back to article Scareware mongers hitch free ride on Microsoft.com and others

Miscreants are exploiting weaknesses in more than one million webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers. A Google search conducted by the folks at the CyberCrime & Doing Time blog showed that the …

COMMENTS

This topic is closed for new posts.
  1. James O'Brien
    Flame

    Let me be the first to say

    <Change to suit your post>

    And this is why (Mac/Linux) is so much better then (XP/Vista/Whatever else MS makes). MS is the root of all the worlds (evil/greed/failures/etc). (MS/Windows) (sucks/is the devil/should go out of business). Thats why I'm a (Mac fanboi/Linux fanboi/<distro of the week> fanboi). (Rant rant rant windows sucks blah blah flames rant rant, (suck off Jobs [please only use if your a Mac fanboi/girl]). (Ignore the blatantly obvious fact that not all of the servers are runnign MS software and rant some more while starting to froth at the mouth AND TYPE IN CAPS ABOUT MS SUCKING SO MUCH MAIKNG TYPOS AND MSTAKES)

    /Cheerio have a nice xMas all :)

  2. Anonymous Coward
    Anonymous Coward

    M$ PITA

    I just got burned on a microsoft[-like?] site.

    What a PITA.

    Nothing[ZA, SDoc, etc] seems to remove it.

    gotta love M$

  3. Franklin
    Stop

    Easier than whitelisting....

    ...is for the open redirector to check the browser's referrer, and if the referrer isn't the same as the site's domain, don't redirect. Most redirectors are internal, and used only within a specific site, so if the redirector sees a referrer that isn't from the hosting site, something's wrong.

    I first noticed this problem myself in November, and blogged about it at

    http://tacit.livejournal.com/270792.html

  4. Michael Kean

    @AnonCow

    Try MawareBytes' Anti Malware and Trend Micro House Call. If neither can remove it, you'll probably need to hook the hard drive to another system and scan it from the other system. eBay has cheap USB to IDE/SATA/Notebook IDE cables which are handy for this purpose.

  5. Donn Bly
    Stop

    Re: Franklin / Easier than whitelisting

    Checking the referrer (technically the referer) is not fail-proof security. The referring url is supplied by the browser, and as such can be spoofed to tell the server whatever they want. Also, since many security packages strip the referring url from browser requests, you can't even rely on a legitimate request to have a referring url. They are nice for statistics, helpful logging of obsolete links, etc. but as a security measure they are really worthless.

  6. Chris Savage
    Go

    Re: Franklin

    It's always the big corporations that screw up the simplest of things.

    @Franklin: Donn is right, the referer cannot be trusted, either because some users have it permanently blocked/changed, and also that it can be easily forged.

    The way I do "open" redirects, is to pass the destination, as well as the calling page to the direct script. Because the whole site is DB driven, the redirector simply opens the calling page from the DB, and checks the destination exists within the calling page. If it doesn't, get stuffed.

    In the calling page, write the redirect URL like: "/redirect.php?from={CURRENT_URL}&to=www.somesite.com" then use PHP to replace all instances of {CURRENT_URL} with the current URL on page generation.

    A self-maintaining white-list -- it's the way to go :-)

    See here:

    http://www.savagereactor.co.uk/posts/2008/12/14_safely_redirecting_with_a_url_parameter.html

  7. Anonymous Coward
    Happy

    @ James O'Brien

    You beat the first one by just 11 minutes :o)

  8. Colin Millar
    Pirate

    redirect - just don't do it

    There is no need for redirect at all. If it's internal then how about just transferring to another page - if its external and honest then putting a clickable link would suffice. All browsers should offer a disallow redirect/reload/refresh that is obvious and up-front.

    I know you can do it in FF

  9. Sergie Kaponitovicz
    Thumb Down

    Miscreants?

    @ Dan Goodin: To call these scumbag gangsters 'miscreants' is akin to describing Moira Hindley and Peter Sutcliffe as anti-social pranksters.

  10. Kerberos
    Jobs Horns

    The real problem...

    The real problem with exploits like this, and other things like phishing, spam, and quite a lot of malware is that it can only really be easily addressed through user education. You cannot expect to give people free reign on the most complicated device ever produced by man and expect them to be able to operate it with no training what-so-ever - it's going to end in problems whatever you do.

    See the AC post above whever he blames 'M$' for his own stupidity. I don't think any platform outside a locked down walled garden* is immune to social engineering attacks - these sorts of people will fall victim even without a computer involved.

    * The Linux 'repository only' method is a walled garden - as soon as people start releasing software without going through the main distibutors in their Apple store-esque closed system (which will be as soon as people start using it) then Linux will suffer the same problems.

  11. Sarah Bee (Written by Reg staff)

    Re: Miscreants?

    So they torture and kill children and women, do they? Get some perspective, you clot.

    Also, it's Myra, not Moira. You're thinking of the entirely blameless silken-voiced newsreader.

  12. Inachu
    Flame

    Evil vile programmers

    When will they ever be caught and dealt with on live TV?

  13. Anonymous Coward
    Heart

    @Sarah Re:Miscreants

    How'd you manage to get from Myra Hindley to Moira Stuart in one short leap?

    FWIW, Ms Stuart and Ms Singleton comprised my fantasy menage a trois back in the days when I was tugging it a lot.

    Anyone want to share?

  14. Geoffrey Thomas
    Joke

    @Inachu

    "When will they ever be caught and dealt with on live TV?"

    The XSS Factor?

  15. Anonymous Coward
    Paris Hilton

    @AC: Re Val. Singleton

    Don't tell me you were on your knees in front of the telly trying to look up her mini - skirt? I'm told a lot of young lads did that, err.....

    Paris, because none of that is necessary anymore.

  16. This post has been deleted by its author

  17. Anonymous Coward
    Dead Vulture

    @Sarah Re:Miscreants

    I think Sergie Kaponitovicz has a valid point.

    These people are not mere "miscreants" any more than the Moors murderers were just being "very naughty".

    These "miscreants" cause very real damage in the real world and while it's nowhere near as heinous as torture and murder, describing them as "miscreants" allows them to diminish the seriousness of the all-too-real damage they do, not to mention their theft of bank details, card numbers etc.

    Perhaps you should spend a day trying to work with some of the victims of these "miscreants". Having a shagged computer is the least of their worries when their entire savings are no longer in their bank account.

    The victims have a very real perspective of the situation.

  18. Richard Porter
    Stop

    Can't Google filter these sites?

    I'm gettin fed up with Google alerts notifying pages that redirect to scareware sites. Can't Google check the links for redirects before it sends out the alerts?

  19. Alan Brown Silver badge

    Blacklists help - lots

    The blacklist system run by the nice people at javacoolsoftware.com helps a lot. Such redirects eventually end up at an IP or a domain name and that is (hopefully listed in the hosts files as 127.0.0.1

    Unfortunately those most likely to fall for redirect scams are the same ones who would never install or maintain prophylactic software in the first place.

    I'd call it Darwin in action but everyone else EXCEPT the victim ends up wearing the lion's share of costs.

This topic is closed for new posts.

Other stories you might like