NBC site redirecting to Exploit kit

I don't know how that combination works --- someone with that set up will have to test!

----
rich

 

This is not entirely true although I have no knowledge of the VT links being examined by an A/V Vendor.

 

What's not entirely true? The ZeroVulnerabilityLabs site list current exploits along with the VirusTotal results.

 

You guys should post the full virus total md5. I'm curious.

 

Virustotal results may be based on default settings for AVs and not include such things as advanced heuristics, etc.

 

That would be a silly thing to exclude from the default settings.

 

http://www.prevx.com/blog/106/Why-using-VirusTotal-for-AV-testing-is-a-bad-idea.html

 

I'm not really interested in that, I just want the md5s.

 

These are some that came in in the last few hours. If you want more or a specific MD5 or URL from our real-time view let me know.

7375208bfc4a09d0ff28553f98c9204d
1aa9416c7f85edaf51b434da02929944
5458e750b49396501a324cfb9af0003f
ed89cf1fdf62b5224752b2a8404b0bb1
d318950c19577cceccde56828f899506
4cad08841b7502bf18f22f40ac03ae6d
a9fa5b4c5a1b08509ad02e5caa426b27
938539b1b3b714c25643a413de264258
432f80949cc7a75f0264a4797a0422bc
47e42e3ac5ba1f599b349a0bf2cb4e64
671080b597039b401bb226210d57e466
8d1713960deba1a42d157e610c7630dc
94e96ccffec8cd00dd17244e41de5972
b8becdfbc1f98bf8fa9cec088a6ced23
7886a6a5e07c2bc737edd62f9f396120
cb6173dadd3b8a3873791903e054cc75
7ddb9d1ac12c55d915d5f95a86779c64
9d114f61573913431afb58c3e328cff6
81ca3fa1048fd8fac732fbda847c4efc
ae4a35eb2e7cf3d0fa2012ed91b7618d
d155f40d2e91746bf08e97b5cb300354
10de52ea656a9126a2bb4c2fccd98527
3d5a25abf8ae540dee68e53bfcc710c4
27e155266daaa0f9252dd9adcaf8e408
0a8ae6d7165f9f501a06d3d4603c0c61
b4dfd70f46c4d1cee980104714d893b0
0ff647f35d5702a198d5e295bae58e6a
24729f3cc3ff98d1d2f2d59dd61fae62

 

Thanks!

 

Hello Nebulus,
Naturally common sense has its place, and I did write, "This is why I think computer users who say they only need to utilize 'common sense' when surfing the net are kidding themselves".

 

I agree. You can't go wrong with a great URL Blocker and HTTP Scanner

 

These exploits didn't utilize zero-day bugs to infect visitor's systems when the site was compromised. Simply having up-to-date software should have protected you, though many visitors usually don't have software like Java always patched fully.

 

With a new zero-day coming out in Java or Acrobat Reader every other week relying simply on being up-to-date is not even close to enough. Install ExploitShield or EMET if you haven't already. Better yet, install both.

 

The exploits used in this particular attack that are the topic of this thread are from last year. In this case, keeping the targeted software up-to-date (even weekly or monthly) would have protected visitors to the hacked site. I was in no way suggesting that software updates alone are enough protection from other types of attacks, like zero-day drive-bys. (Nor am I implying that software security updates be applied at any rate other than as fast as they possibly can.)

EMET does seem to offer some protection from zero-day attacks. I haven't used ExploitShield.

 

I think uninstalling both would be just as effective.

 

Emsisoft's comments:

http://www.emsisoft.com/en/kb/articles/news130227/

 

I guess it depends on what you consider common sense. I personally consider using Sandboxie and having clean images on hand as common sense. That way I can browse whatever I want.

If by common sense people mean they can go at it with no security measures/software in place other than their own discretion while surfing... then that is absurd.

Of course I also consider Paranoid HIPS, and default deny SRP's as common sense too. When you're OCD like me, your common sense seems to encompass a lot more...

 

Hello luciddream,
You make good points.
The common sense I am alluding to pertains to those folks who say they use it in place of a particular security app. Forex, you might hear someone say, "I don't need a bunch of programs to protect me, just common sense". Those are the people I was referring to when I wrote, "This is why I think computer users who say they only need to utilize "common sense" when surfing the net are kidding themselves.
Would common sense have told them to stay away from nbc[.]com today?".

Using Sandboxie, to my way of thinking, is more of a decision predicated upon security product research and threat awareness than it is common sense. But like I noted earlier, your points are good ones, and I am not disagreeing really, just clarifying what I meant.

 

"Buy Emsisoft Anti-Malware and you'll be safe." Yay.

 

The idea that common sense is being able to set up a program like sandboxie and maintain system images... how exactly would you expect that to be "common" ?

I think the term "common sense" has just lost all meaning at this point.

 

Right, common sense to me, as it pertains to computer security, means that you must be careful. It does not mean that you should use one program over another. As for it losing all meaning, I think not, though it is clear that the definition or concept is being stretched a bit here and there.

As it applies to this thread, the NBC site redirect problem is a fine example of how common sense can let you down, if that is all you feel you need to protect yourself from the hazards that await you online.

 

"Common sense" is a complete misnomer in this case IMO. Computer related stuff is specialized knowledge. It's a matter of education and experience, not common sense.

I know, "user education," boo. The problem is that computers are counterintuitive by their nature. People who know almost nothing about them cannot be reasonably expected to use them safely, no matter how many layers of automated "security" are slapped on.

All security decisions ultimately lead back to the user, directly or indirectly, and you cannot expect an ignorant user to make the necessary informed decisions.