For MikeBCda

Re: SpywareBlaster update

All 34 new restricted sites pertain to lizamoon (and cohorts). Lizamoon .com is currently offline.

Part 2

Actually, now that I check those sites, they ALL seem to be down. So, what’s up with SpywareBlaster? Spoofy dust? Snake oil? >:(

The lizamoon attack is a fast developing SQL injection attack, whilst this redirects to the lizamoon site, the SQL injection can infect legitimate sites as well as the temporarily setup sites which will get busted.

Personally for this type of SQL injection attack which can be absolutely massive trying to block only the redirect lizamoon site is the only reasonable way to go as the tru list of lizamoon infected sites runs in the thousands. So unless these other sites are also redirects related to the redirections in those sites infected, then they are prety pointless.

Thank you, DavidR. So, are we protected from the redirects with something like Request Policy (FF add-on)?

You’re welcome.
First if you do a search for lizamoon in the viruses and worms forum you will already see that avast’s web shield provides protection against the SQL injection style attack as it detects the presence of the injected script tag and alerts. This isn’t dependant on the actual target/remote site which could obviously change.

NoScript would provide greater protection as the redirection is in a script tag on infected sites. However, if this SQL injection/Hacking attack has happened to a legitimate site that you regularly use you are likely to have allowed scripts on ‘that’ site, but unlikely to have done so in the remote site.

RequestPolicy does prevent cross site scripting and would help in these type of attacks, but I would say that this would be in the order of the avast web shield (and possibly network shield), firefox and NoScript, followed by RequestPolicy.

Some find RequestPolicy to be a step too far as you would be surprised just how many sites have multitudes of cross site access. Whilst much of it doest effect the actual page content, some of it will and that could be intrusive/slow in determining which should be allowed. Me I don’t find that too much of a chore.

Thank you for the detailed explanation. I will continue to use NoScript, Request Policy, and SpywareBlaster for protection from this type of exploit. I run Win 98 and recently replaced Avast with ClamWin and Clam Sentinel (real time and heuristics) for my antivirus, so Avast is not an option.

Your help and sensible logic are greatly appreciated on these boards. TU

As Win 98 is as old as Methuselah no wonder avast! is not an option!
http://en.wikipedia.org/wiki/Methuselah

You’re welcome.

Yet, another useless post by an avast! Evangelist. :frowning:

Thanks for the info, Siminion. I was a little surprised to see this topic here – I presume it relates to my posting over at Wilders a day or two ago?
(Edit) Working my page up the page, apparently I’d forgotten I’d also posted a comment here, in the Updates thread. Thanks anyway.

You’re welcome, Mike.