OnlineArmor warning just in a Google search result listings

Here's something new [for me anyhow].

I was mucking around earlier today, looking for 'big' funny things towns have as their 'icon' as in Big bananas, big etc etc. and searched for 'big pineapple' and just from the Google search results, Online Armor popped up warning me of one of the sites wanting to run an 'Applet' and that was just in the result listings, let alone going to the actual site.

What an easy way to get infected by something nasty or am I mistaken.
This was using Firefox.

Cheers, TAS

 

Tassie - Went to site and got multiple active X prompts which I denied and popup ads. I finally Alt-F4 the whole site. I am running Outpost and KAV.

 

A lot of times Firefox will "Preload" a site to make it faster in loading when you go there. I had noticed a fair amount of this kind of thing while using OA.

 

There's a link on the page to imrworldwide aka Redsheriff, fairly infamous for using java applets for tracking purposes.

But otherwise not really a big danger.

Does online Armor alert on every applet?

 

Using Opera:

With Java enabled, a flash applet loads on that page.

With Java disabled, a stationary advertisment loads in it's place.

 

thanks guys for replies.

Notok...Preloading explains it then.

deviladvocate: OA alerts on ALL ActiveX/Applets regardless of site, you have to either Block/Allow.
I usually just block without checking the 'Do not ask again' box, so if needs be, I can go back to site, allow it to load and take a gander.

Rmus: Yep, tried it, and as you say.

Cheers, TAS

 

hmm that is interesting, however i do not beleive preloading is in the default behavior or firefox. Did you use an extention like fasterfox ? if so you should really disable preloading. There was a bit googleaccelerator hipe about how dangerous prealoding is. For example you move over the link to delete a post and in the action of preloading you effectively delete that post. Even if it should not happen with carefull webmaster it's a risk.

 

Try using DropMyRights.exe
So no matter what happens you're safe anyway. Don't give the browser admin rights. Or if you're running in XP Professional as a limited user that's ok.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp

 

I disabled my fasterfox. www.dnsstuff.com will not work if it detects that you're running with fasterfox enabled. Yes, preloading only works if you have fasterfox installed and running.

 

I agree.

 

Personnaly i would not use thing such as dropMyrigth
Even if it help as it robably disable access to HKLM
I beleive it still can infect HKCU or find other way to escalate it's privilege
This being said, statement such as "So no matter what happens you're safe anyway." is a bit of false security i beleive. Anywais as another layer of security, yes it's usefull.

------------------------------
hmm sorry if this is of topic but

kingkong 8687
mrs kingkong
mr kingdong

Strange familly of monkey isnt it ?

 

ahhh the penny dropeth.... Yep.... using FasterFox hmmm....okie, turned off Prefetching [presume it's the one see pic]

thanks f3x

TAS

edit: I've now tried that exact same thing as my first post, and this time 'no' alerts, so it was the Prefetching as you said f3x
TAS

 

Why do some people give advice like dont run as an admin?
If a program has NO administrator rights, any type of malware wont have enough privileges to infect any part of the system at all! Read the spywareinfo newsletter, it has one article on DropMyRights.
So, tell me what other ways do the malware have to bypass dropmyrights.
It blocks access to hkey local machine and infects heky current user in the registry. If the program has NO admin privileges, do you think malware, any type of malware can access a critical system component like the windows registry?

 

The technical term for what Notok is referring to is 'prefetch' and yes it is on by default without the use of any extension.

Some people confuse Prefetch with pipelining. Pipeling is off by default but various tuning tricks turn it on.

From google.

This is for people who want to turn it off, but are not using fasterfox. Prefetch will still be on for them, unless they do the above.