Discussion in 'other security issues & news' started by Kees1958, Mar 30, 2012.
See pic, stupid but funny
just clicked show more about threat activity then it showing there's Link to exploited site
not sure,which thread
Well seems to me that if they say that 31 threats in past year at Wilders, and others don't say similar, then it is their own methodology and means of assessment that is at fault.
When I've ever checked URL with various tools/services, it always comes up clean.
If someone did paste exploit code in this forum, to show evidence of such and how it looked like, then it's gone*. One of my relatives does use AVG LinkScanner, and it isn't detecting any exploit code in this forum.
This is usually problematic, because sometimes people actually copy and paste the exploit code (or parts of it), instead of simply posting a screenshot of it.
* I actually forgot that LinkScanner doesn't verify all links of a given domain. It only verifies the current page. So, maybe the exploit code is still around...
Like abu shofwan wrote, AVG mentions 'Link To Exploit Site'.
Perhaps because of a partial url like in this recent WSF thread?; link
Nope. That's just normal text, not code. Even if the the link was active, and hosting an exploit, the user would need to click the link and actually visit/be redirected to the exploit URL, so that they could get a LinkScanner warning.
LinkScanner only checks the current URL. So, someone had to post exploit code in some thread. Although, I can't find anything recent.
Obviously it isn't code.
I mean if someone selects and right-clicks the partial url (just -prizesforyou.bix-), opens it in a new tab and thus visits the url.
When Linkscanner would find this to be an exploit site, wouldn't it then perhaps mark WSF as 'linking to an exploit site'?
I haven't used AVG Linkscanner ever, so I could be completely wrong/it just doesn't work that way.
I understand what you're saying. But, I don't think LinkScanner would know it came from WSF.
If you select, then copy & paste the link in the address bar, there would be no indications it came from wilderssecurity.com? Sure, LinkScanner could monitor if the user is copying some url/domain and paste it to the address bar... and then would say Exploit is from B, but B was on A But, I don't think it monitors such?
The only possible way I can think of, is if the URL was active, and then the user clicks on it and LinkScanner blocks the exploit. LinkScanner will know the first URL was https://www.wilderssecurity.com. Which would fit in 'linking to an exploit site', as you pointed out. Maybe by reading the browser's header referrer info...
Other than that, only if there was in fact exploit code in some thread's post.
Found the detailed info of this chrome plug-in now. It was not a malware posted but a link to a site containing malware. I checked the malware domain list. It also has a surf with caution warning. Maybe this warning is triggered when a post contains a link to such a site.
Separate names with a comma.