We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
One more to watch for.
Options
spud17
Posts: 4,433 Forumite
in Techie Stuff
Courtesy of Windows Secrets.
MSE? Mmmm?
http://windowssecrets.com/2011/04/07/01-LizaMoon-infection-a-blow-by-blow-account/#story1
MSE? Mmmm?
http://windowssecrets.com/2011/04/07/01-LizaMoon-infection-a-blow-by-blow-account/#story1
Move along, nothing to see.
0
Comments
-
I've never seen it. I've only seen the other one once. It does make me wonder what sites people are visiting
0 -
I've seen one site reported on another forum, which was the first I heard of it...
IIRC, websense was one of the first to spot this one:
http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
-
Avast is now reporting the google search itself as a trojan, but wasn't earlier.
I'd guess this is because (if you are using firefox that is
) firefox prefetches the first search result (maybe more) in case you want it so it can load faster. So that may be a reason...
By originally, what do you mean? The site I mentioned where I first saw this was on 30th march and in the avast forum.Originally it was letting me go to the affected sites without complaint, and Malwarebytes realtime didn't make a peep either when visiting infected sites even though MBAM was quicker than most antivirus companies to update their webguard for lizamoon.
(i.e. a hacked site with lizamoon was reported as being an FP)
the lizamoon domain was blocked by network shield then.
Also, now that you have included that script, I am now getting alerts on sessionstore.js...-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
By originally, what do you mean? The site I mentioned where I first saw this was on 30th march and in the avast forum.(i.e. a hacked site with lizamoon was reported as being an FP) the lizamoon domain was blocked by network shield then.
Also, now that you have included that script, I am now getting alerts on sessionstore.js...
Oh the firefox prefetch would it explain it, thanks.
On the 1st of April, Avast didn't prevent me from accessing infected sites containing the malware script. I never went to the original Lizamoon domain, rather wanted to test what would happen on infected sites.
Few were even detecting the file downloaded either at the time:
http://www.virustotal.com/file-scan/report.html?id=cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c-1301586582
Compared to a few days ago:
http://www.virustotal.com/file-scan/report.html?id=cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c-1301722562
People can easily get the script from the screenshot or by searching for it, so I've deleted it.0 -
It is not "questionable sites" that are the problem, it is normal sites which serve up third party adverts where the advert has been hacked.
That was for the System Tools infection, but it's not ads in this new infection. My understanding of the 'lizamoon' Windows Stability Centre rogueware is that it has spread through an SQL injection exploit, sticking a script onto affected webpages that directs the browser to download a file from a certain site.
It's true that any site can be infected, including government webpages (such as the Department of Energy which had the infected script present at one point).
The lizamoon infection has been plugged up pretty quickly from the user side of things, but the vulnerability itself needs patching otherwise someone will come along and use it more effectively.0 -
That's interesting...wonder why that is...avast alerts for me on the script if placed in a text file, so the detection is still there...
I only tested the connection to the actual site as an extension of trying to find out about the reported site. (wasn't actually aware of the hack at the time)
The detection has been there since the definitions on the 30th...
Do you use NoScript?
I have had some occurrences when the script isn't being called (because of NS) and therefore no alert. Allow the page and the alert appears, since the connection is attempted. Not sure if this is the reason or not, since the sites in a google search seem to have been cleaned from it. (visiting the page and viewing source - no lizamoon)
Otherwise I have no idea...-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
I'd guess this is because (if you are using firefox that is) firefox prefetches the first search result (maybe more) in case you want it so it can load faster. So that may be a reason...
:eek:
well I've turned off prefetching now, did a few tests and I couldnt notice any difference in web page loading (made sure cache was cleared so as not to affect results)
no idea if you could ever get a virus off prefetching but, since it doesnt affect load times, better to be safe than sorry :cool:0 -
The bit that caught my attention, remember I'm an amateur, was that MSE was useless.
Is this the same for all AVs, or does it specifically target MSE users?
Windows Secrets has been praising MSE for a while, but on this forum some people, myself included, have started to question it's performance.Move along, nothing to see.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards