Yet another attack thats preventable with noscript. If everyone used it properly (eg. not turning on scripts everytime they see a blocked one), cyberspace would be a safer place.
Oh, you mean *Windows* PC then.
Should we assume that the Linux, *BSD or Apple PCs are immune?
I am safe with my Amiga.
If two more people use Amiga's then we will equal the number of Mac users (only the Amiga has more software available).
I'm safe then.
I block "Google Analytics" by default on all websites, regardless of whether I have them on my trusted "White" list..
I for one...
...welcome our new polymorphic obfusticating overlords. Got to be an improvement on Europe's current crop of politicians, whose morphing and obfustication leave much to be desired.
This is why we need....
NoScript is not a saviour
NoScript only provides safety in the same way that turning your computer off provides safety. If you want to do anything which involves script type objects then you have to start allowing them. That means you have to start making judgement calls on what is safe to allow. The whole point of this is that you may have already made that call in order to have usable functionality from a trusted site. That trusted site may now be serving up this malware. NoScript is very useful but ultimately the user has to walk a line between risky objects and usable sites, and for the most part has no clear direction for where that line is.
@By Anonymous Coward 07:54 GMT
Your comment made my afternoon ;-)
the key here is ...
if your PC is up to date all you get is a popup. So keep you pc upto date , use firefox with noscript and you are sorted
I'm sure the intended target for the "potent malware cocktail" is Windows though.....
or perhaps its scanning for GNU/Linux users who have unpatched vulns that are remote exploits &
then trying to get them to install a (GNU/Linux) package containing "anti-virus" software. What do you think, Apocalypse Later?
NoScript only half a solution
NoScript is great if you don't want to do that much on the 'web.
Sadly almost any website where you want or need to do anything interactive on it (I'm thinking shopping, online banking, library catalogues, you name it) require scripts. So fuck it you either keep safe but fail to do what you need to, or you take a gamble and tentatively enable one of the domains blocked until you get enough functionality working to complete what you need to.
We either need a new way of doing 'useful stuff' on websites that doesn't use scripts, or give up and go back to the old way of going to shops and banks, or calling them up using the phone :-\
Noscript Still A Good Measure
There are some easy choices that allow noscript to remain fairly effective. Even if you allowed a script from a trusted site because it was obvious the functionality of the site was missing without it, once you were redirected to the other site you have no reason to allow scripting there, no reason to allow scripting from another 3rd party site, nor a reason to install rogue anti-virus software from a popup window.
Loathsome as it is
you got to admire the brilliance of the minds that can polymorph and obfuscate beyond reasonable detection.
Now if only the got (or could get?) a proper job contributing positively...
Another good reason I use a sandbox on my web browser when using windows
C'mon, hasn't everyone seen Sandboxie yet? www.sandboxie.com
I can browse any website with impugnity.. If something happens I dont like, I can terminate every process spawned by the browser and delete everything it's done since the last time I decided to empty the sandbox. Why would you risk exposing your whole computer to the world every time you open a webpage.. sheesh!
No Script ?
Luba kok antud lehel ?
Yeah right !!!!!!!
If this is familiar to anyone using No Script, perhaps they can translate it for the benefit of my teenage daughters and me.
It could be ........... Serbian (?) Russian (?)
Thanks No Script.
I still use it every day, even though I don't know what it says.
Seen this on an academic website
Next thing I knew I was looking at a map of my local drives and a message saying I got a virus detected. Killed the tab instantly.
AVG site labelling reported the site was OK.
But 30 000 web sites invaded. WTF
Drop My Rights?
Would DropMyRights be effective in such a scenario (for XP users)? I use it all the time anyway, along with NoScript and IsAdmin.
"NoScript only provides safety in the same way that turning your computer off provides safety"
I agree. I've used NoScript several times in the past and I found it a pain in the ass.
Maybe you NoScripters visit the same selection of sites all the time but I visit new sites on a daily basis. Configuring NoScript every time in an attempt to make each new site half usable turned surfing the web into an ordeal. Did NoScript even stop me getting infected? I doubt it as I never got infected via my web browser before using NoScript. It was, therefore, a massive waste of time.
Now I've switched to Linux and all I need to be secure is my common sense. You NoScripters really need to give it a try sometime if you actually care about security but I suspect many of you only use NoScript because you want the illusion of security.
"I can browse any website with impugnity."
Such complacency will eventually see you picking up malware, the authors of which are already working on ways to modify behaviour when detected running in a virtual environment. You will hit exactly the same problem that NoScript users have - do I allow (or recover from sandbox) or not. Eventually you will recover something which appeared benign and it will get onto your main system. That's if increased vulnerability attacks on the likes of Sandboxie, and other virtualised environments, don't pick you off first.
got fucked off with stuff not working got rid of it !
malwarebytes can be used if need be ..
I thought El Reg was for people who knew something about IT
@ Lionel Baden: good solution, let's wait until somebody steals our bank details or make us part of a DDoSing botnet and *then* we'll start cleaning it up. Never heard the phrase "prevention is better than cure"?
@ John Smith: you probably just fell for an old trick where your browser reflects your system environment variables back at you, and nobody else would see those details. That trick's been around since Windows 95 and has great shock value, but little else.
@ NoScript haters: yes, it's not perfect, but neither is configuring a firewall to allow apps in/out every time I have a new app. Shall we just bother with firewalls either, because they're inconvenient? Oh god, heaven forbid we have a little bit of good old fashioned effort combined with a little bit of good old fashioned common sense, that would surely be too much. Let's just stick with one-click-idiot-level-simple and nice shiny websites that look pretty and deliver malware, than have to make even the slightest, most basic bit of effort. I, too, hated NoScript when I first used it. I've reinstalled it since and taken a little bit of time to figure out how it all works, and now I love it. Grow up and stop viewing the internet in terms of black and white.
Any idea of the software affected? I presume it was a CMS?
Just a correction ....
.... the fact it's obfuscated actually makes it easier to spot as obfuscated scripts are instantly analyzed when I come across them (specifically because I want to know what they're trying to hide from me)
Blocking google analytics won't help because it's not being served by analytics, just something that looks like it.
If my wife can handle NoScript, I don't see why any reasonably computer literate person shouldn't be able to.
What's the effing point?
What is the effing point of giving out scary advisories with useful information missing... such as the domain names we should be checking for in our log files?
More details, please
If I may interrupt the lusers boasting about Linux and Noscript for a moment, I'd like to know the details of this "common application" vulnerable to SQL injection. Some of us have to look after these web servers, you know.
NoScript is changing web development
Half a million downloads per week is not to be sniffed at (although that probably only translates to about half a million active users, as it is very frequently updated).
Also, I haven't studied this particular attack, but it would be unusual if the script is hosted on the same domain as the site, as that would require two separate modifications to the site's code. In which case the most common NoScript habit of only allowing scripts from the same domain would prevent it from running, assuming the site is in the user's whitelist or actually requires scripts to be enabled. IMO NoScript is "good enough" protection against script-borne attacks. Shame it requires a certain level of knowledge to use effectively.
So...it's better with Windows?
This is interesting in light of Saturday's other article on El Reg about the M$/Asus puff-piece/FUD website www.itsbetterwithwindows.com for netbooks (http://www.theregister.co.uk/2009/05/30/its_better_with_windows/).
Netbooks with Linux are one of the IT industry's best efforts at producing secure on-line appliances for Jo/Jill Public to use with relative confidence that they won't be pWn3d. All the more so with so many legit websites compromised in this way. Just a shame to see a decent company like Asus get muscled into M$'s monopolistic attempts to crush all that is Open Source.
Any of you guysd noticed that annoying MSN messagner one thats floating around also.
The user keeps sending you daft messages..
You then tell the user and they dont belive you lol
Luba kok antud lehel == Permission granted to No. page (using Google Estonian translation)
I could have put money on the first post.
Now stop your cock waving.
RE: I could have put money on the first post.
While it may be "cock waving" a little it's also a nice reminder to use said product. NoScript _seems_ to have prevented the malware downloading onto my PC so it's worth installing.
One of the sites that host the code seems to be m-analytics.net -- there's is the only other domain wanting to run scripts on my machine on a webiste I know to be infected.
Isn't NoScript malware itself?
@ Jason Togneri
"you probably just fell for an old trick where your browser reflects your system environment variables back at you"
That sounds about right. However my usual response is *never* to click on something offered as a "Solution." Just dump the page. On the up side from the article the attack failed to find any of the silent gaps it would have used otherwise.
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Human spacecraft dodge COMET CHUNKS pelting off Mars
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops