This is the first time I visited an infected website!

Discussion in 'other anti-virus software' started by Football, Apr 27, 2009.

Thread Status:
Not open for further replies.
  1. Football

    Football Registered Member

    Joined:
    Nov 29, 2008
    Posts:
    96
    Location:
    Greece
    I am using Internet Explorer. When I visited this website, Kaspersky did not let me enter detecting something by heuristics. This was a malicious script. Sorry if I did not use the correct term.
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    noscript is very good at preventing, but not 100% impenetrable, nothing is. and its called drive-by downloads, they can install invisibly without ur knowloedge, and lets say that noscript doesnt catch it? then what? i think its just infected u is what happens...
     
  3. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    I repeat :) Can you give me a single website that can automatically download and install malware or something else without user knowledge or intervention to give permission to install?

    No more talk, time for action.. Show me.
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    its common sense tbh, nothing and nobody is perfect, so inturn, the software people make wont be perfect either, u can go find malware urself, even if its only 1 piece of malware that gets through out of a billion, its still that 1.
     
  5. colt45allstar

    colt45allstar Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    65
    I've seen websites that can do it in the past.

    To the best of my knowledge however, it is not permitted to have live malware links posted here... so don't think you will find anyone who can "show you"
     
  6. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Great, then private message me, I cant wait to see this and will provide the proof and evidence on here that it's not possible. Message me ;)
     
  7. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    Thank you for the clarification.
    Pls correct any assumptions I am making here, but:
    If you were spontaneously prompted to DL an unexpected proggie (.exe file, or whatever), would you not just refuse it and remain secure?
    If you were so naive to DL the maliciuos soft, would not your AV flag it upon either DL (write to disc) or execution?
    I am merely trying to resolve the efficacy / utility of HTTP scanning.

    Cheers
     
  8. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    944
    Someone who knows how, please make it a good one...

    philby
     
  9. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Of course its possible. Thats why they are called drive-by-downloads.

    There was a recently PDF exploit which has been extensively discussed here.
    Or Have a look at matt on youtube - malware-removal for video's

    Now your setup may prevent it , but to say the website's don't exist ...
    How can you have 300+ posts here and come out with that stuff ?

    Your making statements which are frankly inaccurate.
     
  10. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    Such was not the case here, as original poster clarified:
     
  11. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    There are no "drive-by-downloads" that downloaded and installed something on peoples PC all on their own. They had help from the users who clicked this and clicked that and pressed OK etc etc lol
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    not if you used IE6 and xp with admin rights.all you needed to do was visit the website and it automatically downloaded its payload.
     
  13. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
  14. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
  15. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    UPDATE: I found a website that actually downloaded an .exe file and saved it into my C:/users folder without asking me..... but it could not EXECUTE it.

    So I apologise for being WRONG and I admit it... Some website CAN download something and have it saved on the HD.. But it cannot EXECUTE ITSELF.

    Also important to add, I turned off no-script in firefox for testing purposes... if no-script was ON, which it always is for me, then the .exe could NOT even have downloaded and saved itself on my HD.
     
  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    it CAN, just happened that u didnt come across one that does, but ther are some that CAN...
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    Well that would be stupid wouldn't it? for a variety of reasons not the least of which is it would be bad for business. Hardly a positive promo. And to think I just read a thread again where somebody said web scanners are useless bla bla bla.:rolleyes:
     
  18. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    cann you show me one? if not, then I cannot believe it.
     
  19. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    @tonyseeking:
    For the very reason that some website somewhere might download something unobtrusively to someone's computer that isn't adequately protected is why I imagine such links are not posted here, and why you're not seeing copious examples.

    Yes, you're protected by NoScript, but not everyone has that, let alone even using Firefox. Forget about yourself for a moment: think about Joe Average. Most of them don't visit forums like this. None of my family do, and they're all still using IE, but they have some AV protection at least.
     
  20. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Nice example to explain what may happen, but the question is would something like NoScript prevent that from running anyway? (tonyseeking indicated the solution was to use NoScript, which is why he raised his points, and therefore, I'm wondering if your example would be blocked by NoScript alone.)

    I imagine if you're running both KL and NoScript, it would be a case of who gets there first. Actually on reflection, I think KL may win on this as I have seen an alert from heuristics on a site that later had a detection added for it after I reported it, and I have NoScript installed, but am unsure as to whether the script would have run anyway if KL hadn't alerted just because of NoScript. As it was, KL detected and I blocked even with NoScript running.
     
    Last edited: Apr 29, 2009
  21. Football

    Football Registered Member

    Joined:
    Nov 29, 2008
    Posts:
    96
    Location:
    Greece
    http://www.viruslist.com/en/analysis?pubid=204792056
     
    Last edited: Apr 29, 2009
  22. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    As I understand it, for these exploits to be successful, even on an unpatched system, some manner of user interaction is required. i.e.: user is prompted to perform an action.

    I would welcome evidence to show otherwise.
     
  23. Football

    Football Registered Member

    Joined:
    Nov 29, 2008
    Posts:
    96
    Location:
    Greece
    When it is written "silently", I think that it means without user interaction. Or maybe I am wrong?
     
  24. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    Your link under "Anatomy of a Drive-by Attack"
    are referred MS vulnerabilities bulletin no.s MS07-004, MS06-014.
    re: MS07-004. (Microsoft Vector Markup Language Vulnerability)
    Download, yes, but no mention of execution.
    Source: http://vil.nai.com/vil/Content/v_vul26881.htm#tab2

    re: MS06-014 (MDAC Vulnerability) Although this might fit the "minimal user interaction" criteria, it appears that this threat is quite obscure; more of a POC than real menace.
    Source: http://www.zdnet.com.au/insight/soa...curity-bulletins/0,139023731,139115834,00.htm

    Cheers
     
  25. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Thats the key here- scripting will always big a huge gawping security hole unless you keep it in check (either by disabling it altogether, or using noscript to control which websites are allowed to execute scripts in your browser)....however, again, this is too much effort and too technical for most users- who complain that UAC is intrusive- having scripting disabled by default and manually whitelisting trusted sites (although this is risky too, as they could just as well have malicious scripts inserted too) is far too intensive and most people won't bother and have no idea what scripting or noscript really is....this is where script heuristics come in and they provide some coverage of the scripts which start off a drive by download.

    Granted, such heuristics aren't foolproof as there are too many js libraries to emulate and different tricks that the malware authors use to avoid detection, but the key thing here is that they are updateable and really do make a difference to your safety- it is better to block any infection at it's origin, rather than when the malicious content is already on the machine, doing so gives you an extra layer of defence.... especially since in the example I gave, Kaspersky didn't detect the final "payload" file until I sent it in to them. Food for thought.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.