Just to get an impression of the actual risk, let's run this thread for a year. Please state your malware encounter in the wild. When possible mention some details of the event (e.g. malware name or action prevented) Categories ------------------------------------------------------------------------------------------------------------------------ URL: one of your security mechanisms warned you for a blacklisted website MAL: one of your security mechanisms warned you for a blacklisted program POP: one of your security mechanisms warned you for a suspicious action/intrusion INF: one of your security mechanisms informed you of an infection (post mortum warning)
POP - Eset web filter detection: 12/16/2015 11:53:07 AM HTTP filter file http://x1a0ran.blog.com/2012/09/23/writing-backdoors-to-bypass-anti-virus-and-app-whitelisting-for-fun-and-for-profit Win32/Agent.QKN trojan connection terminated - quarantined XXXX\xxx. Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
Maybe, but let's see how many or how few posts are added in 2016. Question: Let's keep this thread "clean" solely for reporting incidents for easy counting (thx itman)
DO NOT post links to possible malware in this thread. Read this. https://www.wilderssecurity.com/thr...curity-competition.304658/page-2#post-1915286
Posted this in another thread. Since posting it, I the zipped .js malware attachment emails have stopped, more than likely because they are completely blocked by the gmail system at this point. The main point of interest is that malware can be coded directly with javascript and using whitelisting script blockers like noscript and uMatrix is advisable these days. A modern browser is a javascript interpreter and javascript can be used to code malware just like any other programing language. https://www.wilderssecurity.com/threads/ransomware-protection.382452/page-2#post-2550955 My AV just found one piece of malware in the past year. It was an unwrapper for Givewayoftheday files that carried a trojan and I should have known better than to download it in the first place. My bad. GOTD is not that great of a giveaway site these days anyway and it is better to look for free software licenses from giveaway sites that don't use technologies like Therimin to wrap their downloads.
URL - Emsisoft Anti-Malware Web Protection Here's the entire log entry from mid-August. Emsisoft Anti-Malware - Version 11.0 SP log Date PID Application Event Detection
URL & MAL - Eset Web Filter 12/21/2015 1:18:51 PM htxp://static.uniblue.com/media/spacecleaner/sc-post-script.min.js Blocked by PUA blacklist C:\Program Files\Internet Explorer\iexplore.exe 54.182.4.22312/21/2015 1:18:51 PM htxp://static.uniblue.com/media/uniblue/loadjscss.js Blocked by PUA blacklist C:\Program Files\Internet Explorer\iexplore.exe 54.182.4.22312/21/2015 1:18:51 PM htxp://static.uniblue.com/media/uniblue/js.cookie.min.js Blocked by PUA blacklist C:\Program Files\Internet Explorer\iexplore.exe 54.182.4.22311/5/2015 6:54:37 PM htxp://www. google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=54&ved=0CCoQFjADODJqFQoTCN6dor69-sgCFUSZHgodu3oAiQ&url=htxp://www. nsanedown.com/?news=276335631&usg=AFQjCNF_2jJv1XH59dmdY8wKLk4rXrIEwA&bvm=bv.106923889,d.dmo Blocked by internal blacklist C:\Program Files\Internet Explorer\iexplore.exe 2607:f8b0:4009:807::101310/28/2015 6:08:36 PM htxp://www. amtso.org/check-desktop-phishing-page Blocked by Anti-Phishing blacklist C:\Program Files\Internet Explorer\iexplore.exe 185.67.201.3510/20/2015 9:48:45 AM htxp://tds.finconst.ru/1934G?keyword=Dso+Exploit+Spybot+Patch&charset=utf-8 Blocked by PUA blacklist C:\Program Files\Internet Explorer\iexplore.exe 46.29.160.147
Hi Kees I am not sure what you are trying to establish, but I have a hunch it will not produce anything meaning. Who is going to take the time to do this faithully through out the year. And then there is how to count. I got a lot of stuff I know is malware, but I never open it, so no count. Then at times I will test the malware against my set up, so I get four artificial detections. Both cases yield invalid data. Then the problem is if no one posts for a while the thread disappears, and I wouldn't recommend constant updating to keep it in the fore. I would suggest there are much better sources for this information then this type of thread. Pete
True as I can't remember the last time I was ever infected? Whatever Security Products that we might use the thing between our ears it the most important. Daniel
My guess is that most of us prepare for something which is most likely not going to happen. So by only reporting real encounters (not self initiated tests), the number of post would reflect the real encounters.
