Members Straycatstrat Posted August 12, 2008 Members Share Posted August 12, 2008 Hi Guys, I followed a link to ibanezregister.com yesterday. My virus scanner started bleeping: I sent the file in question to Virustotal and let it scan there. Result: AhnLab-V3 2008.8.12.0 2008.08.11 - AntiVir 7.8.1.19 2008.08.11 JS/Dldr.Iframe.CF Authentium 5.1.0.4 2008.08.11 - Avast 4.8.1195.0 2008.08.11 - AVG 8.0.0.156 2008.08.11 - BitDefender 7.2 2008.08.11 - CAT-QuickHeal 9.50 2008.08.11 - ClamAV 0.93.1 2008.08.11 - DrWeb 4.44.0.09170 2008.08.11 - eSafe 7.0.17.0 2008.08.11 - eTrust-Vet 31.6.6023 2008.08.11 - Ewido 4.0 2008.08.11 - F-Prot 4.4.4.56 2008.08.11 - F-Secure 7.60.13501.0 2008.08.11 - Fortinet 3.14.0.0 2008.08.11 - GData 2.0.7306.1023 2008.08.11 - Ikarus T3.1.1.34.0 2008.08.11 - K7AntiVirus 7.10.411 2008.08.11 - Kaspersky 7.0.0.125 2008.08.11 - McAfee 5358 2008.08.11 Exploit-IFrame Microsoft 1.3807 2008.08.11 - NOD32v2 3346 2008.08.11 - Norman 5.80.02 2008.08.11 - Panda 9.0.0.4 2008.08.11 - PCTools 4.4.2.0 2008.08.11 - Prevx1 V2 2008.08.11 - Rising 20.57.02.00 2008.08.11 - Sophos 4.32.0 2008.08.11 - Sunbelt 3.1.1538.1 2008.08.09 - Symantec 10 2008.08.11 - TheHacker 6.2.96.395 2008.08.08 - TrendMicro 8.700.0.1004 2008.08.11 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.11.1331 2008.08.11 - VirusBuster 4.5.11.0 2008.08.11 - Webwasher-Gateway 6.6.2 2008.08.11 Script.Dldr.Iframe.CF Looked a bit like a false positive (Webwasher and Avira use the same detection engine, so only McAfee confirmed) but I sent it to Avira for further analysis. Today came the result: Avira confirms that it is malware. Since it has its own name (JS/Dldr.Iframe.CF), it has been recognized before anyway. The site apparently contains a hidden script that downloads malware ("Dldr"=Downloader) from another site. I assume that this can only work - as usual - when using IE and having Javascript enabled. In other words, they might have been hacked. Don't go there. Link to comment Share on other sites More sharing options...
Members blue2blue Posted August 12, 2008 Members Share Posted August 12, 2008 There are a lot of sites that have been hacked to include cross browser scripting. Sadly, Firefox is not necessarily immune, either. Last summer I had a cross site script download and try to get me to install some software. The payload ended up on my machine but I didn't install it and removed it with the Trend Micro Housecall online free scan. The exploit was hosted on a number of innocent but clueless third party sites, The Economist, Yahoo, AllMusic, and others. A more pernicious and ongoing problem is so-called social engineering exploits that are scattered on member pages for Facebook, MySpace, and other social networking sites. The trick is to try to get you to download and install worm malware -- typically in the guise of a media player or "special codec" to see some "special" media of some sort. But a newly popular exploit is to try to trick people into downloading a worm package disguised as a Flash player update. A quick glance at the URL might at first LOOK like it's going to Adobe but a more careful examination will show the URL actually uses subdomain prefixes to try to fool people, a la, adobe.com.blahblahblah.SomeRealBadPeople.com/blahblhablah/nastyPayload.exe -- if you get the drift. Link to comment Share on other sites More sharing options...
Members Straycatstrat Posted August 13, 2008 Author Members Share Posted August 13, 2008 Yeah they all do a lot to keep browsing interesting... we don't need browser games, browsing IS a game. Link to comment Share on other sites More sharing options...
Members shtiming Posted August 18, 2008 Members Share Posted August 18, 2008 any new information on this virus? I just got hit by this too. good thing i use noscript + firefox. Link to comment Share on other sites More sharing options...
Members Ken Vaughn Posted August 20, 2008 Members Share Posted August 20, 2008 I keep getting an "update is available" for Apple I-Tunes / Quicktime or something. I ignore and close it and wonder wtf? I have my automatic updates turned off. AMD Dual 3800, Windows XP Corp. Firefox 3. No idea if I should install it or not. Link to comment Share on other sites More sharing options...
Members blue2blue Posted August 20, 2008 Members Share Posted August 20, 2008 I keep getting an "update is available" for Apple I-Tunes / Quicktime or something. I ignore and close it and wonder wtf? I have my automatic updates turned off. AMD Dual 3800, Windows XP Corp. Firefox 3. No idea if I should install it or not. Do not install it! There is a new exploit targeting Windows, Linux, and Mac IE, Safari, and Firefox users -- it uses Flash banner advertising on some major sites and takes over your clipboard... Adobe Flash ads launching clipboard hijack attack Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine Link to comment Share on other sites More sharing options...
Members shtiming Posted August 20, 2008 Members Share Posted August 20, 2008 Install adblock plus and use the easylist. install no script, it stop scripts form running unlessyou want it to. install wot and mcafee siteadvisor, it rates websites telling if its a good website or not. Link to comment Share on other sites More sharing options...
Members blue2blue Posted August 21, 2008 Members Share Posted August 21, 2008 Me, I wouldn't touch anything from McAffee or Norton/Symantec. But that's just me. Well, it's not just me. But it's not everybody, I guess. I am a big fan of NoScript for Firefox, though, which can stop cross site or even all scripting, letting the user only allow those sites he wants to have javascript powers. Link to comment Share on other sites More sharing options...
Members Straycatstrat Posted August 21, 2008 Author Members Share Posted August 21, 2008 I'm not glad to hear that this thing was really attempting something. But I hope that some read this and understand that "I have antivirus and don't go on porn sites" doesn't protect them from being infected. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.