Quick malware question: How'd it even get through?

Discussion in 'malware problems & news' started by Tetranitrocubane, Nov 29, 2007.

Thread Status:
Not open for further replies.
  1. Tetranitrocubane

    Tetranitrocubane Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    11
    I'm new about these forums, so please forgive me if I seem uninformed. I recently had a run-in with a piece of malware (though I was on a work machine, which was a mac, at the time), and it scared me seriously.

    I regularly use a variety of web-based email clients to check my email from various computer I maintain and know to be secure. I'm using gmail and hotmail, and a webmail client from my ISP. It's not a good solution, but it's the best option I have to check from work and such. Anyway, just this evening, I was checking my archaic hotmail account on a Macintosh at work (using Firefox!), when suddenly without my input it closes the browser window and calls up a pop-up (which are set to be blocked).

    The pop-up is obviously malware, something called malwarealarm, which insists that the computer needs to be scanned and asks if I want to download the program. I cancel, naturally, but that doesn't stop the damned thing from redirecting me to its webpage and trying to download all kinds of nasty stuff.

    Long story short, it was on a Mac, so I'm not sure if anything happened that could be bad. I scanned with NAV on the Mac, and also Macscan to search for malware / spyware, but nothing came up.

    But this has me paranoid for my PC now. I hadn't opened an attachment, or even opened a single message at all in my hotmail account. I had barely even put in my login info and opened my inbox when this thing jumped out of nowhere, so I don't have any idea where it might've come from, save for a rouge banner ad. From what I understand, Macs are pretty impervious to this kind of attack, so I doubt it was pre-existing spyware, and I don't have ANY idea how it could have been a forced-download program since it was a Mac on OS X 10.4

    How the heck could this thing have gotten through? How could it have installed and launched in a browser, on a Mac, through a site like hotmail, without me so much as doing anything but logging in?

    Moreover, what's the best way to assure that this kind of thing won't get into my PC, since on the mac I didn't do anything except open my inbox? I'm paranoid to even check my email now. I don't want to reformat every time I check for messaged. On my PC I'm using Opera, I've got Nod32 installed, and I periodically run Spybot S&D. But if malware can strike me that quickly from a trusted site, obviously I don't know how to surf safe. Any advice? Thanks!
     
  2. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
  3. Tetranitrocubane

    Tetranitrocubane Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    11
    Ah, yeah. I was hoping the Mac would be unaffected - But my main concern is that I also check my hotmail account from a PC. I know it's a redirect, I just didn't know how it occurred, since I didn't click on anything. Heck, I didn't even open a message at all!

    From what you linked to, though, it seems like tons of legit sites are getting hammered with bogus ads that have flash redirects on them, that point to this malware site. That's frightening.

    Is there anyway short of killing Flash entirely to prevent banners from redirecting?
     
  4. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Hi Tetranitrocubane, I was hoping someone more knowledgeable would have advised u by now. I'll give some suggestions, but not sure if they're 100% against the this specific threat:

    1. Firefox add-ons (Tools> Add-ons> Get Extensions):
    a. AddBlock Plus, to block ads (after install, add EasyList filter subscription)
    b. Flashblock, replaces flash objects with a placeholder that you can click on if you want to view them

    2. On your windows box, if you're willing to try out something new, try running your browser in a sandbox with Sandboxie. Have a look at the tutorial in the Help&FAQ section.

    3. On your windows box, you can also try using a hosts file, a popular one is the MVPS Hosts. Think it has malwarealarm site blocked, not sure if its the current site tho.

    I think [1.] is easiest & could be enough, [2.] and [3.] as extra. But I may be wrong, so best to wait for more/better advice.
     
  5. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    While surfing a website today that both McAfee SiteAdvisor and LinkScanner online both say is clean I was redirected to another website and then to a popup saying I might be infected and to download "MalwareAlarm". I know this is a bogus alert for a rogue program but what I want to know is why neither LinkScanner or SiteAdvisor caught it. Is this type of thing not considered a risk by either or have they just missed it?

    I was using Firefox and XP SP2 at the time. I would post the link of the website I was visiting when the redirect occured but I am not sure that is allowed here.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Best thing to do is submit the link McAfee SiteAdvisor and LinkScanner. I'm sure they would appreciate it.
     
Loading...
Thread Status:
Not open for further replies.