Trojan script gets stuck on superglue site
The website of Super Glue became bunged up with a malicious script earlier this week as part of a tricky problem that was only resolved on Wednesday. Prior to their removal of malicious redirection scripts, visitors to the world-famous adhesive maker's site were redirected to a site punting crud, Avast software warned. It added …
This topic is closed for new posts.
fixed that for you
I think your commas in the wrong place. It should read :
"redirected to a site punting crud Avast software"
Clearly 2 people with no experience of Avast! software then
as above
@fixed that
I'd hazard that your dismissal of Avast is perhaps caused by unfamiliarity with Norton AV ;-)
Lucky you.
Today I learned...
...that Super Glue is, in fact, a registered trademark and not a generic type of glue.
I already knew about Sellotape, so I am disappointed in myself for not realising.
Stuck on?
Am I the only one disappointed that the superglue website didn't act as a honeypot and catch the trojan?
I swear every time I hear these stories I look for one thing
IP Address
IP Netblock / cidr
That's really all I care about.
Why do you bother?
Just block whatever SpamHaus blocks.
With Squid you can use "acl external" and a small helper written in Net::DNS: take the URL, split out the name or IP, look it up, look up the spamhaus entry and if it is listed make Squid return a 40x. If you run a local DNS resolver on the Squid instance (which is a good performance tuning practice anyway) the performance penalty is negligible.
This deals with 99.9% of scareware peddling sites because the "infected" web sites and "adverts" only redirect. The final delivery site is nearly always on a block of one of the major "black networks" which are all in SpamHaus. These are the ones that get filtered as a result of using this.
Avast
is that the 'AV' software that thinks all Iframes are evil redirects?
links are dangerous I tell you!!!!
IFrames do suck
It's like ActiveX really - sure there are valid uses, but they are few and far between and the potential for naughtiness is huge. Best to just block them.
I'm surprised no-one has said it yet
Must be bad to get into a sticky situation like this.
/coat
It's a wonder it took only 5 days
According to Netcraft, the impacted site is ranked 1,139,437th of the most popular destinations. I'd hazard a guess that not many web surfers were exposed to said crud. In fact, I'm surprised anyone even noticed.
This topic is closed for new posts.
