| This 37 message thread spans 2 pages: < < 37 ( 1  ) || |
|Anyone seeing a huge increase in unflagged malware links?|
I have a Google alert set up to send me mentions of my news site.
In the last couple of weeks, I've been getting a ton of alerts for sites that mention and scrape some of our news and then have these convoluted urls after a three letter php file (like bxh.pkp, ikk.php) that, if clicked, redirects the visitor to one of those fake virus scan, drive-by download sites.
Visiting one of the sites, I saw it was an American Legion site that obviously wouldn't be covering news in our genre. Digging deeper on another message board I was informed that these backdoors have been uploaded unwittingly to a lot of sites.
When I did a search on the relevant search term, I found a lot of references to our site's content being used as a lure to these malware links. Neither AVG's linkscanner nor Google's malware detection passed on any warnings.
Has anyone else seen this behaviour lately?
Ken, I experience very little loss of functionality on the vast majority of web sites I visit. As I said, Flash is the only real one but then I just find another site (not so much for security as that I hate Flash sites). Anything else, if I really need it I can turn it on again if I need it - even Flash should I be so inclined.
I know of a web server that was probably compromised through FTP but it wasn't from the work station that managed the server, just an exploitable flaw in the FTP server itself. Quite simply, the software hadn't been upgraded. Back doors were planted on the server and the rest was managed through that.
The problem with managed servers is that in many cases only the standard server software and utilities are available. There is no facility to add specialist software. Apart from that I agree: if you can find a really good company that knows what it's doing (which I suspect is relatively rare) and don't need specialised software running on it then it's better than the average web designer managing it. But people will do what they want regardless. :(
I don't think "sloppy" companies are going to fade soon. There are far too many who are in it for the bucks, who dump knowledgeable staff at the hint of a recession - or for any other excuse come to that. Build high, sell wide.
And, of course, there are those hosting companies who welcome criminals with open arms until they are forced to close down, move elsewhere and begin again...
In regards to managed web hosting, yes there are some trade offs. Like you pointed out I can't install specialized software or Apache modules. I have to accept what my web host has approved unless I go to a dedicated server. This hasn't impeded me too often with my website development as they have installed the most critical Apache modules. You are right that the sloppy companies aren't going anywhere very fast. I've been with my current web host for over ten years and I feel very lucky to have found them.
You can disable Flash and some other things at Tools > Manage Add-Ons.
I mention these because most of the previous discussion was about Firefox+NoScript.
ianevans, you can report the sites that are using your content as a lure to malware at [google.com...] . (Only report sites/pages that you are certain are malware-infected. That is not a place to report a site merely for scraping.) Then at least those pages will be flagged as harmful in Google and users will preferentially go to your site for the same content when/if your site and the other appear in the same SERP.
The problem with disabling things in MSIE is the problem of having to do odd things to re-enable them sometimes. If there is an Ask Me option then that would be favourite, I suppose. With NoScript it's a quick right-click or button click to re-enable selectively.
I mostly used IE until IE8 came out. It crashed multiple times a day. I couldn't resolve the problem by revising settings. I waited through a few months of MS Updates in case it was something that MS would fix promptly. That didn't happen, so I gave up and switched to Firefox, transferring over all my bookmarks and settings, etc.
One of the unexpected benefits was the one-click enable/disable feature of NoScript that you mentioned, which truly is a lot easier than IE because it can en/disable script, iframes, PDF, and other active content with a single click.
Having installed and become used to about a dozen FF add-ons that now I don't want to have to give up, it's unlikely I'd ever go back to IE unless FF enters a period of similar unusability.
But it's still just as important for IE users to have active content disabled in IE when visiting new sites, even if the interface for adjusting the settings is clunky.
All the settings can be found (possibly with some digging) in the tabs at Tools > Internet Options or Tools > Manage Add-Ons or other menu items in the Tools or Safety menus. When you want to allow active content, you add the site to the "Trusted Sites" zone where the permissions aren't so restrictive. That's the process that FF+NoScript does much more easily.
|It is far more efficient to install a virus on a server direct from the botnet |
However, the Gumblar/Martuz attack discovered that it is extremely efficient to infect lots of PCs, and, as a side-effect to its other purposes, steal whatever FTP passwords are found there, and send them to the botnet, which uses them to log into the corresponding websites and upload the viruses that way.
I think the hassle of turning on/off IE's switches is a pretty good guarantee that they will not be altered, especially by the vast numbers of MSIE users who can barely manage the internet anyway. And those who do know what they are doing are more careful about how they do it anyway. :(
I concede it's efficient to grab FTP, SSH etc codes and pass them back to the botnet but I would expect the quantity of exploitable holes through that method to be orders of magnitude fewer than direct virus injection into a server.
It also depends on the security awareness of the server manager. It would not be possible on most of my customers' accounts to even get as far as attempting to log into the FTPES servers let alone succeed and upload suitable files to a sensitive area (eg root). It all depends on the type of site, though, and (if used) what kind of web site management software is in use. Since most of the bot accesses are automated anything that is non-standard is likely to at least slow them down a bit; although obviously this is not something to rely upon. :)
Please, visit your control panel and check "Scheduled Tasks". Some of these trojans just aren't very sophisticated, they don't "hide" at all, they just use your computers own properties to make sure that whatever is cleaned or removed can be re-installed quickly. Scheduled Tasks is one such seldomly checked opening.
| This 37 message thread spans 2 pages: < < 37 ( 1  ) |