I have heard there are exploits in both the programs mentioned in the title, what are these exploits and will Avast cover these in future updates or at least the viruses made to use these exploits?
I believe one of these exploits is detailed here http://vil.nai.com/vil/content/v_140835.htm
Where Ajax does change the threat landscape is that it allows an attacker to exploit XSS vulnerabilities in a more covert manner. Malicious code can make multiple requests in the background while the user will be unaware of anything untoward happening. XSS attacks can be used to steal data, take control of a user’s session, run malicious code, or launch phishing scams.
Securing Ajax applications is a new challenge for anyone involved in developing or managing Web-based services. As yet there aren’t really any comprehensive automated Ajax application security assessment tools. So until developers become more security aware, particularly about the unanticipated malicious use of their application’s features, we’re not likely to see a reduction in the number of successful attacks against Web 2.0 sites.
However, one of the benefits of Web-based applications is that deploying fixes is typically fast and easy, requiring no action from the user. This does mean that vulnerabilities, once discovered, can be removed quickly without the need for users to download and install patches themselves.
How to find protection, go to YouTube with Firefox with NoScript installed, scan the YouTube hyperlink you like to load and view with DrWeb’s antivirus hyperlink scanner plug in for Firefox or Flock when you have allowed,YouTube temporarily with NoScript and after the hyperlink is shown to be OK only then click your YouTune hyperlink and enjoy.
polonus
But is Avast aware of this new Storm worm that is of high severity and will the Avast team be monitoring and updating Avast accordingly?
ps does Avast detect generic signatures or what I mean to say is the basic code of a family of trojans (so a variant is flagged even without a signature) or does each variant need its own signature?
Hi sanctuary24,
We are only the avast evangelists, the answer to this specific question lays in the hands of the avast staff people and the avast webforum moderators or full avast members on this forum. Maybe they can come up with an answer to your question, but I am almost sure this has their full attention. It is true however that the malcreants of this worm are very, very clever devils, and even try to infect users using an infectious Tor.exe download (as they say to protect against their very malicious creation). They shy away from the places where researchers try to analyse their malware and only infect specific users.
It is a nasty piece of malware, indeed,
polonus
How would I get an Avast team member to look into this query of mine mate?