Feeds

back to article PC-pwning infection hits 30,000 legit websites

A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday. The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a …

COMMENTS

This topic is closed for new posts.
Thumb Up

Noscript ftw!

Yet another attack thats preventable with noscript. If everyone used it properly (eg. not turning on scripts everytime they see a blocked one), cyberspace would be a safer place.

0
0
Silver badge
Linux

Oh, you mean *Windows* PC then.

Should we assume that the Linux, *BSD or Apple PCs are immune?

0
0
Anonymous Coward

Only Windows

I am safe with my Amiga.

If two more people use Amiga's then we will equal the number of Mac users (only the Amiga has more software available).

0
0
Bronze badge
Happy

I'm safe then.

I block "Google Analytics" by default on all websites, regardless of whether I have them on my trusted "White" list..

YEAH!! NOSCRIPT!!!!

0
0

@Pierre

That's a good idea. Assume that you are safe from all threats. Only Windows PCs use javascript after all.

0
0
Coat

I for one...

...welcome our new polymorphic obfusticating overlords. Got to be an improvement on Europe's current crop of politicians, whose morphing and obfustication leave much to be desired.

0
0
Joke

This is why we need....

...PHORM!

0
0
Anonymous Coward

NoScript is not a saviour

NoScript only provides safety in the same way that turning your computer off provides safety. If you want to do anything which involves script type objects then you have to start allowing them. That means you have to start making judgement calls on what is safe to allow. The whole point of this is that you may have already made that call in order to have usable functionality from a trusted site. That trusted site may now be serving up this malware. NoScript is very useful but ultimately the user has to walk a line between risky objects and usable sites, and for the most part has no clear direction for where that line is.

0
0
Happy

@By Anonymous Coward 07:54 GMT

Your comment made my afternoon ;-)

0
0

the key here is ...

if your PC is up to date all you get is a popup. So keep you pc upto date , use firefox with noscript and you are sorted

0
0
Anonymous Coward

Javascript is only half the story

I'm sure the intended target for the "potent malware cocktail" is Windows though.....

or perhaps its scanning for GNU/Linux users who have unpatched vulns that are remote exploits &

then trying to get them to install a (GNU/Linux) package containing "anti-virus" software. What do you think, Apocalypse Later?

0
0
Thumb Down

NoScript only half a solution

NoScript is great if you don't want to do that much on the 'web.

Sadly almost any website where you want or need to do anything interactive on it (I'm thinking shopping, online banking, library catalogues, you name it) require scripts. So fuck it you either keep safe but fail to do what you need to, or you take a gamble and tentatively enable one of the domains blocked until you get enough functionality working to complete what you need to.

We either need a new way of doing 'useful stuff' on websites that doesn't use scripts, or give up and go back to the old way of going to shops and banks, or calling them up using the phone :-\

0
0
JC

Noscript Still A Good Measure

There are some easy choices that allow noscript to remain fairly effective. Even if you allowed a script from a trusted site because it was obvious the functionality of the site was missing without it, once you were redirected to the other site you have no reason to allow scripting there, no reason to allow scripting from another 3rd party site, nor a reason to install rogue anti-virus software from a popup window.

0
0
Paris Hilton

Loathsome as it is

you got to admire the brilliance of the minds that can polymorph and obfuscate beyond reasonable detection.

Now if only the got (or could get?) a proper job contributing positively...

0
0

Another good reason I use a sandbox on my web browser when using windows

C'mon, hasn't everyone seen Sandboxie yet? www.sandboxie.com

I can browse any website with impugnity.. If something happens I dont like, I can terminate every process spawned by the browser and delete everything it's done since the last time I decided to empty the sandbox. Why would you risk exposing your whole computer to the world every time you open a webpage.. sheesh!

0
0
Thumb Down

No Script ?

Luba kok antud lehel ?

Yeah right !!!!!!!

If this is familiar to anyone using No Script, perhaps they can translate it for the benefit of my teenage daughters and me.

It could be ........... Serbian (?) Russian (?)

Thanks No Script.

I still use it every day, even though I don't know what it says.

ALF

0
0
Gold badge
Unhappy

Seen this on an academic website

Next thing I knew I was looking at a map of my local drives and a message saying I got a virus detected. Killed the tab instantly.

AVG site labelling reported the site was OK.

But 30 000 web sites invaded. WTF

0
0
Anonymous Coward

Drop My Rights?

Would DropMyRights be effective in such a scenario (for XP users)? I use it all the time anyway, along with NoScript and IsAdmin.

http://news.cnet.com/8301-13554_3-9756656-33.html

0
0
Linux

Re: Chris

"NoScript only provides safety in the same way that turning your computer off provides safety"

I agree. I've used NoScript several times in the past and I found it a pain in the ass.

Maybe you NoScripters visit the same selection of sites all the time but I visit new sites on a daily basis. Configuring NoScript every time in an attempt to make each new site half usable turned surfing the web into an ordeal. Did NoScript even stop me getting infected? I doubt it as I never got infected via my web browser before using NoScript. It was, therefore, a massive waste of time.

Now I've switched to Linux and all I need to be secure is my common sense. You NoScripters really need to give it a try sometime if you actually care about security but I suspect many of you only use NoScript because you want the illusion of security.

0
0
Anonymous Coward

Sandboxie

"I can browse any website with impugnity."

Such complacency will eventually see you picking up malware, the authors of which are already working on ways to modify behaviour when detected running in a virtual environment. You will hit exactly the same problem that NoScript users have - do I allow (or recover from sandbox) or not. Eventually you will recover something which appeared benign and it will get onto your main system. That's if increased vulnerability attacks on the likes of Sandboxie, and other virtualised environments, don't pick you off first.

0
0

used noscript

got fucked off with stuff not working got rid of it !

malwarebytes can be used if need be ..

0
0
Stop

I thought El Reg was for people who knew something about IT

@ Lionel Baden: good solution, let's wait until somebody steals our bank details or make us part of a DDoSing botnet and *then* we'll start cleaning it up. Never heard the phrase "prevention is better than cure"?

@ John Smith: you probably just fell for an old trick where your browser reflects your system environment variables back at you, and nobody else would see those details. That trick's been around since Windows 95 and has great shock value, but little else.

@ NoScript haters: yes, it's not perfect, but neither is configuring a firewall to allow apps in/out every time I have a new app. Shall we just bother with firewalls either, because they're inconvenient? Oh god, heaven forbid we have a little bit of good old fashioned effort combined with a little bit of good old fashioned common sense, that would surely be too much. Let's just stick with one-click-idiot-level-simple and nice shiny websites that look pretty and deliver malware, than have to make even the slightest, most basic bit of effort. I, too, hated NoScript when I first used it. I've reinstalled it since and taken a little bit of time to figure out how it all works, and now I love it. Grow up and stop viewing the internet in terms of black and white.

0
0

Software

Any idea of the software affected? I presume it was a CMS?

0
0

Just a correction ....

.... the fact it's obfuscated actually makes it easier to spot as obfuscated scripts are instantly analyzed when I come across them (specifically because I want to know what they're trying to hide from me)

0
0
Anonymous Coward

Fyi

Blocking google analytics won't help because it's not being served by analytics, just something that looks like it.

Noscript probably _will_ work because even if the initial render is being served by the trusted website it's still referencing external javascript, which will not be trusted by default by NoScript even if the rendering site is.

If my wife can handle NoScript, I don't see why any reasonably computer literate person shouldn't be able to.

0
0
Unhappy

What's the effing point?

What is the effing point of giving out scary advisories with useful information missing... such as the domain names we should be checking for in our log files?

0
0
Boffin

More details, please

If I may interrupt the lusers boasting about Linux and Noscript for a moment, I'd like to know the details of this "common application" vulnerable to SQL injection. Some of us have to look after these web servers, you know.

0
0
Thumb Up

NoScript is changing web development

The number of sites which absolutely require javascript is decreasing. Nowadays it is much easier to argue for a scriptless fallback to every bit of javascript functionality with clients and pointy-haired bosses, due in part to the rise of NoScript. Which in turn makes it more likely people will use NoScript, confident that sites they're using will still actually work.

Half a million downloads per week is not to be sniffed at (although that probably only translates to about half a million active users, as it is very frequently updated).

Also, I haven't studied this particular attack, but it would be unusual if the script is hosted on the same domain as the site, as that would require two separate modifications to the site's code. In which case the most common NoScript habit of only allowing scripts from the same domain would prevent it from running, assuming the site is in the user's whitelist or actually requires scripts to be enabled. IMO NoScript is "good enough" protection against script-borne attacks. Shame it requires a certain level of knowledge to use effectively.

0
0
Linux

So...it's better with Windows?

This is interesting in light of Saturday's other article on El Reg about the M$/Asus puff-piece/FUD website www.itsbetterwithwindows.com for netbooks (http://www.theregister.co.uk/2009/05/30/its_better_with_windows/).

Netbooks with Linux are one of the IT industry's best efforts at producing secure on-line appliances for Jo/Jill Public to use with relative confidence that they won't be pWn3d. All the more so with so many legit websites compromised in this way. Just a shame to see a decent company like Asus get muscled into M$'s monopolistic attempts to crush all that is Open Source.

0
0

Hmm

Any of you guysd noticed that annoying MSN messagner one thats floating around also.

The user keeps sending you daft messages..

You then tell the user and they dont belive you lol

0
0

Re: Alfazed

Luba kok antud lehel == Permission granted to No. page (using Google Estonian translation)

0
0
Flame

I could have put money on the first post.

Now stop your cock waving.

0
0

RE: I could have put money on the first post.

While it may be "cock waving" a little it's also a nice reminder to use said product. NoScript _seems_ to have prevented the malware downloading onto my PC so it's worth installing.

One of the sites that host the code seems to be m-analytics.net -- there's is the only other domain wanting to run scripts on my machine on a webiste I know to be infected.

0
0
Anonymous Coward

Isn't NoScript malware itself?

Awful plugin, just turn off JavaScript in FF under.

Edit->Preferences->Untick Enable Javascript

If you don't want to use JavaScript.

Though JavaScript is hardly ever the problem, normally an activeX object or Flash is at the end of it, and JavaScript if used is actually more likely to break the chain of compromise.

0
0
Gold badge
Happy

@ Jason Togneri

"you probably just fell for an old trick where your browser reflects your system environment variables back at you"

That sounds about right. However my usual response is *never* to click on something offered as a "Solution." Just dump the page. On the up side from the article the attack failed to find any of the silent gaps it would have used otherwise.

0
0
This topic is closed for new posts.