Combination to avoid: DailyMail + IE9
-
I'm surprised your AV didn't pick it up :confused:
Steve _________________ I C(++) therefore I am
I have Microsoft Security Essentials but it's not been very useful with this sort of thing.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't. I'm very skeptical without more details.
/* Charles Oppermann */ http://weblogs.asp.net/chuckop
-
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't. I'm very skeptical without more details.
/* Charles Oppermann */ http://weblogs.asp.net/chuckop
Charles Oppermann wrote:
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't.
I'm very skeptical without more details.I was reading an article on dailymail (the UK newspaper). They have side-bar ads some of which are malicious. An exe file got downloaded (without asking me) to C:\Users\LoggedInUser\AppData\Roaming and then ran. Yes it just ran. It tried to request UAC elevation and I got a prompt for that. I clicked No, and then it continued to run as the logged-in user. It kept closing every window I opened (tried Notepad, task-manager, and regedit). And this is not the first time it's happened. It may be a buffer overflow exploit in IE or it could be a buffer overflow in the flash activex. Either way, it sucks!
Regards, Nish
My technology blog: voidnish.wordpress.com
-
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't. I'm very skeptical without more details.
/* Charles Oppermann */ http://weblogs.asp.net/chuckop
Charles Oppermann wrote:
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't.
Perhaps some of the people who're spamming CP with urls are switching from SEO to DRO (download reputation optimization) and are getting paid a few pennies file to download malware over and over again to pump up its reputation scores until it stops triggering warnings...
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
-
Charles Oppermann wrote:
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't.
I'm very skeptical without more details.I was reading an article on dailymail (the UK newspaper). They have side-bar ads some of which are malicious. An exe file got downloaded (without asking me) to C:\Users\LoggedInUser\AppData\Roaming and then ran. Yes it just ran. It tried to request UAC elevation and I got a prompt for that. I clicked No, and then it continued to run as the logged-in user. It kept closing every window I opened (tried Notepad, task-manager, and regedit). And this is not the first time it's happened. It may be a buffer overflow exploit in IE or it could be a buffer overflow in the flash activex. Either way, it sucks!
Regards, Nish
My technology blog: voidnish.wordpress.com
By default, Internet Explorer 7/8/9 on Windows Vista and Windows 7 runs in the low integrity mode and shouldn't be able to download/execute anything without user interaction. If you've changed your security settings, or turned off Protected Mode, or have a add-in, then maybe. I'm much more suspicious of Flash or another add in. I seriously doubt this is an IE9 problem. What was the name of the executiable that got downloaded?
/* Charles Oppermann */ http://weblogs.asp.net/chuckop
-
By default, Internet Explorer 7/8/9 on Windows Vista and Windows 7 runs in the low integrity mode and shouldn't be able to download/execute anything without user interaction. If you've changed your security settings, or turned off Protected Mode, or have a add-in, then maybe. I'm much more suspicious of Flash or another add in. I seriously doubt this is an IE9 problem. What was the name of the executiable that got downloaded?
/* Charles Oppermann */ http://weblogs.asp.net/chuckop
Charles Oppermann wrote:
By default, Internet Explorer 7/8/9 on Windows Vista and Windows 7 runs in the low integrity mode and shouldn't be able to download/execute anything without user interaction.
Yeah, you'd think so.
Charles Oppermann wrote:
If you've changed your security settings, or turned off Protected Mode, or have a add-in, then maybe. I'm much more suspicious of Flash or another add in.
I have not changed anything. I just double-checked and made sure that protected mode is on and that security level is medium-high.
Charles Oppermann wrote:
I seriously doubt this is an IE9 problem. What was the name of the executiable that got downloaded?
Today, the executable name was defender.exe (but I don't think that has anything to do with it). Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
Charles Oppermann wrote:
Hang on now. Can you give some more details? What actually got installed. IE9 reputation-based downloads should prevent this and would be considered a major bug if it didn't.
Perhaps some of the people who're spamming CP with urls are switching from SEO to DRO (download reputation optimization) and are getting paid a few pennies file to download malware over and over again to pump up its reputation scores until it stops triggering warnings...
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius
Dan Neely wrote:
Perhaps some of the people who're spamming CP with urls are switching from SEO to DRO (download reputation optimization) and are getting paid a few pennies file to download malware over and over again to pump up its reputation scores until it stops triggering warnings...
Even then it shouldn't be allowing an executable to run.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
-
Can you identify the source site of the virus ? If so I'll add an entry into my hosts file and map it to 127.0.0.0.
Rick York wrote:
Can you identify the source site of the virus ? If so I'll add an entry into my hosts file and map it to 127.0.0.0.
I don't know what the URL for the side-bar ad was. The URL I was on when this happened is : http://www.dailymail.co.uk/news/article-2030415/Siberian-UFO-Film-clip-claims-little-green-men-walking-spaceship-crash.html[^] But if you click that you may or may not get the same ads I did.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
///////////////// -I’m a DHCP server at a local restaurant. This chick came up and asked me for my address, and I told her she was out of my scope -Why do Java Programmers wear glasses? Because they don’t C#
-
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
///////////////// -I’m a DHCP server at a local restaurant. This chick came up and asked me for my address, and I told her she was out of my scope -Why do Java Programmers wear glasses? Because they don’t C#
NightJammer wrote:
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
I rarely download anything, and no I do not use torrents. I am 100% sure this is IE9 related (perhaps through Flash). I just updated my Flash player to the latest! This is my 2nd (or even 3rd) such experience and each tiem it was through IE. The only other apps I run are Visual Studio 2010 and rarely Excel or Word.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
I think the little green aliens got you!!! PS ... works ok on mac !!! ;P
Watched code never compiles.
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
XAlan Burkhart
-
Charles Oppermann wrote:
By default, Internet Explorer 7/8/9 on Windows Vista and Windows 7 runs in the low integrity mode and shouldn't be able to download/execute anything without user interaction.
Yeah, you'd think so.
Charles Oppermann wrote:
If you've changed your security settings, or turned off Protected Mode, or have a add-in, then maybe. I'm much more suspicious of Flash or another add in.
I have not changed anything. I just double-checked and made sure that protected mode is on and that security level is medium-high.
Charles Oppermann wrote:
I seriously doubt this is an IE9 problem. What was the name of the executiable that got downloaded?
Today, the executable name was defender.exe (but I don't think that has anything to do with it). Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
Regards, Nish
My technology blog: voidnish.wordpress.com
Nishant Sivakumar wrote:
Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
There is a reason flash updates constantly. It is horribly insecure. Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
Curvature of the Mind now with 3D
-
Nishant Sivakumar wrote:
Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
There is a reason flash updates constantly. It is horribly insecure. Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
Curvature of the Mind now with 3D
Andy Brummer wrote:
Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
How do I achieve that? Maybe I need to click some ads and buy stuff off it?
Regards, Nish
My technology blog: voidnish.wordpress.com
-
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
XAlan Burkhart
Alan Burkhart wrote:
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
NightJammer wrote:
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
I rarely download anything, and no I do not use torrents. I am 100% sure this is IE9 related (perhaps through Flash). I just updated my Flash player to the latest! This is my 2nd (or even 3rd) such experience and each tiem it was through IE. The only other apps I run are Visual Studio 2010 and rarely Excel or Word.
Regards, Nish
My technology blog: voidnish.wordpress.com
Don't forget that there are more browser plugins than just Flash. Java and Adobe Reader are two popular plugins that frequently get exploited. You should disable those browser plugins; websites requiring Java are rare nowadays, and you can save+open .pdf files manually if you need to. Also, while you are at it, disable the .NET integration in IE (used for ".NET applets" and XBAPs). AFAIK it's not commonly exploited, but it's definitely possible. Bugs in the JIT compiler can often be used to bypass the .NET security, and MS isn't exactly fast with fixing those bugs (read: publicly known bugs are left open for >8 months) Details about such a .NET bug[^] Read this to understand how type system holes are exploitable[^] Browsers other than IE are often more secure on their default settings because not every crap tries to integrate with them.
modified on Saturday, August 27, 2011 10:34 AM
-
Alan Burkhart wrote:
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Regards, Nish
My technology blog: voidnish.wordpress.com
Nishant Sivakumar wrote:
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Not a bad idea. Avast and FF have built-in protections against known dangerous websites, which helps a lot. Both get an occasional false positive but I can live with that.
XAlan Burkhart