|
server-side-polymorphism-malware
|
|
|
Mez
AfterDawn Addict
|
23. August 2013 @ 15:05 |
Link to this message
|
I have been criticized for believing in invisible malware even though I have posted links supporting this as far back as 12/12.
Even 2old will probably get it if he takes time to read the link that I know he will. No offence 2old I just like to stir the pot too and you have taken enough cheap shots at me. I apologize in advance.
Below is the best article I have read so far on 'invisible malware' or unscannable malware. The video at the bottom is a must. You see code, you see a function scrambel the code then you see several scrambles more scrables each scramble looks nothing like the others then the garbage is executed and it works fine. Traditional AV scanners have no hope of detecting this new plague.
server-side-polymorphism-malware by sophos
This is why most malware infections are all done from web servers. The attacks are mainly in the form of links. If you click on the link you are infected. Infected adds and infected legit web pages also will infect you using hidden injection frames/ports. There has been a massive increase into website getting hacked through a varity of processes.
Sorry I cut and pasted the link. I was at work and the only allowed browser would not allow me to use the link button and it also 'truncated' some of the url in the middle of the url not at the end and I didn't catch it.
This message has been edited since posting. Last time this message was edited on 23. August 2013 @ 19:30
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
23. August 2013 @ 18:33 |
Link to this message
|
|
Where's the video? the link only takes me to the naked security web site..
p.s. which article is it?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 23. August 2013 @ 18:35
|
Senior Member
|
23. August 2013 @ 19:55 |
Link to this message
|
|
i think i will take my chances here.piss on the electric fence enough and it gets numb.lol.
|
AfterDawn Addict
|
23. August 2013 @ 20:01 |
Link to this message
|
|
OOOOOOOOOOOOOOh aldan, be nice! You know I have the patience of a Sphinx... Has not moved in 5000 years. :)
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 23. August 2013 @ 23:39
|
|
ddp
Moderator
|
23. August 2013 @ 22:27 |
Link to this message
|
|
|
AfterDawn Addict
|
23. August 2013 @ 22:50 |
Link to this message
|
|
Yeah, I can't spell well and if I miss spell with another word that is spelled correctly and my spell corrector misses it, I get chastised by someone who doesn't know the difference between Then and Than.. gotcha :)
I am getting a different page from that link, now. Maybe one of those invisible Tooth Fairies were holding me back and shaking in their little Pixie boots.. LOL
|
|
ddp
Moderator
|
23. August 2013 @ 22:55 |
Link to this message
|
|
that is why i did it as you got me the last time. stop scaring thoes faries, you meanie!!!!!
|
AfterDawn Addict
|
23. August 2013 @ 23:19 |
Link to this message
|
That's far from new.. How do you think JavaScripts get into your computer and why they are so hard to remove?
Just follow the first 3 rules for computing 1.backup! 2.backup! and 3.BACKUP!
With your OS and applications backed up, you can simply restore your C drive and 'Poof' the unknown/ invisible becomes history.... Besides, If you goose a ghost... You get a handful of SHEET!
|
Senior Member
|
24. August 2013 @ 00:59 |
Link to this message
|
Originally posted by 2oldGeek:
OOOOOOOOOOOOOOh aldan, be nice! You know I have the patience of a Sphinx... Has not moved in 5000 years. :)
just got of a 19 day stint working.i havent moved in 3 days.lol.
|
|
Mez
AfterDawn Addict
|
24. August 2013 @ 08:51 |
Link to this message
|
Is the link working for you now?
I corrected the link. The problem was I cut and pasted the link but didn't test it. 99% of the time that works fine but I was at work and the security is tight. The browser has java scripts ect turned off and users can't alter them. If you figure out of to get around any security and they find out, kiss your job goodby. The browser also 'figured' the url was too long and took out some of the url characters out of the middle and I missed that while pasting.
aldan, I have seen pictures to the result of pissing on something electric. I hope it wasn't an electric fence as advertised. The weener was charred around the urethra.
|
Senior Member
|
24. August 2013 @ 12:27 |
Link to this message
|
|
nah mez,thats just an old joke.took a look at the video.sure a challenge for the security companies eh?
|
AfterDawn Addict
|
24. August 2013 @ 13:53 |
Link to this message
|
@aldan, Mez was a city boy and just doesn?t understand electric fences like us country bumpkins. LOL
@Mez the best way to keep from getting these invisible, Java Ghosts is to use Avast! With a real time JavaScript scanner and K9 Web Protection:
K9 Web Protection by Blue Coat.
K9 Web Protection is a FREE service. I say service because the way it works is the sites you visit are filtered through their servers as opposed to them being checked through something like a HOST File that?s installed on your computer. You still have to install a driver on your computer, but the work is done remotely. The administrative control panel is actually a Web site you go through to view sites.
? How does K9 work?
K9 maintains a database of Web sites that contain pornography, malware, spyware, suspicious, hate speech, violence, gambling and more than 60 other categories. When a computer user tries to go to a site that's in a category set to blocked, the "prohibited" screen appears and the site is Blocked.
If a user tries to go to a Web site that the database hasn't seen before, it scans the content of the site for inappropriate material, and then either permits or prohibits the site (this process is called DRTR -- Dynamic Real-Time Rating). This happens so quickly the user doesn't realize its happening. New prohibited Web sites are added to the database.
Check it out. I never get anything I don?t want. And my routers SPI Firewall keeps the lion?s share of the crap I didn?t request OUT!
p.s. I have my computer so locked down from malware that I don't get any.. note: if and when something does slip through, it tickles the piss out of me, then I get to play with the malware.........what a thrill!
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 24. August 2013 @ 14:02
|
|
Mez
AfterDawn Addict
|
25. August 2013 @ 22:22 |
Link to this message
|
Thanks 2old! Good suggestion.
We use a high-end blue coat product at work. I didn't know they had a free or even affordable product so I will look into that. No one has figured out how to make an infected web page scan clean.
Buy the way I may not be as big a bumpkins as you but I am familiar with electric fences. Enough to know some have a pulse. You can carefully touch one, think it is safe then get zapped. Although I have lived in the burbs most of my life they have mostly been the rural burbs. Like where I am now. Deer are the major trouble makers. You can only shoot deer with bows. When we first moved in we thought it was nice to see a herd of deer grazing in our back yard. Now I sick the dogs on them when ever I see even one. My son caught a copperhead in our back yard last year. We are the wild kingdom.
|
AfterDawn Addict
|
25. August 2013 @ 22:34 |
Link to this message
|
|
LOL where I live, If something doesn't have fangs, teeth, claws or a stinger; it has Thorns! :(
|
|
Mez
AfterDawn Addict
|
27. August 2013 @ 20:53 |
Link to this message
|
|
Sound like you are out west. I live near DC so were are very green. I live up in the head waters of Rock Creek. The White House used to get its drinking water from that creek. All the land surrounding the creek is park. I live between 2 small branches so we are nearly surrounded by park. That is handy when you have organic trash to get rid of. Our boys would 'live' in the woods during the summer. Because we are heavily wooded every other homeowner has a chain saw.
We are in an ultra liberal county. You can't even shoot a gun here. Up about 20 miles, in the next county I have been to parties where after you drink your beer, you throw the can into the creek and sink it with a bullet. At one, if you couldn't sink it within 2 shots you were flagged. They kept a wide array of pistols on a picnic table just for that purpose. My wife did not approve of these kind of parties but came along anyway. I enjoyed my self.
|
AfterDawn Addict
|
27. August 2013 @ 21:04 |
Link to this message
|
Originally posted by Mez:
Sound like you are out west. I live near DC
Hell, my back yard is bigger than DC... LOL Horned toads, bobcats, diamondbacks, scorpions, etc. etc. etc. :)
|
|
Mez
AfterDawn Addict
|
28. August 2013 @ 18:44 |
Link to this message
|
|
My sons and I would love it. Not my wife.
If I wasn't working I would not be close to people. An hour each way commute is plenty.
|
|
Mez
AfterDawn Addict
|
30. August 2013 @ 10:09 |
Link to this message
|
I finally gotten around to researching K-9. My worry was more about false positive and that infections are very transitory for any decent site. I will give it a shot. I have upped the security on my firewall as well. Again ramping up the security will cause some trouble. Hacker will fake a later responce to something your browser sent. It is set now to reject those. I may be able to relax that after I start using K-9. I believe these attacks mostly come from an infected site that you are browsing. By avoiding the page you prevent the attack.
As all your suggestions this was a good one.
|
AfterDawn Addict
|
31. August 2013 @ 09:51 |
Link to this message
|
Originally posted by Mez:
I finally gotten around to researching K-9. My worry was more about false positive and that infections are very transitory for any decent site. I will give it a shot. I have upped the security on my firewall as well. Again ramping up the security will cause some trouble. Hacker will fake a later responce to something your browser sent. It is set now to reject those. I may be able to relax that after I start using K-9. I believe these attacks mostly come from an infected site that you are browsing. By avoiding the page you prevent the attack.
As all your suggestions this was a good one.
I try never to suggest anything that I have not fully tested. When setting up K-9, I use the custom web category settings and only select Spyware/Malware, Spyware effects, Suspicious and Phishing. Then in Other Settings, select Filter Secure Traffic and in Blocking Effects select Show HTTPS Blocks. I don?t use any of the other categories but they are useful if you have young kids on the computer.
I do not use a software firewall, I use a NAT Router with at minimum WPA2 security and SPI Firewall. I won't beat this to death, but hardware is always better than software.
To test AntiMalware, security programs, I use a virtual machine program called Deepfreeze and get ZeroDay malware to test with from sites that display this warning:
Quote:
WARNING: All domains on this website should be considered dangerous. If you do
not know what you are doing here, it is recommended you leave right away. This
website is a resource for security professionals and enthusiasts.
This month I have tested against 215 new ZeroDay exploits. That way I can figure just what is the best combination to use in a layered security setup..
2oG
da old yin
|
|
Mez
AfterDawn Addict
|
1. September 2013 @ 12:32 |
Link to this message
|
I will need to check it out I installed it on the family computer yesterday but I didn't have a chance to play with it. My wife usually doesn;t follow any security precautions.
Quote:
This month I have tested against 215 new ZeroDay exploits. That way I can figure just what is the best combination to use in a layered security setup..
My hats off to you!
|
AfterDawn Addict
|
1. September 2013 @ 20:45 |
Link to this message
|
Today was my fun day? Mama didn?t have a honey-do list for me so I played with Trojans?
Found 38 New ZeroDay Trojans and ransomware on a Russian site? All were on the same site as of now but you can bet that it will be all over the net in the next few days.
There were Fake Firefox updater Trojan, Fake IE updater Trojan, Fake Chrome updater Trojan and a ransomware that screwed up your computer and then wanted money to fix it.. Most all of these where the same but had different links on the site..
I turned off all my security and downloaded 4 of them, one of each that was a little different. The sad part is that the fake browser Trojans are easily recognized by us old guys because browsers just do not update from a download on the net, but it may hook the newbies..
After installing and playing around with them, I found the best program for removal is MalwareBytes Anti-Rootkit it did a very good job of removing and cleaning up the registry. I ran Hitman Pro for a second opinion after the clean up and it found nothing. Even though it found nothing, I restored my Boot drive backup just to be on the safe side..
Now I?m happier than a camel on Wednesday :)
2oG
|
|
Mez
AfterDawn Addict
|
2. September 2013 @ 12:05 |
Link to this message
|
I was just snookered by a fake Adobie reader. I Googled for the reader and the top pick looked good and the page looked good but I couldn't down load it because the file looked suspicious to one of my scanners. I did a double take and the url only looked OK if you didn't look too hard. I was pleased that even if I was asleep my security was still awake.
Quote:
Even though it found nothing, I restored my Boot drive backup just to be on the safe side.
Better safe than sorry.
|
AfterDawn Addict
|
2. September 2013 @ 14:38 |
Link to this message
|
I don't use Adobe reader anymore, it's a big Target for malware.. Sumatra is lite and does a great job without attracting malware?
Download -> Sumatra PDF
I also uninstall Java on all my machines. It?s a big target and really not needed.
Article about Java -> Here!
2oG
|
|
Mez
AfterDawn Addict
|
3. September 2013 @ 21:21 |
Link to this message
|
Yes I have disabled Flash and I have not removed Java but I have read about how dangerous Java is. It seams like the industry is moving to make itself less secure at a bad time. I will try Sumatra Adobie products are trouble waiting to happen. I had been running without a PDF reader till I got something I really needed to read.
The US Cloud industry is blaming the NSA for killing their industry because they have hacked into all the different clouds. I figure they are doing us a favor. Maybe companies will think twice before putting anything they want to keep secret in a cloud. If you want to keep something secret it can't be connected to the web or any wireless network.
|
|
Advertisement
|
|
|
AfterDawn Addict
|
3. September 2013 @ 23:43 |
Link to this message
|
Originally posted by Mez:
Yes I have disabled Flash
Flash is surely a target but, there is no alternative at this time so what can you do? :(
More that half the people on the street don't even know what the NSA is and really don't care as they text on their smart phones while driving along..... One damn near run over me today. : o
|
