IMON did its job

Discussion in 'NOD32 version 2 Forum' started by DGeorge, Oct 27, 2004.

Thread Status:
Not open for further replies.
  1. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    While surfing around last night I suddenly got a warning message that a W32 trojan was being downloaded from the page I tried to connect to so I of course chose to disconnect.
    What surprised me about it was that I run FF 1.0PR with javascript, java, ActiveX etc all disabled. The page had not even loaded yet and was still just a blank white window. Was this most liklely a jpeg exploit?
    I thought with java etc turned off I was pretty safe while just surfing?

    Anyways Im glad NOD caught it before it was even downloaded.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Not sure what it was, however it is nice to see the HTTP scanner in action, pretty impressive isn't it :D

    :D :cool: :D :cool: :D
     
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Can't say what it was but it wasn't the jpeg exploit of recent infamy, FF is not susceptible to this exploit. Even jpegs that do have the exploit are viewable in FF.
     
  4. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    If you look at the Virus Log does it show what it was?
     
  5. woosha

    woosha Guest

    the trojan was just loaded in FF cache, no risk
     
  6. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    It was w32.vb.df trojan

    I guess it must have been the cache. So does that mean even if IMON had not caught it, it would not have been able to execute?
     
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    depends, it could have executed in the cache,how it was written is the key whether it would have worked or not. IMON caught it as all that matters though. It won't execute now thats for sure
     
  8. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    Yes, definitley the main thing is it got stopped by IMON.

    I just thought that with js, activex,etc disabled, I could not get infected by anything unless I actively chose to download something. I didnt think I could get infected just by looking at a page?

    Makes me wonder what would have happened if it was a trojan NOD couldnt detect?
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes your settings should have prevented it from running. Yes you can infected just by viewing a webpage, a few of the latest virii/trojans have demomstrated that, that is what all the fuss is about with the latest jpeg exploit and the exploit to inject code into IIS servers awhile back ( I forgot the name of that trojan at the moment) but it is getting to the point that even looking at a web page can be dangerous. Fortunately it is far from being a widespread problem for the time being.
     
  10. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    I think Im going to shut off my computer and go read the paper :D
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LMAO you have a really good AV that did it's job ;) :D
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  13. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Mine just removed a bad attachment called "file.bat" from being sent to some funky address.
     
Thread Status:
Not open for further replies.