Jump to content



Photo

Beware of 'child porn' Computer virus

germany ransomware digital extortion trend micro

  • Please log in to reply
21 replies to this topic

#16 OP Hum

Hum

    totally wAcKed

  • 63,471 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 04 February 2013 - 01:28

I just ran the Norton Power Eraser -- nothing bad found. ;)


#17 BeerFan

BeerFan

    Neowinian Senior

  • 2,704 posts
  • Joined: 19-July 06

Posted 04 February 2013 - 12:19

maybe somewhere in the source code there is an ASCII pedo bear ....


Posted Image

#18 +BudMan

BudMan

    Neowinian Senior

  • 26,696 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 04 February 2013 - 22:31

I do not go to such sites so I am not worried.

I don't think people were visiting poRn sites at all -- but other questionable warez/pirate sites.


This is just typical everyday virus stuff - nothing really new other than maybe the kiddie p0rn aspect of it, which is not really funny at all.


But these statements caught my eye - have you read cisco's report?

------
http://www.cisco.com...rity-report.pdf

The general belief is that sites that promote criminal activity—such as sites selling illegal pharmaceuticals or counterfeit luxury goods—are most likely to host malware. Our data reveals the truth of this outdated notion, as Web malware encounters are typically not the by-product of “bad” sites in today’s threat landscape.

As Cisco data shows, the notion that malware infections most commonly result from “risky” sites such as counterfeit software is a misconception. Cisco’s analysis indicates that the vast majority of web malware encounters actually occur via legitimate browsing of mainstream websites. In other words, the majority of encounters happen in the places that online users visit the most—and think are safe.

Holding the second spot on the list are online advertisements, comprising 16 percent of total web malware encounters. Syndicated advertising is a common means of monetizing websites, so a single malicious ad distributed in this manner can have a dramatic, adverse impact.
--------

#19 +warwagon

warwagon

    Only you can prevent forest fires.

  • 27,175 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 05 February 2013 - 15:33

This is just typical everyday virus stuff - nothing really new other than maybe the kiddie p0rn aspect of it, which is not really funny at all.


But these statements caught my eye - have you read cisco's report?

------
http://www.cisco.com...rity-report.pdf

The general belief is that sites that promote criminal activity—such as sites selling illegal pharmaceuticals or counterfeit luxury goods—are most likely to host malware. Our data reveals the truth of this outdated notion, as Web malware encounters are typically not the by-product of “bad” sites in today’s threat landscape.

As Cisco data shows, the notion that malware infections most commonly result from “risky” sites such as counterfeit software is a misconception. Cisco’s analysis indicates that the vast majority of web malware encounters actually occur via legitimate browsing of mainstream websites. In other words, the majority of encounters happen in the places that online users visit the most—and think are safe.

Holding the second spot on the list are online advertisements, comprising 16 percent of total web malware encounters. Syndicated advertising is a common means of monetizing websites, so a single malicious ad distributed in this manner can have a dramatic, adverse impact.
--------


Exactly!

I went down to my competitors office to see if he had some really old sdram for an old laptop. While I was there I asked him "Have you been seeing very many infections caused my java?"

I asked him this because I always got the feeling from talking to him that he doesn't know java is a major infection vector. In fact I had someone call me to do a house call at their house right after he cleaned their PC up from an infection. What I found was that he left an out of date version of java (or java in general) on the machine. Malwarebytes also wasn't on the machine, even though the invoice said "Scanned with malwarebytes". Im pretty sure he uninstalled it so the customers couldn't do their own scan.

His answer to my question was this..

"Every now and then when I do a scan I see java files, (I think he meant java exploit files) just means they were browsing porn".

*facepalm*

#20 +BudMan

BudMan

    Neowinian Senior

  • 26,696 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 February 2013 - 17:16

Well I am not as paranoid as you when it comes to java ;) Yes it can be an exploitable point on a users machine while they browse the infection highway that is the public internet.. But their are also other exploits out there that are not java..

Your java threads come across that if your not running java your never going to get infected to me.. To be honest, I think a vast majority of infections are users just being stupid as users tend to be. Be it you have java installed or not.

Got an email from a friend while back -

exampleemail.jpg

So in this day and age who in their right mind would follow such a link?? Did you just start using email yesterday? Have you not heard any virus related news in the last decade? I have blocked out the info -- because I don't want anyone following such a link out of pure curiosity, etc. Keep in mind the domain in question not even taking into account the rest of the url is not say youtube or other major players site where might be sending link to funny video or article of interest, etc. Then look at the rest of the url -- does that look like a normal link to you?? Really?

Is there any text to go along with said link - hey guys thought you all might find this funny or interesting, etc. Its clearly junk, even if she had sent me that on purpose I would not follow it because there is no explanation of why I should in her style of writing, etc.

So I contacted her right away, and stated either someone is sending junk using your email address, or your account has been compromised and is sending it. She said yeah quite a few of her friends had followed the link - and THEN contacted her on why she sent -- WTF??? Really Come on People!

If you have users that would click on said link, then you have 1000 more users out there that click on the flashy AD on some site that says "Click Me" you have won, or get something FREE or whatever other tricks they use to try and get your click.

I personally would never in a million years follow a AD of any sort.. Just not going to do it -- if in the off chance some Ad peaked my interested on a site.. I would look up that said something on my own and follow though with getting info I needed from my curiosity being peaked.

Do drive-by's happen - sure, is java used to exploit your machine again sure. But also just plain stupidity is to blame that has nothing to do with an exploit to the malware installed - user installed of their own free will is quite often the case. Antivirus/Security suites have a hard time with such software.. Because the user agreed to install it, etc. And yes it might of been in small print, but clearly stated that installing such software allows to access your contact list and send emails to your contacts 3000 times a day, etc. Or to popup **** on your screen that is stuff "we" think you might want, etc. Or we are going to reroute your internet traffic through our proxy/search engine so we can determine what you like and "better" serve you, etc. ;)

Now this ransomware seems very familiar to others out there just taking a different scare tactic approach to relieve idiots from their money -- hey your infected!! Click here to fix it, pay just $39.95 etc. Oh btw we hid all the items off the start bar because they were "infected" ;) We will put them back once they have been cleaned... After you pay the $39.95 -- Sorry that CC did not work, try another, Sorry that one not working either, try another, try another.. I have seen people feed in every CC they own into such nonsense.. Its like when they sit in front of computer they turn off their brain ;)

tl:dr -- ranting about users and infections and lack of common sense.

#21 OP Hum

Hum

    totally wAcKed

  • 63,471 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 05 February 2013 - 17:22

Malwarebytes also wasn't on the machine, even though the invoice said "Scanned with malwarebytes".

I'm pretty sure he uninstalled it so the customers couldn't do their own scan.

*facepalm*


Glad I can fix my own computers. :s

#22 +BudMan

BudMan

    Neowinian Senior

  • 26,696 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 February 2013 - 17:30

Agreed, yeah I saw that point - which I completely agree with.. Even people in IT can be clueless.. I just got side tracked with my rant and then when it finally clicked that this is getting so long that nobody is going to read it I forgot to agree with your "facepalm" ;)