welcome all , this subject is for advanced users only , I dont think beginners will find any interest with it .
lets begin with tech stuff .
the virus is spreading as chat message or facebook event , mainly with “see who visited your profile” , the virus usually asks users to copy certain code and paste it to addressbar of the browser , the url “infact java order” triggers java file “.js” on other server , and it uses facebook window as “child window” under that file “or something like that , I am not java specialist”
the code wanted to put in the address bar
**REMOVED**
obviously triggers “topviewz.info/fb.js”.
the first version of this virus was in plain java code , this version contain encrypted code too.
Ideally any exploit code should be an image to prevent any possible alert by avast!
Even in a code tag, whilst it doesn’t parse the code on the page, it doesn’t stop the web shield when it scans the page code it isn’t parsing it just looking for exploits, etc. So if this was something detected by the web shield then it would effectively be locking us out of the topic.
You can use this image to replace the code tag.
Nothing to stop you sending this .js file to avast for analysis.
sorry - it is the second time this day - still not know the rules .
about the code , I thought that I can find someone who can think with me about some way “maybe manually” to stop the spreading.
thank you anyway.
There are no hard and fast rules, it is just safety first really, especially when using examples of exploits, etc. You would be surprised how many times avast alerts on such exploit code in other sites/forums.
Short of sending the .js file/exploit code to avast, virus at avast dot com email address or from the chest.
If you are interested in personally stopping it in your regular browsing, I would say firefox with the NoScript and possibly RequestPolicy add-ons, should stop such exploits dead in their tracks if avast didn’t detect the exploit.
This particular thing, is more a spam issue than a virus issue, since the js file that it invokes, causes automatic message/chat/event sending, thus perpetuating the cycle.
As far as I can tell, there is not much more to it, but I don’t see why there wouldn’t be.
I think Facebook need to look into preventing the external posting etc…
Well currently it is spam related, but there is nothing stopping the external posting being used for malicious purposes, cross site scripting, etc. Hence my comment about using RequestPolicy.
I agree, and I am not completely sure, but I think that NS would prevent the js file from working correctly (Cross Site Scripting part of it) But it doesn’t stop those who don’t know about Firefox/NS or even about the general no-nos regarding said script in the first place.
Site that is triggerend also re-directs to hxtp://widgets.amung.us/tab.js which is listed for ad-tracking, see: http://hosts-file.net/?s=widgets.amung.us ,which service can be considered benign, but some have it blocked rather…
With no-script and RequestPolicy active you would not have to worry about this,
I’ve Installed No-Script , the problem is , you must allow script on facebook , or else you will not be able to use it!
thanks in advance.
*I hided my mail , I thought it will be hidden by default .
**I’ll send the link to avast team , so they can make an anti for it , and maybe they know the pattern and make some update to stop this method for future attacks.
There is no problem to partially allow NoScript for a trusted site, but then it will continue to block redirects to elsewhere and eventual malcode, so you are still being protected, or you have to specifically allow script for the malcode site/tracking site as well, similar for the NotScripts extension in GoogleChrome allow one, block others. On this forum you can only allow/block one that is for avast dot com. It is all not that very complicated to do and will even protect from future script exploits and that is a reassuring thought, isn’t it.
- still not know the rules .