OnlineArmor warning just in a Google search result listings

Discussion in 'privacy problems' started by Tassie_Devils, Dec 26, 2005.

Thread Status:
Not open for further replies.
  1. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Here's something new [for me anyhow]. :doubt:

    I was mucking around earlier today, looking for 'big' funny things towns have as their 'icon' as in Big bananas, big etc etc. and searched for 'big pineapple' and just from the Google search results, Online Armor popped up warning me of one of the sites wanting to run an 'Applet' and that was just in the result listings, let alone going to the actual site.

    What an easy way to get infected by something nasty or am I mistaken. :doubt:
    This was using Firefox.

    Cheers, TAS
     

    Attached Files:

  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Tassie - Went to site and got multiple active X prompts which I denied and popup ads. I finally Alt-F4 the whole site. I am running Outpost and KAV.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    A lot of times Firefox will "Preload" a site to make it faster in loading when you go there. I had noticed a fair amount of this kind of thing while using OA.
     
  4. There's a link on the page to imrworldwide aka Redsheriff, fairly infamous for using java applets for tracking purposes.

    But otherwise not really a big danger.

    Does online Armor alert on every applet?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Using Opera:

    With Java enabled, a flash applet loads on that page.

    With Java disabled, a stationary advertisment loads in it's place.
     
  6. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    thanks guys for replies.

    Notok...Preloading explains it then. ;)

    deviladvocate: OA alerts on ALL ActiveX/Applets regardless of site, you have to either Block/Allow.
    I usually just block without checking the 'Do not ask again' box, so if needs be, I can go back to site, allow it to load and take a gander.

    Rmus: Yep, tried it, and as you say. :)

    Cheers, TAS :)
     
  7. f3x

    f3x Guest

    hmm that is interesting, however i do not beleive preloading is in the default behavior or firefox. Did you use an extention like fasterfox ? if so you should really disable preloading. There was a bit googleaccelerator hipe about how dangerous prealoding is. For example you move over the link to delete a post and in the action of preloading you effectively delete that post. Even if it should not happen with carefull webmaster it's a risk.
     
  8. kingkong8687

    kingkong8687 Guest

  9. mrskingkong

    mrskingkong Guest

    I disabled my fasterfox. www.dnsstuff.com will not work if it detects that you're running with fasterfox enabled. Yes, preloading only works if you have fasterfox installed and running.
     
  10. mrkingdong

    mrkingdong Guest

    I agree.
     
  11. f3x

    f3x Guest

    Personnaly i would not use thing such as dropMyrigth
    Even if it help as it robably disable access to HKLM
    I beleive it still can infect HKCU or find other way to escalate it's privilege
    This being said, statement such as "So no matter what happens you're safe anyway." is a bit of false security i beleive. Anywais as another layer of security, yes it's usefull.

    ------------------------------
    hmm sorry if this is of topic but

    kingkong 8687
    mrs kingkong
    mr kingdong

    Strange familly of monkey isnt it ?
     
  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    ahhh the penny dropeth.... Yep.... using FasterFox hmmm....okie, turned off Prefetching [presume it's the one see pic]

    thanks f3x ;)

    TAS

    edit: I've now tried that exact same thing as my first post, and this time 'no' alerts, so it was the Prefetching as you said f3x ;)
    :) TAS
     

    Attached Files:

    • 074.GIF
      074.GIF
      File size:
      17.7 KB
      Views:
      172
    Last edited: Dec 27, 2005
  13. Why do some people give advice like dont run as an admin?
    If a program has NO administrator rights, any type of malware wont have enough privileges to infect any part of the system at all! Read the spywareinfo newsletter, it has one article on DropMyRights.
    So, tell me what other ways do the malware have to bypass dropmyrights.
    It blocks access to hkey local machine and infects heky current user in the registry. If the program has NO admin privileges, do you think malware, any type of malware can access a critical system component like the windows registry?
     
  14. The technical term for what Notok is referring to is 'prefetch' and yes it is on by default without the use of any extension.

    Some people confuse Prefetch with pipelining. Pipeling is off by default but various tuning tricks turn it on.

    From google.

    This is for people who want to turn it off, but are not using fasterfox. Prefetch will still be on for them, unless they do the above.
     
Loading...
Thread Status:
Not open for further replies.