Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2850
Total: 2853









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: qwertysan
« on: 02. November 2010., 02:53:00 »

never find it before. but i'll download NoScript just for prevention O0
Posted by: grr
« on: 25. October 2010., 09:09:07 »

I have NoScript...so it should be fine...
Posted by: amitraina
« on: 21. October 2010., 02:57:34 »

thnsk for informaytion
Posted by: Samker
« on: 20. October 2010., 21:27:41 »



A new malware campaign takes advantage of the "malicious site" warnings commonly displayed by both Firefox and Chrome to trick unsuspecting users into downloading a rogue antivirus application, the security firm F-Secure reported today.

The attack happens when Web surfers visit a page offering "SecurityTool," a known malware application that purports to be antivirus software. On both Firefox and Chrome, a fake warning page then pops up that mimics the messages those browsers normally give users who visit suspect sites.

On Firefox, the warning alert is titled, "Reported Attack Page!" while on Chrome the page reads, "Warning: Visiting this site may harm your computer!" Both such warnings invite users to "Download Updates."

Users who click the download button then end up with a file called "ff_secure_upd.exe" on Firefox or "chrome_secure_upd.exe" on Google's browser; either way, what they really get is the rogue antivirus file and an invitation to pay a license fee for supposed protection.

Firefox users with scripts enabled, in fact, don't even have to click the "Download Updates" button--rather, they'll just be prompted to click "OK" to download "Firefox secure updates." Clicking "Cancel" only results in a repeated warning that updates need to be downloaded, F-Secure reported.

In addition to the "scareware," a hidden iFrame that's also part of the attack loads a Phoenix exploit kit from a different site, the security researcher noted, thereby exposing users to further exploitation.


A Fake "Just Updated"

This latest attack is very similar to one uncovered in July, through which SecurityTool used a similar technique purportedly prompting Firefox users to update their Adobe Flash Player.

In that case, the attack presented users with a fake version of the Firefox "Just Updated" page, which is typically shown when users open the browser for the first time after an update is downloaded. On the fake version, however, the message warned that Adobe Flash Player hadn't yet been updated, and it prompted the user to download a file that is in fact the rogue antivirus software, according to F-Secure: http://www.f-secure.com/weblog/archives/00001997.html

The new "Reported Attack Page!" alert, however, relies particularly heavily on Firefox users' uncertainty as to what genuine warning pages look like. In fact, such pages never request that users download updates; rather, they give the option of either leaving the site or overriding the block and continuing to load the page. F-Secure's blog post includes an authentic Firefox block page for users who want a reliable visual image: http://www.f-secure.com/weblog/archives/00002051.html


NoScript Could Help


It's not clear from F-Secure's report whether the attack is specific to Windows or affects users on all platforms. I've contacted them about this, and will report back if I learn more.

In the meantime, users should be sure to keep their browsers and their security software updated. In this case, a free Firefox add-on like NoScript could also help prevent exploitation: https://addons.mozilla.org/en-US/firefox/addon/722/

(PCW)

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023