Are avast users protected against so-called "mass meshing" injection attacks?

Hi forum friends,

Never underestimate your adversary, else you soon have lost the game. The malcreants came up with a new grand scale attack to infect reputable sites and to infect users that visit these sites through exploits. A write-up of the new grand scale attack can be found here: http://blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html (source Armorize Malware Blog, poster WAYNE HUANG, credits go to Wayne Huang, Chris Hsiao, NightCola Lin, Fyodor Yarochkin for the description of this mass drive by download injection.)
With this kind attack campaign detection is much harder

But when innocent but infected domains are added to blacklists, care must be made to monitor and remove them from blacklisting quickly, and so as to not cause false alarms.
and
For those URLs we listed in the [6. List of 700 infected websites] section, Google flagged roughly 20% of all the sample URLs based on this sidename.js Mass Meshing Injection attack. Another 10% was either already blacklisted due to past attacks or recent ones, both of which had nothing to do with Mass Meshing Injection.

And so using the 700 URL samples and Google blacklisting as an example, 70% of the infected sites were not flagged, 20% were flagged due to Mass Meshing Injection (sidename.js), and another 10% was either already flagged a long time ago, or was flagged recently due to other compromises. (So this 10% of websites had multiple compromises)

Quotes taken from above mentioned article.
As injected content may differ all the time, question is are we being protected by the avast shields or do we have to rely on in browser protection (NoScript and RequestPolicy - NotScripts, BPB) or see to it that all our OS and third party software on the computer is fully updated
(check through secunia.com/vulnerability_scanning/online/ ), a succesful attack installs a backdoor that so-far is only being detected by three av products, see: MD5 hash= 99d8f7531f8239214e22067ccfc2d1fd, checked at ViCheck.ca, delivering: http://www.virustotal.com/file-scan/report.html?id=5e2c460de85b21fab54fbc1d5d58b361a1a0ef01cd2e1eded4dbf338f13382d7-1307661080

polonus

That’s why we use NoScript…! :wink:

Hi Asyn,

Here is what webmasters could do to protect their visitors, see this link here: http://www.magentocommerce.com/boards/viewreply/328407/
(Source Magento Forum - Script Injection - Magento Issue)
Poster at link given above = Chiefair (boards/member/155565 on Magento Forum)

It seems sucuri free scan detects it: http://sucuri.net/malware-injection-sidename-js.html

polonus