Best defense against trojans that use javascript to slip in when you open websites?

I got a trojan just by visiting a website, but Kaspersky alerted me to it and allowed me to delete it. The name of it was "Trojan.PSW.Sagic.14".

Since I had ActiveX and the java applet feature disabled in my XP Internet control panel, I have to assume the hacker used my browser's javascript to slip me the trojan. (I use the latest version of Mozilla.) This is very disturbing to me, since it feeds my paranoia by proving I can get trojans just by clicking on websites. And disabling javascript isn't much of an option, since having it enabled is mandatory in order to utilize important features on a large percentage of websites.

However, I don't want to rely on an anti-virus program to detect trojans, as I believe a specialized program is the only sensible protection against trojans. And for me, the most important feature in a trojan detection program is the ability to detect known and UNKNOWN trojans that sneak in via javascript when you click on malicious (or compromised) websites.

So my quest is to find the program that has the best reputation for instantly detecting/stopping trojans that utilize javascript. And I would appreciate it if someone could point me in the right direction, as far as their personal experience, reviews that pertain to javascript trojans, etc.

Thanks in advance,
Cassidy

 

Re: Best defense against trojans that use javascript to slip in when you open website

Hey cassidy


Would one of these work? and or are you maybe talking the HTA problem?

WormGuard, HTAStop, ScriptSentry, ScripTrap
you may also like to check on more reading including IFRAME

http://www.anti-keyloggers.com/spy_v_antispy.html

Bruce

 

Re: Best defense against trojans that use javascript to slip in when you open website

Ditching IE for another browser is another solution

 

Re: Best defense against trojans that use javascript to slip in when you open website

Good question.
How do you de-fang javascript?
FireFox has just a few options for controlling javascript (like stopping status bar modification for spoofing link URLs).
But does FF block by default the really harmful javascript activities that would allow trojanous activity?
What are the dangerous Javascript functions that should be removed or restricted?
The benign Javascript functions should still be preserved (like image swapping).
Maybe there is a way to control this within FF (about:config) ?

Is there a way to de-fang javascript externally say with Proxomitron?

 

Hop A. Long, I may be wrong about this but I don't believe there's such a thing as a "script trojan". I mean a script can be used to install a trojan but then that would be the script's only purpose. In which case the Script Sentry program Controler was talking about would do the job for you. Also, I believe that you can protect yourself against trojans by closing ports on your computer (or hiding them with a firewall) and you should be ok no matter what browser you use (I use IE, no problems yet!).

 

Re: Best defense against trojans that use javascript to slip in when you open website

Script Sentry seems to block HTA exploits like WormGuard.
But does the web browser's Javascript even use WSH?
Isn't the WSH only used when you run a script outside of the browser?
My concern is the same as Hop A. Long, getting a trojan (or other malware) dropped on you via Javascript exploits.
What is the most effective way to remove this type of threat without disabling the benign javascripts (like image swaps)?

 

Re: Best defense against trojans that use javascript to slip in when you open website

Hi Bruce

I'll check those programs out, thanks. What is the "HTA problem"?

IFRAME is evil! The remote scripting it allows just makes javascript that much more of a security risk--and it will only get worse.

Cassidy

 

Re: Best defense against trojans that use javascript to slip in when you open website

I was using Mozilla when it happened.

 

You guys will have to excuse me I don't seem to be hip on the "lingo" . I'm talking about such abbreviations as IMO, HTA and WSH. If someone could clear that up for me that'd be great. Also, I've heard about the HTA problem but can't find any info can someone please provide a link? I also have an experience I'd like to share...

I was at my friend's house helping him speed up his internet so we went to pcpitstop.com. The site said there was a simple registry change that may help so we clicked on the link. Apperantly his firewall had script blocking capabilities cuz it intercepted the script. We allowed it to run, rebooted and we were done. I believe Script Sentry should do this for you too. BTW Devinco, your post says "Script Defender" when you're actually linking to Script Sentry.

 

Re: Best defense against trojans that use javascript to slip in when you open website

No browser allows you to defang javascript--your only option to avoid trojans that utilize it is to disable it 100%. (As not even TDS-3 can stop all trojans.) This is probably because it CAN'T be defanged, since the good stuff needs the same poison the bad stuff uses.

Hmm, a service like Proxomitron may be a solution--certantly worth some research.

 

Re: Best defense against trojans that use javascript to slip in when you open website

Thanks Ronjor!

That is just too cool!
Yet another reason for Proxomitron.

Besides Proxo, isn't there something that can be done within FF besides the Tools/Options/Web Features/Advanced?
Is there anything in about:config or maybe there is some kind of javascript:config?
FF is so configurable. Is there such a thing within it?

 

Re: Best defense against trojans that use javascript to slip in when you open website

The research I've done indicates that your browser's javascript can definitely allow a malicious website to sneak a trojan onto your PC, simply by opening the website. Which is why I'm sure that's how I got the trojan described above, particularly since I was on a hacker oriented website at the time (doing research to make my computer more secure).

As far as ports are concerned, my firewall has them all invisible to hackers, according to independent testing I've done. (I'm currently using the Norton firewall, but will be switching to Sygate Pro.)

Script Sentry was designed for 98/NT/ME/2000 and merely allows you to control which scripts are executed--so I don't think it's a practical solution. As what good are constant pop-ups asking me if I want to allow a javascript to execute, since I have no way of knowing whether a website will use it to sneak in a trojan.

 

Re: Best defense against trojans that use javascript to slip in when you open website

Ronjor

I have FF too. But could you tell me which version of Proxomitron should I download.

I read somewhere on this forum that Proxomitro might not be compatible with some programmes? Is that right?

Will it give conflict to McAfee, Ad-aware, Javacools programmes: SpywareBlaster, SpywareGuard, MRU Blaster, ShootTheMessenger and SpySweeper etc., any conflict with other softwares? Also other firewalls?

Cheers

Chew

P/s: I thought Proxomitron was for IE only ?

 

Re: Best defense against trojans that use javascript to slip in when you open website

Everyone,

Sorry for the slight hijack of the thread here.

Thanks Ronjor for the info.

Will read and check it out soon.

Cheers

Chew

 

Re: Best defense against trojans that use javascript to slip in when you open website

I sifted through the Firefox about:config for anything Javascript related and here is what I found. Note DOM (Document Object Model) is used a lot by Javascript so I included it here.
Does anything here look like a Javascript liability (ie exploitable for trojan dropping)?
If there is another Javasript related configuration file for FF that would have some options, please post.
Of course Proxomitron is a great solution, but beginners may shy away from it.

 

Re: Best defense against trojans that use javascript to slip in when you open website

http://texturizer.net/firefox/tips.html#beh_window_open_feature

 

Re: Best defense against trojans that use javascript to slip in when you open website

http://home.att.net/~cherokee67/ns7userjs.html
will this help?

 

Re: Best defense against trojans that use javascript to slip in when you open website

How will Proxomitron allow you to use javascript and avoid trojans at the same time?

 

Re: Best defense against trojans that use javascript to slip in when you open website

Thanks Ronjor and iceni60.

I am going through the linked articles now.

But I am at a loss. I have beginning Javascript knowledge, but I don't know what the bad guys are exploiting in Javascript.
We need to find out specifically what needs to be blocked first.
How can this be determined?

I will read through the articles and see if anything that appears "dangerous" jumps out at me.

 

Re: Best defense against trojans that use javascript to slip in when you open website

Thanks Ronjor. Good ones.

From the first article:

So, can Javascript control Firefox Extensions(plugins) which are then made to drop a trojan?
If yes, then one solution would be to not have any extensions installed.
Another solution would be to find out what in Javascript allows it to control (or interact with) an extension and block it.
Where can I find what is needed to block it, if at all?

From the second article:

Java is usually more dangerous than Javascript so I keep it disabled.
This confirms that it can interact with plugins, but Firefox Extensions too?

So is this JavaScript ability to execute some "other action" already removed from Firefox?
Maybe the developers already thought of all this and defanged Javascript within Firefox.