PDA

View Full Version : Hackers Spreading Spyware From Free Personal Web Sites

ronjor
July 25th, 2005, 07:14 PM
-{ Quote: " Attackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code, and to infect users with worms, viruses, and spyware, a security firm said Monday." }-
Story (http://www.techweb.com/showArticle.jhtml?articleID=166402258)
tom772
July 25th, 2005, 07:20 PM
-{ Quote: "Story (http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=166402)" }-
Ronjor the story is not accessable any longer at the link provided?
ronjor
July 25th, 2005, 07:31 PM
It's fixed. Thanks.
tom772
July 25th, 2005, 07:36 PM
-{ Quote: "It's fixed. Thanks." }-
I've heard and even come across sites that have been hacked and contain dangerous code, but this is just terrifiying!
ronjor
July 25th, 2005, 07:45 PM
No end in sight to this battle Tom.
reststop
July 26th, 2005, 05:54 AM
So lets say we did get enticed to visit one of these sites, how would they install the keyloggers? Is it an active x exploit? Or some flaws in the OS? Or some other way? I would like to avoid becoming infected with malware. They really should say in the article how to stop getting infected with malware if you should visit the sites.
ronjor
July 26th, 2005, 06:26 AM
Here is some info. CERT (http://www.cert.org/tech_tips/malicious_code_FAQ.html)

Another link (http://www.computerworld.com/securitytopics/security/story/0,10801,103380,00.html?source=x73)
Starrob
July 26th, 2005, 11:34 AM
Very interesting


-{ Quote: "Here is some info. CERT (http://www.cert.org/tech_tips/malicious_code_FAQ.html)

Another link (http://www.computerworld.com/securitytopics/security/story/0,10801,103380,00.html?source=x73)" }-
tom772
July 26th, 2005, 11:05 PM
-{ Quote: "Here is some info. CERT (http://www.cert.org/tech_tips/malicious_code_FAQ.html)

Another link (http://www.computerworld.com/securitytopics/security/story/0,10801,103380,00.html?source=x73)" }-

Ronjor, this is what is recommend, but it still dosnt plug every hole!?!
''The most significant impact of this vulnerability can be avoided by disabling all scripting languages. Follow the steps below to turn off options in your web browser that allow malicious scripts to run. If you're not using a current version of Internet Explorer, Netscape, or Mozilla you might need to modify the steps.

Note that even with scripting disabled, attackers may still be able to influence the appearance of content provided by a legitimate site by embedding other HTML tags. In particular, malicious use of the <FORM> tag is not prevented by disabling scripting languages.''

Regaurds
T