Compromised MySpace pages are infecting visitors with a new attack tactic

Discussion in 'other security issues & news' started by ronjor, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Story
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Now this crap is making it's way to Macs jeez. :rolleyes: Well it may be worth staying with Microsoft because even though the attackers methods are more sophisticated for Windows perhaps so are the defences of security vendors?
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,

    A few things I have noticed in the article that drew my attention:

    The so-called trojan for Mac is a codec; you install it, you infect your machine. You don't install it - you don't. Very simple. The same applies for every single platform / browser.

    Then, the issue of ActiveX is mentioned ... but not the fact that it is a MS thingie and not something that works in other browsers. And finally, Safari does not need to run on Mac - it can run on Windows as well.

    And to sum it all up, the mentioned methods require the user to actually agree to do something, which is not different from shooting yourself or smashing the pc with a hammer - requires active effort from the user.

    All in all, nothing special...

    Mrk

    P.S. Hammer, I'd take my chances with Mac. At least, if you get knackered, you'll do it with style and beauty ...
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Correct. Many do agree to do something. Therefore, continuing to remind those that may choose to perform such actions of the consequences may be helpful.
     
    Last edited: Nov 11, 2007
  5. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The site mentioned in the article is a legitimate site and as the articles authour points out, your already expecting a video.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Expecting a video, not a prompt for a "missing" codec.
     
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Ya ok.:rolleyes: Your missing the point that you know the site to be legitimate(Alicia Keys) and the people visiting aren't some idiots surfing for porn or cracks so many users(not you obviously) would not be expecting a problem.
     
    Last edited: Nov 11, 2007
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I get your point :) You don't get mine.
    Common sense isn't only about "safe" surfing. It also means what kind of content you should expect on a site. If I have the codecs, media players, plug-ins and runtimes (Java) installed, why would I install an ActiveX control?
    This is social engineering at work.
     
  9. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Hello Gentlemen

    A question to you all my girlfriend was on the site today that you mention when i just came in :eek: :eek: :eek: :eek: :eek: :eek:

    And i just read this :ouch: :ouch: Do any of you know if the infections have been cleaned up she has prmoised me nothing popped up and that but now im thinking am i infected checked my antivirus nothing caught ??

    Many thanks

    Ben
     
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I believe the article in the original post said the site had been cleaned up.
     
  11. Dogbiscuit

    Dogbiscuit Guest

    I think having some "technical sense" (or "computer sense") not "common sense" is what most people on Wilders really mean when they use this term.
    Knowing when you should not install an ActiveX control on a Windows-based personal computer (and even knowing what an ActiveX control is) requires some specialized knowledge, I would think.
     
    Last edited by a moderator: Nov 14, 2007
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're right on that. Common sense has a broad meaning regarding computer security :)
    "Pure" common sense would be not believing in the Nigerian scams or the cheap Viagra.
     
Loading...
Thread Status:
Not open for further replies.