You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

You practice safe computing, so why do you still see malware? [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » General Discussion Donate to DU
DainBramaged Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Nov-13-11 02:45 AM
Original message
You practice safe computing, so why do you still see malware?
Advertisements [?]
Quite regularly, I get feedback from our customers that they've found malware on their computer, and don't know how it got there.

While you may think this is due to malware exploiting unpatched bugs in the Windows operating system, it isn't: these customers are predominantly using OS X, and they usually have all the latest patches applied. However, the malware they're finding is indeed often for MS Windows operating systems.

So are they infected? How did it happen? How COULD it happen?

The real story is both simple and a bit disturbing: our scanners are detecting these files in a few key locations: the email cache folder, email attachments folder, web cache folder, web downloads folder, and the Java web cache folder. See a pattern here?

These people are victims of drive-by downloads and malicious spam campaigns. Without visiting any shady parts of the internet, they have managed to pick up a collection of malware that, if successfully run, would likely result in their computer becoming part of a botnet.

EXAMPLES


Troj/Gida-A: drive-by Adobe Flash download that downloads and installs botnet software

Exp/MS04-028: drive-by JPEG download (can also show up as a false positive in partial jpeg images as it's an exploit detection) that can execute privileged code on un-patched Windows computers

Mal/JavaDldr-B: drive-by Java download that downloads and installs more malware

Mal/Iframe-AA: drive-by JavaScript in hidden IFrame that redirects the user to a page that detects what their system is vulnerable to, and attempts to exploit those specific vulnerabilities with the aim that the target joins a botnet

Mal/Iframe-AD: drive-by malicious HTML IFrame used in SEO-poisoned search results (often image searches)

Via email:

Mal/BredoZp-B: BredoLab botnet-generated, arrives via email

Mal/ChepVil-A: BredoLab botnet-generated, arrives via email

Troj/Invo-Zip: Zeus botnet-generated, arrives via email. Can also show up as a false positive in incomplete temporary zip files, as it's an exploit detection.

http://nakedsecurity.sophos.com/2011/11/12/you-practice-safe-computing-so-why-do-you-still-see-malware/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security
Printer Friendly | Permalink |  | Top
 

Home » Discuss » General Discussion Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC