+ Post New Thread
Page 5 of 8 FirstFirst 12345678 LastLast
Results 61 to 75 of 111
General Chat Thread, Compromised Websites - Anyone else affected yet? in General; Originally Posted by somabc Do you have any of the malicious jar files, I would be interested to see exactly ...
  1. #61


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,758
    Thank Post
    221
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by somabc View Post
    Do you have any of the malicious jar files, I would be interested to see exactly what they do?
    You might be able to find it on here...

    http://www.malwaredomainlist.com/mdl.php

  2. #62

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Ours were dropped via TDL4 rootkit, which bypasses pretty much everything - see here - http://www.edugeek.net/forums/securi...4-rootkit.html

  3. #63
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    Quote Originally Posted by CHR1S View Post
    Ours were dropped via TDL4 rootkit, which bypasses pretty much everything - see here - http://www.edugeek.net/forums/securi...4-rootkit.html
    Interesting because I have not found any evidence of that Rootkit on any of ours.

  4. #64

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    They were definitely the same viruses, one had 14 others as well as the fake AV type one but were at different stages of infection. One was reported immediately and the other had several days of runtime on a home network.

    Edit - and one was definitely infected prior to the 27th as reported by the BBC
    Last edited by CHR1S; 3rd March 2011 at 02:08 PM.

  5. #65
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    I think the problem is there are multiple attack vectors going on whether Java, PDF, TDDS, Zeus etc.

  6. #66

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Quote Originally Posted by somabc View Post
    I think the problem is there are multiple attack vectors going on whether Java, PDF, TDDS, Zeus etc.
    Agreed!

  7. #67

    Join Date
    Feb 2011
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We've had two instances of 'Internet Defender' today - pain to remove but MalwareBytes seems to do the trick

  8. #68
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,073
    Thank Post
    812
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    The blocking of Internet Ads was discussed at the conference. On one hand it can have a damaging effect on the site if school tech staff all block ads, EduGeek would get no money as all the ads would be blocked. On the other hand, the consumer gains benefit from blocking ads by closing another attack vector and removing distractions on the page (let's be honest, what is one good reason from the consumer perspective to show adverts? Some TV ad-breaks already take the mick with their frequency and length).

    Ultimately, it's down to a website to ensure it's ads are not compromised, don't get in the way and are of good enough design to not distract the user whilst being visible. hence why pop-ups fell out of favour for legitimate adverts. Likewise any site that has ads which make sudden unwanted noises get's swiftly vacated. The serving of malware also hurts a site in Google rankings and can lead to blacklisting so it is certainly in the site administrator's interest to secure their ad distribution.

  9. #69

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,871
    Thank Post
    574
    Thanked 998 Times in 770 Posts
    Blog Entries
    15
    Rep Power
    461
    I thought about using AdBlock or similar yesterday but realised management of it would be an absolute pain. Frankly, websites revenue streams come second to user and network security. It shouldn't happen in the first place of course, but writing it off because of the fear of blocking a few penny-hits of a banner ad is just daft. Maybe a little fine tuning - i.e. not hitting static ads but blocking java and flashed based ones.

  10. #70

    Join Date
    Nov 2008
    Location
    Chelmsford, Essex
    Posts
    144
    Thank Post
    8
    Thanked 21 Times in 14 Posts
    Rep Power
    15
    We've had at least 7 infections (personal computers and 2 on-site computers) in the last week. All have come through a Java exploit (.jar files stored in the temp files) and deployed the System Tool 2011 fake agent. A full scan using Malwarebytes has cleared them all (except for one which had it's boot-up corrupted). All have mentioned Hotmail. I know several sites are affected by this, but we've taken action by blocking Hotmail as it's heavily used and don't want any more infections until things calm down. Even though this ad servers have been reported to be cleared, it's still happening.

  11. #71

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Yep, see this popping up all over the place. Currently cleaning my 4th and 5th infected laptop this week with Malwarebytes as I write this

  12. #72

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,135
    Thank Post
    1,908
    Thanked 1,343 Times in 742 Posts
    Blog Entries
    3
    Rep Power
    395
    I've done 9 machines this week ( we had two at work and I've done 7 at home - laptops of friends and family ). PITA.

  13. #73
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,025
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    My Dad had this, probably from an out of date version of Java as everything else was fine. Had a member of SMT in a panic on the first Monday back with this on his home computer, didn't mind removing it for him (takes all of 5 seconds...)

    As for school so far we're ok *touch wood* I've always blocked ads at the proxy level for our users, this being a contributing reason for that.

  14. #74

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,871
    Thank Post
    574
    Thanked 998 Times in 770 Posts
    Blog Entries
    15
    Rep Power
    461
    The code would appear to inject a "dropper" trojan : not dangerous itself but rather like Conficker was rumoured to be, just a gateway for other nasties to enter the system. Hence why there appears to be many different types of the same infection, once the dropper is there more nasties can work their way in such as the aforementioned rootkits. Had one yesterday that stopped anything remotely useful being run. My old man's work PC actually rebooted into a "fake safe mode" after it looked like a proper MBR based infection found it's way in off the back of this dropper. Needless to say I didn't waste time in suggesting the use of a liveCD to backup then kill off the HDD!

  15. #75

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,976
    Thank Post
    367
    Thanked 359 Times in 293 Posts
    Blog Entries
    8
    Rep Power
    173
    This is the symptoms I had, programmes being intercepted before being able to run. From a novice in the world of viruses etc, I must say I was somewhat impressed by what this was doing, not taking away the anger and frustration it causes. I guess probably quite easy to do, but I did tip the hat to the creators!!!

SHARE:
+ Post New Thread
Page 5 of 8 FirstFirst 12345678 LastLast

Similar Threads

  1. Replies: 5
    Last Post: 21st October 2010, 04:20 PM
  2. Staffordshire Job evaluation - Are you affected?
    By adicken in forum Educational IT Jobs
    Replies: 81
    Last Post: 22nd January 2009, 11:01 AM
  3. Norfolk MRS Affected People
    By plexer in forum General Chat
    Replies: 21
    Last Post: 22nd October 2008, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •