Top Web Browsers Vulnerable To Rogue Download Vulnerability

Discussion in 'Prevx Releases' started by kdcdq, Jun 4, 2012.

Thread Status:
Not open for further replies.
  1. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's a very nice exploit - I just tried it here. We blocked an infection coming from it without a problem.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The exploit doesn't do anything to evade AV detection. It's just to trick the user into trusting it.

    So you'll see someone post "Adobe Update" and go. You'll see the legit Adobe website, a legit looking download, and then your AV will go "it's malware" (if it detects it.) At this point it's a question of whether or not you trust your AV or if you trust the Adobe website.
     
  4. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    769
    Location:
    "Here on Wilders"
    Excellent! :thumb:
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  6. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    I thought (and hoped) WSA WOULD, indeed, block this exploit. Thanks for proving that it does!!!:thumb: :thumb:
     
    Last edited: Jun 5, 2012
  7. tarsins

    tarsins Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    31
    Am I missing something here? I went to that page and clicked the "proof of concept" link and not a squeak from WSA through the whole process.
     
  8. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    No it does NOT BLOCK THE EXPLOIT, it BLOCKS the MALWARE that COMES via the Exploit. That doesn't mean that it will block the next malware that decides to use the exploit. It only blocked the malware that PrevexHelp tested.

    So no, the exploit is not blocked. Just whatever it downloads MIGHT be blocked.
     
  9. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
    The only folk who can fix the exploit are those that make the browsers, Microsoft, Mozilla and Google.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It downloads a legitimate calc.exe so we allow the file.

    Exactly - this is a browser-side issue which they would need to fix to clear up.
     
  11. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Won't immediately block the next item that uses the exploit if the item is not already set to Bad. But the item won't be Good, it'll be Bad (and Blocked), or Unknown, and watched, and then blocked and rolled back when it does something bad. Worst case, contact support and they fix it for you for free within a few minutes.

    Compare that to conventional AV where if it's not detected immediately, it could be a while and then possibly good luck getting rid of it. No way whatsoever to contact them and get it fixed by their program in a few minutes either, because they take more than a few minutes to make definitions.
     
  12. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
  13. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Oh, well Webroot will fix it for you. :) Norton? Maybe Quads will. Maybe. ;)
     
Thread Status:
Not open for further replies.