Can someone please explain!

Discussion in 'other anti-malware software' started by ratchet, Oct 9, 2009.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    So dozens of visitors to the rivals.com Penn State football board became infected with the Security Tool virus (not me!). Most, if not all, claim they had their anti-virus running and there doesn't seem to be any correlation as to any link they opened. How could that have happened?
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Many ways.

    Unpatched or vulnerable software, insecurely configured browsers, malicious scripts, absent signatures for the Security Total virus etc.
     
    Last edited: Oct 10, 2009
  3. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Maybe because of some browser's plug-ins.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    There's no way to know generally, but it's safe to say there were weaknesses in the security setups. You would have to look at each system to find the vulnerabilities. And keep in mind that the best software can be defeated if the user clicks Yes when he should have clicked No :)
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that is why is always advisible to use a security combination of hips/behabiour blockers and sandbox type programs for just in case if clicking yes what ever files good or bad will land in the sandbox area:D my 2 bucks;)
     
  6. wat0114

    wat0114 Guest

    1. Running as administrator?

    2. Clicking on yes?

    Because it's a rogue app and not actually a virus, so most avs aren't going to detect them? Just my guess.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Running as administrator here.

    Always clicking on yes here.

    install.exe - Result: 26/41 - TR/Scar.yka

    ST.JPG
     
  8. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    FYI currently in the wild :

    exploit -> iframe$ gang downloader -> vundo -> Security Tool and/or Windows Police Pro rogues , no clicking required .
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    MBAM will catch and stop it:)
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    How many exploits are there ?
     
  11. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    That number likely changes by the minute . Acrobat and java are still the two I see exploited the most but anything web facing and out of date is just asking for trouble .
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    After download doesn't it still need manually executed to install?
     
  13. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Only on vista or higher .
     
  14. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    So just so we are clear, just visiting an infected site using XP (even limited user accout) will cause the rogue program to download, install and run with no user intervention?
     
  15. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Limited , not likely , but if your an admin on XP surfing like a fool will get you infected with no accepting anything required .
     
  16. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    And if you are surfing as a limited user with a Software Restriction Policy enabled you will definately be OK. Remember "If it can't execute, it can't infect."
     
  17. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Less easy for the Windows XP Home Editions.
     
  18. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Acrobat and java are two pieces of software.

    Do you have an actual NUMBER of current exploits, taking into account that it varies ? 50, 5000 ?
     
  19. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
  20. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Thank you for the explanation! I guess my next question would be how was this "placed" on that website and why don't websites have their own security to prevent such a hacks? Thank You!
     
Thread Status:
Not open for further replies.