51% of malware now from legit sites that were being compromised!

General Topics
1

Hi malware fighters,

Malware is no longer being launched exclusively from sites that were explicitly made for that purpose:
http://www.websense.com/global/en/PressRoom/PressReleases/PressReleaseDetail/?Release=0801221559
Malware is now also launched in great quantities from sites that are legit and were later compromised by malcreators to launch malware from,

polonus

2

This only emphasizes the need for using browsing aides like:
finjan
McAfee SiteAdvisor
RgGuard
and others.

3

I disagree. This actually goes against tools like McAfee SiteAdvisor as these are generally based on a database of ratings. But if the site gets compromised, these ratings aren’t (and cannot be, really) updated so quickly.

4

Vlk,
Are saying that it’s safer to browse the net with out these tools ???

5

One thing is for sure… it is not bulletproof, but it is a lot safer to browse the net using Mac.

6

Thats because hardly anyone uses it and malware writers aren’t gonna spend days of coding just to compromise few hundred users when they can compromise few hundred thousand to few milion on Windows platform with same efffort. Same goes for Linux.
Just wait till they get more widely used like Windows right now…

7

Hi bob3160,

Vlk has a point there, the site can have secure ratings from SiteAdvisor and still recently being compromised and spreading malware. Again DrWeb’s av hyperlink checker would be helpful here, because that works through real time scanning on their servers to check against malicious code. That is why I have it inside Flock and Firefox, and you should have it inside IE7 too: http://www.freedrweb.com/browser/

polonus

8

Few things is simply not true…

First of all it is not few hundreds of users, that’s ridiculous statement.

Second of all, whether they don’t want or don’t have any interest, I am sure writing things like these viruses for Unix based machines would be a lot more difficult challenge than writing them for something full of holes like Windows is… that goes for any version of Windows, especially for Vista. Why would MS rush so much with developing Windows so called 7 then if everything goes fine with Vista ? Simply because they admitted Vista is one of the biggest failures in MS history.

As I said… nothing is bulletproof, but for the moment using Mac is a lot safer than using Windows… that’s exactly what I said.

9

Damien,
My statement was that using these browser aids would make you safer.
I didn’t say it would bullet proof you.
Nothing can do that not even Drweb.

I still maintain that using these tools keep you safer than not using them. :slight_smile:

10

That’s true Bob and I agree with you on this one… believe though that Vlk was just pointing out that we can not rely on tools like McAfee Site Advisor too much because just because they are not real-time kind of scanners but depend on users’ reports.

11

Anyone can put in a report to McAfee Site Advisor , even the owner of a intentional spoofed malicious site . I use GNU/Linux online nowadays .
I’ve found Finjan gives some idea of safety of a URL .

12

Yes that’s true also, but I think they are still checking the content of each page. The only problem is it takes so long sometimes.

13

I’m sure your right,unfortunately I aint got one ( maybe one day ) in the mean time,unless I’m downloading something,I do all my browsing with Sandboxie + DropMyRights.I’m no expert, but the more I use and read about Sandboxie, the more I think its got to be one of the most underrated free programs available.(although I eventually bought my copy )A lot of clever people on the Wilders forum rave about it, and it is so easy to use

14

Hi bob3160 and micky77,

Being confronted with malware from browsing depends on your browsing attitudes, and whether you like to play it safe. That means upgrading and patching all the software you have on your windows box (yes, also update the latest versions of your rar or zip program, secunia has a nice program to see if your computer is patched against the latest program bugs, holes etc.: http://secunia.com/software_inspector/ ).

Another thing is to understand that the main vector to infect your machine(s) through browsing is spelled as one word, namely script if it comes in the form of malicious java, or css, mal-transversal or css, poisoned cookies, browser hijacks, droppers and what more have you. All this malicious script can be blocked from running using a Mozilla add-on by the name of NoScript. This extension even helps against script exploits Mozilla developers have not even seen. so-called 0-day holes. Yes, Mr. Maone, the developer of the NoScript extension sure deserves a statue for his creation.
Sandboxie does more or less the same however de facto (this is to nullify after the fact) but through quite another concept, and working a computer without full admin rights (or with SafeXP for instance) prevents against secret hidden installs of malware onto your machine.
So whenever you use a Mozilla type browser, go here to add NoScript from here: https://addons.mozilla.org/en-US/firefox/addon/722
Browser security is a question of learning the right attitudes, after every session clear out the cache, cookies etc using Ctrl+Shft+Del and before I close down my computer I run ATF Cleaner and ClearProg to crap clean my browser. For the paranoid there is of course Stealther from here: https://addons.mozilla.org/en-US/firefox/addon/1306
or Distrust from here: https://addons.mozilla.org/en-US/firefox/addon/1559 to further hide your surfing trails and I use UserAgent Switcher https://addons.mozilla.org/en-US/firefox/addon/59 to be able pose as another browser, which can be advantageous in searching matters (doors are opened for ye or doors stay closed to you) or otherwise.
In-browser security - you can take it further than you think , so give it a thought,

polonus