Choice.

                    Comment


                    • #11
                      Originally posted by LeatherMan
                      Well, it isn't safe to expose Windows to the internet (otherwise it's OK).
                      I'd also dispute that parenthetical statement.
                      Nearly all men can stand adversity -- if you want to test a man’s character, give him power.

                      Comment


                      • #12
                        Originally posted by DarkBill
                        I'd also dispute that parenthetical statement.
                        Aww, come on! It does turn a computer into a decent gaming console...
                        No Linux, No Choice.
                        Know Linux, Know Choice.

                        Comment


                        • #13
                          yeah i got the same thing but only i said no. the program was SPYBLAST everytime i uninstalled it i would restart my comp and that program would somehow be on. next i went through i searched for all the files and i deleted them and then uninstalled spy blast AGAIN. i restarted my comp again and i was amazed it was gone. then a few days later the program wondered back on so i used adware and nothing came up about it so i left it on disableing it everytime i got on my comp. the only way i could get rid of it was when it "broke".
                          I have sex with my hand!

                          Comment


                          • #14
                            Originally posted by LeatherMan
                            Well, it isn't safe to expose Windows to the internet (otherwise it's OK).
                            URANIUM IS BAD FOR YOUR HEALTH

                            Comment


                            • #15
                              If all else fails (and i mean ALL else) you can replace your "system 32" folder. I've done it before for porblems like this, but it has a tendancey to utterly destroy your HD if something goes wrong (which it usually does).

                              On the other hand, you can trace the pathname and delete the infected file at its source, but that often has the same effect.




                              That's why Windows sucks.



                              *jumps on bandwagon, but falls off*
                              "Just off the border of your waking mind there lies another time, where darkness and light are one. As you tread the halls of sanity, you feel so glad to be unable to go beyond. I have a message from another time."

                              Comment

                              Working...
                              X