Combination to avoid: DailyMail + IE9
-
Can you identify the source site of the virus ? If so I'll add an entry into my hosts file and map it to 127.0.0.0.
Rick York wrote:
Can you identify the source site of the virus ? If so I'll add an entry into my hosts file and map it to 127.0.0.0.
I don't know what the URL for the side-bar ad was. The URL I was on when this happened is : http://www.dailymail.co.uk/news/article-2030415/Siberian-UFO-Film-clip-claims-little-green-men-walking-spaceship-crash.html[^] But if you click that you may or may not get the same ads I did.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
///////////////// -I’m a DHCP server at a local restaurant. This chick came up and asked me for my address, and I told her she was out of my scope -Why do Java Programmers wear glasses? Because they don’t C#
-
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
///////////////// -I’m a DHCP server at a local restaurant. This chick came up and asked me for my address, and I told her she was out of my scope -Why do Java Programmers wear glasses? Because they don’t C#
NightJammer wrote:
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
I rarely download anything, and no I do not use torrents. I am 100% sure this is IE9 related (perhaps through Flash). I just updated my Flash player to the latest! This is my 2nd (or even 3rd) such experience and each tiem it was through IE. The only other apps I run are Visual Studio 2010 and rarely Excel or Word.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
I think the little green aliens got you!!! PS ... works ok on mac !!! ;P
Watched code never compiles.
-
2nd time in a month where I got a virus/trojan just like that. This one was a pain as it installed a hook and monitored for new windows and closed them. So I could not run regedit or task-manager; had to safe-reboot and remove the crap. Fortunately UAC prevented it from running as admin but it still ran as the normal user which was annoying enough. I still cannot believe IE-9 allows an app to download and run without prompting me. :wtf: Chrome lets apps download without prompting me too but it won't run it automatically. Maybe I need to go back to FF however ugly the rendering is. :sigh:
Regards, Nish
My technology blog: voidnish.wordpress.com
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
XAlan Burkhart
-
Charles Oppermann wrote:
By default, Internet Explorer 7/8/9 on Windows Vista and Windows 7 runs in the low integrity mode and shouldn't be able to download/execute anything without user interaction.
Yeah, you'd think so.
Charles Oppermann wrote:
If you've changed your security settings, or turned off Protected Mode, or have a add-in, then maybe. I'm much more suspicious of Flash or another add in.
I have not changed anything. I just double-checked and made sure that protected mode is on and that security level is medium-high.
Charles Oppermann wrote:
I seriously doubt this is an IE9 problem. What was the name of the executiable that got downloaded?
Today, the executable name was defender.exe (but I don't think that has anything to do with it). Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
Regards, Nish
My technology blog: voidnish.wordpress.com
Nishant Sivakumar wrote:
Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
There is a reason flash updates constantly. It is horribly insecure. Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
Curvature of the Mind now with 3D
-
Nishant Sivakumar wrote:
Like you say it may be an issue with the Flash activex. But even then it's surprising that this happened.
There is a reason flash updates constantly. It is horribly insecure. Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
Curvature of the Mind now with 3D
Andy Brummer wrote:
Also, if you were more attractive to advertisers, you'd get served the safe premium ads instead of the 6th level down malware infested el cheapo ads.
How do I achieve that? Maybe I need to click some ads and buy stuff off it?
Regards, Nish
My technology blog: voidnish.wordpress.com
-
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
XAlan Burkhart
Alan Burkhart wrote:
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Regards, Nish
My technology blog: voidnish.wordpress.com
-
NightJammer wrote:
That is very odd. IE; is the king atm, I have to wonder if something got onto your system a different way other then IE, stayed dormant until call, and than you get hit. otherwise it would depend in your security. Do you torrent or downloads much? it is a possibility...
I rarely download anything, and no I do not use torrents. I am 100% sure this is IE9 related (perhaps through Flash). I just updated my Flash player to the latest! This is my 2nd (or even 3rd) such experience and each tiem it was through IE. The only other apps I run are Visual Studio 2010 and rarely Excel or Word.
Regards, Nish
My technology blog: voidnish.wordpress.com
Don't forget that there are more browser plugins than just Flash. Java and Adobe Reader are two popular plugins that frequently get exploited. You should disable those browser plugins; websites requiring Java are rare nowadays, and you can save+open .pdf files manually if you need to. Also, while you are at it, disable the .NET integration in IE (used for ".NET applets" and XBAPs). AFAIK it's not commonly exploited, but it's definitely possible. Bugs in the JIT compiler can often be used to bypass the .NET security, and MS isn't exactly fast with fixing those bugs (read: publicly known bugs are left open for >8 months) Details about such a .NET bug[^] Read this to understand how type system holes are exploitable[^] Browsers other than IE are often more secure on their default settings because not every crap tries to integrate with them.
modified on Saturday, August 27, 2011 10:34 AM
-
Alan Burkhart wrote:
Thus far, FF and Avast have kept me from getting hit with anything. But I stopped liking FF's UI after 3.6. I don't like the new stripped-down look all the browsers have gone to.
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Regards, Nish
My technology blog: voidnish.wordpress.com
Nishant Sivakumar wrote:
I may get myself a good hosts file that will block the more nefarious of these ad servers.
Not a bad idea. Avast and FF have built-in protections against known dangerous websites, which helps a lot. Both get an occasional false positive but I can live with that.
XAlan Burkhart