Somebody posted a malware?

Discussion in 'other security issues & news' started by Kees1958, Mar 30, 2012.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    See pic, stupid but funny
     

    Attached Files:

  2. abu shofwan

    abu shofwan Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    358
    Location:
    Earth
    just clicked show more about threat activity then it showing there's Link to exploited site

    not sure,which thread :doubt:
     

    Attached Files:

  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Well seems to me that if they say that 31 threats in past year at Wilders, and others don't say similar, then it is their own methodology and means of assessment that is at fault.
    When I've ever checked URL with various tools/services, it always comes up clean. :)
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    If someone did paste exploit code in this forum, to show evidence of such and how it looked like, then it's gone*. One of my relatives does use AVG LinkScanner, and it isn't detecting any exploit code in this forum.

    This is usually problematic, because sometimes people actually copy and paste the exploit code (or parts of it), instead of simply posting a screenshot of it.

    -edit-

    * I actually forgot that LinkScanner doesn't verify all links of a given domain. It only verifies the current page. :D So, maybe the exploit code is still around... :D
     
    Last edited: Mar 30, 2012
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Like abu shofwan wrote, AVG mentions 'Link To Exploit Site'.
    Perhaps because of a partial url like in this recent WSF thread?; link
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Nope. That's just normal text, not code. Even if the the link was active, and hosting an exploit, the user would need to click the link and actually visit/be redirected to the exploit URL, so that they could get a LinkScanner warning.

    LinkScanner only checks the current URL. So, someone had to post exploit code in some thread. Although, I can't find anything recent. :blink:
     
  7. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Obviously it isn't code.
    I mean if someone selects and right-clicks the partial url (just -prizesforyou.bix-), opens it in a new tab and thus visits the url.
    When Linkscanner would find this to be an exploit site, wouldn't it then perhaps mark WSF as 'linking to an exploit site'?
    I haven't used AVG Linkscanner ever, so I could be completely wrong/it just doesn't work that way.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I understand what you're saying. :) But, I don't think LinkScanner would know it came from WSF.

    If you select, then copy & paste the link in the address bar, there would be no indications it came from wilderssecurity.com? Sure, LinkScanner could monitor if the user is copying some url/domain and paste it to the address bar... and then would say Exploit is from B, but B was on A But, I don't think it monitors such?

    The only possible way I can think of, is if the URL was active, and then the user clicks on it and LinkScanner blocks the exploit. LinkScanner will know the first URL was https://www.wilderssecurity.com. Which would fit in 'linking to an exploit site', as you pointed out. Maybe by reading the browser's header referrer info...

    Other than that, only if there was in fact exploit code in some thread's post.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Found the detailed info of this chrome plug-in now. It was not a malware posted but a link to a site containing malware. I checked the malware domain list. It also has a surf with caution warning. Maybe this warning is triggered when a post contains a link to such a site.

    Regards
     
Loading...
Thread Status:
Not open for further replies.