Mainstream Web sites spreading back-door infections

Mainstream Web sites spreading back-door infections

http://news.zdnet.co.uk/internet/security/0,39020375,39158636,00.htm

Robert Lemos
CNET News.com
June 25, 2004, 08:40 BST

Surfers visiting trusted Web sites, such as banks and merchants, are falling victim to organised-crime groups that have exploited two Internet Explorer flaws to hide attacking code

Security researchers warned Web surfers on Thursday to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.

The researchers believe that online organised crime groups are breaking into Web servers, surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.

The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site.

More

I've been on sites where my firewall has gone nuts and refused to let programs into my computer. Later I've found that those sites were ones with such programs. These were independent sites, though. Is the programming language being used by the criminals more sophisticated?

You need to have anti-virus. A firewall will only really help with network based attacks (which these are), but anti-virus sees the infected code.

:think:

Here's what I wrote to the teachers on my web site so far. I haven't gotten to the firewall part, but zonealarm free does work. Perhaps others have further suggestions.

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

I recommend downloading and using an alternate browser (these have all evolved from Netscape):

http://www.mozilla.org/

My favorite is Firefox, but Mozilla is more popular overall.

If you don't use virus protection, do so now. Keep it updated - automatic updates are the best. My virus protection has updated itself a few times in the past twenty-four hours, probably in response to the alert above.

I use and recommend Trend's PC-Cillin for overall ease of use and effectiveness. I have used it for years and it's saved my butt a few times. The package also includes a firewall. Do the thirty day trial.

http://www.trendmicro.com/en/home/us/personal.htm

(Right on the front page: Trend Micro PC-cillin Internet Security)

You should also be using software to help you detect spyware. For many of you, cleaning up your computer with spyware detection software will speed up your computer tremendously. I bet more than 50% of you are already infected with some sort of spyware. The software below is free. These must be updated often to remain effective

Proactive (protects against spyware - make sure you do the full innoculate):

http://www.javacoolsoftware.com/

Reactive (scans for and cleans up spyware - I use both programs below, since each can catch what the other can't):

http://www.safer-networking.org/index.php?page=home
http://lavasoft.element5.com/default.shtml.en

I have noticed a hell of an increase in these buggers over the past 90 days. There's one called Download.trojan that Norton can recognize but can do nothing about, for instance. Many more just sail past Norton AND a firewall, apparently. I had to use FIVE separate programs to get rid of all the spyware in just one box at work.

:argh:
dbt

The article says that Macs are unaffected.

Here's a recent DU Thread, "Mac OS X security myth exposed."

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=105&topic_id=1320084

ON EDIT: POSTED IN WRONG SPOT. Sorry. This is in reference to POST 6. Need more coffee....

Laughs at these feeble attacks.

Why you people continue to run Redmond's PoS OS is beyond me. But do keep running it. I fix it and make money. I like making money.

Meanwhile, Linux is free.

Oh well, so much for today's logic exercise...

Using MS OSes on the web is like putting a big target on your back.
(And, they are annoying to maintain too.)

coolweb it hijacks and misdirects, puts all kinds of nasty crap on your computer, it morphs so the fight is constant. If you go to http://www.merijn.com you can download tools to fight this bugger. Also you need to get spybot search and destroy, plus a firewall, but these people (probably republicans) just laugh at firewalls.
Thdere is a foreum designed to help with computer problems caused by crap like this, http//www.spywareinfo.com if you have problems you can go there and get help.
We need a world court to deal with this crap.

...how it works, and how to get rid of it:

<http://www.spywareinfo.com/~merijn/cwschronicles.html>

I personally downloaded one of their tools called "CWShredder", because my browser had somehow gotten hijacked and was redirecting me to places I did not want to go. Now I use CWShredder every day without fail. As they recommend, check back for updates as often as you can. Here's the page that you can use to download CWShredder:

<http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder>

Another tool that I use is Ad Aware because I have seen it pick up spyware that Spybot may miss, and vice versa:

<http://www.lavasoftusa.com/software/adaware/>

Go to the right-hand menu and click on the phrase "Our software" located right below the word "DOWNLOAD".

In case you want all of this information in one post, here is the link to Spybot Search & Destroy:

<http://spybot.safer-networking.de/>

Click on "Download" in the top menu bar.