speedtest.net spreading Security Sphere 2012

Discussion in 'malware problems & news' started by vasa1, Oct 11, 2011.

Thread Status:
Not open for further replies.
  1. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Okay! So this is how my friend picked it up!

    He phoned his ISP about slow net speed and was asked to go to speedtest.net! And today, I read this:
    Source: http://blog.armorize.com/2011/10/malvertising-lifecycle-case-study-openx.html
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Ouch, but I guess this is the future of spreading malware, compromising legit sites.
    It's good to see that a lot of big AV players were fast on updating their definitions, most within just a few hours. So the impact will have been minimized.

    A little note on this:
    If you're using a good ad blocking subscription (e.g. Fanboy's lists) that domain is blocked. So in this case if the user was using out-dated software, the simple use of a TPL/ABP would have protected them.

    I assume it's been removed by now?
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Yes, I managed to remove it using the instructions on the bleepingcomputer site I referenced in the other link.

    But another infection is just a matter of time because he's far from savvy and doesn't know about using IE's blocking tools :(
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Yeah it was just a little FYI for anyone that didn't notice/know. As you know that functionality is not limited to IE (or OS for that matter), Chrome/Iron and Firefox have block lists from Fanboy too. I think Opera's is just a hide list though, not sure if that would work.

    Though I meant has speedtest.net been "cleaned" :p
     
Loading...
Thread Status:
Not open for further replies.