Attackers Moving to .CE.MS Domain For Attack Sites

Discussion in 'malware problems & news' started by Searching_ _ _, Nov 1, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Attackers Moving to .CE.MS Domain For Attack Sites - ThreatPost
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the article:

    In fact, no malware is delivered if the user has scripting enabled per site. And, of course, this applies to web based attacks, no matter the domain used.

    These random URLs are usually arrived at through redirection. So, even if redirected from a compromised site with scripting enabled, the site with malicious scripts will just sit there and do nothing. Part of the obfuscated (disquised) code is included below:

    script.gif

    Whereas, if scripting is enabled, then the code can attempt to do its dirty work.
    (Note above the reference to JAVA in the first line of the code: content/field.jar)

    script_ie.gif

    People have argued that keeping scripting enabled just per trusted sites is aggrevating when a site you go to requires javascript so that you have to enable it and then reload the page.

    No disagreement there, but you can't deny that whitelisting scripting of sites is a good preventative measure.

    regards,

    -rich
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    :thumb:

    Indeed. I got not issues doing it that way. It's as simple as clicking the javascript icon in the address bar, and choose allow for this domain and refresh.

    Easier than that, only if Chromium starts showing a tip bar asking to click "Reload", at the image of what happens when allowing cookies. It makes things faster... a bit. :D
     
Loading...
Thread Status:
Not open for further replies.