The Magic Café
Username:
Password:
[ Lost Password ]
  [ Forgot Username ]
The Magic Cafe Forum Index » » A tangled web we weave... » » Trojans, Spyware and Advertising Nuisances (0 Likes) Printer Friendly Version

RangeCowboy
View Profile
Regular user
Long Beach
198 Posts

Profile of RangeCowboy
Following a lay-off, I have had more web-browsing time recently and with it a lot more popup-ads and other nasties to spoil my browsing experience.

It has become a challenge to track down and eradicate the worms and spyware which infests all our computers these days and I am happy to reveal my findings if you PM me.

Anyone who has an older Win98 operating system online these days is toast, and even XP and Win2000 computers (even behind a firewall) are not safe if you open web pages with Flash video and PDF files, since they require ActiveX to open.

Together with my security guy in the office we found numerous trojans in our corporate desktops, in the form of Adware-Spyware programs which run as benign tasks and wake up and fetch pages to popup at timed intervals.

If you have any additional experiences, advice or info, please PM me too and I will add it to a general email for re-distribution

I read elsewhere in CNN and the like that it has gotten so bad that there may soon be some Federal laws to prohibit the activities of these advert and pornography pushing sites, but until then, they continue to be pests.

Popup-page killers do their job but the tracking code still lurks in the background of your computers while you access the web.


As a quickie try this excellent link http://www.safersite.com for a simple explanation of this modern curse and a list of current badboys (some 13,000 exist).

Regards
RangeCowboy
TheQuestion
View Profile
New user
United Kingdom
21 Posts

Profile of TheQuestion
You can also try Ad-aware from LavaSoft: http://www.lavasoftusa.com/ This will search and remove ad and spyware programs, as well removing the registry entries some websites use to hijack your browser search tool.

Andrew
Sniper
View Profile
New user
75 Posts

Profile of Sniper
Ad-Aware is brilliant and a constant source of surprise and horror. Spyware is more prevalant than you think.

Most essential is a Firewall to ensure that only programs you WANT to access the Internet, CAN. As well as obviously protecting you from outside intrusions.
I highly recommend Zone Labs FREE Firewall. It is probably the best out there...

http://www.zonelabs.com

Check it out.

Sn!per
RangeCowboy
View Profile
Regular user
Long Beach
198 Posts

Profile of RangeCowboy
The bad news is...

Our employees are all behind a very expensive firewall and all the patches are applied to the IIS-Servers and SQL servers etc since it's an enterprise business.

What I am talking about is spyware arriving on content which requires ActiveX (for Flash movies PDF files etc) and yes, Zone Labs and others are programmed to recognise them, but I just found e.g. some simple javascript which is undetectable - especially if it is an include file, not viewable in the source of the page e.g. <#include nasty.js> and uses the ActiveX presence to do some dirty work. The ONLY way to prevent it is to turn off ActiveX - so no flash movies or pdf files are possible.

It's a real pain in a normal office environment where pdf documents are being viewed for aerospace engineering etc.

However my first remarks in the previous post were also related to the ne.exe and dw.exe trojans which call pop-up ads. They are discovered by Zone Alarm and others.


I think I will be creating a straight HTML only page of info soon to document what we found, rather than ramble on here and waste disk space at the Cafe - but one other note is the hijacking of SSL secure pages using pass-thru CA Verisign certificates - rather highbrow but seems to totally circumvent the SSL guidelines.
RiffClown
View Profile
Inner circle
Yorktown, Virginia (Previously Germany)
1579 Posts

Profile of RiffClown
I personally use a host file on my network to filter out unwanted advertisements and popups. I couldn't go to doubleclick or comet if I wanted to. AdAware is also a pretty good program for detecting the nasty bugs.
If you'd like a pretty good listing of advertising sites to block and how to block them send me a PM and I'll send you the listing with instruction on how to use it.
Note: I will need to know what OS you are using as the instructions are different for 95,98,2000 and XP. Smile

If you really want to know how well you computer is secured go to http://grc.com/default.htm and select the Shields Up and/or Leaktest option. Steve Gibson has done us all a favor in providing a great feedback service free of charge, It will test and show you how good (or bad) your firewall and privacy really is.
Rob "Riff, the Magical Clown" Eubank aka RiffClown
<BR>http://www.riffclown.com
<BR>Magic is not the method, but the presentation.
RangeCowboy
View Profile
Regular user
Long Beach
198 Posts

Profile of RangeCowboy
Aye, There's the rub Rob!

Our system is behind a very expensive firewall (one of Ciscos best) and GRC.com ShieldsUp gives me a 100% confidence report when it tries to attack my protected machine.

But, and its a big but, these firewalls do nothing to prevent my browser fetching a page with ActiveX controls on it - like Flash, if I the user deem it safe to do so.

AOL and other providers do parental shielding and such so you cant get to a porn site even if you wanted to... I mostly dont...but I do and have visited sites where there are links and popups to them. Comet Cursor is a good example .. its not porn, its not even evil, but its unwanted and in a flick of a Flash movie its downloading the Comet Cursor code.

As stated above I am compiling a simple HTML only webpage to gather together all the info I found - including ADS stealth code and CA Verisign SSL spoofing, both of which I had never ever heard of before. I will place the url here when I have it ready.

All the contributors to this topic, like me, think they know a good deal about the subject but the more I find, the more I see that the notion that you are safe to browse from behind a firewall is a fallacy nowadays.

Finally let me say I found a three line snippet of javascript which can eat your windows files under one specific condition which is easy to set up. Thats why my web report will be html only - no javascript - since I know some of you will now be wary...

By the way I work as a SQL/Javascript/ASP coder for my company creating enterprise business applications, so I need to know the impact of this technology.
RiffClown
View Profile
Inner circle
Yorktown, Virginia (Previously Germany)
1579 Posts

Profile of RiffClown
You are very right, a little malicious code can wreck havoc. I use the 2 phase approach. I use my firewall/NAT for perimeter defense and the host file prevents the adware from ever reaching my desktop. If an ad ever does make it through, a simple view soure and quick edit to the host file takes care of it. For instance if the HTML calls an ActiveX or JAVA Script from another site, as long as that site is redirected the script never gets downloaded and never executes. Instead of an advertisment I get a placeholder that says page cannot be found. Send me an email so we can brainstorm.

ramsteinclowns(@)hotmail.com

I'm a sysadmin and Computer Security focal point so I think we already see eye to eye on this. We may both learn something to help everyone.
Rob "Riff, the Magical Clown" Eubank aka RiffClown
<BR>http://www.riffclown.com
<BR>Magic is not the method, but the presentation.
Sir T
View Profile
Special user
537 Posts

Profile of Sir T
There is a free program I use called spybot, which I run and it kills any spyware on my system. really a nice piece of work. Give it a try, handie to have on your home pc.

Kevin Smile
Dave V
View Profile
Inner circle
Las Vegas, NV
4825 Posts

Profile of Dave V
There is a browser "enhancement" called Crazy Browser that's quite good. It can handle multiple windows without having to relaunch an all new browser (it uses tabs across the top to manage the windows) It has a built in "pop-up" stopper, and when it closes, it CLOSES. No more of the "launch on exit" ads jumping on your screen as you leave a site.

And the best part is it's FREE!

Check it out at http://www.crazybrowser.com

David
No trees were killed in the making of this message, but a large number of electrons were terribly inconvenienced.
The Magic Cafe Forum Index » » A tangled web we weave... » » Trojans, Spyware and Advertising Nuisances (0 Likes)
[ Top of Page ]
All content & postings Copyright © 2001-2020 Steve Brooks. All Rights Reserved.
This page was created in 0.58 seconds requiring 5 database queries.
The views and comments expressed on The Magic Café
are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic.
> Privacy Statement <

ROTFL Billions and billions served! ROTFL