| Author |
Topic: Off-Topic forum may be hosting hostile ads |
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
 |
Jeff Hyman
From:
West Virginia, USA
|
Posted 2 Nov 2008 2:43 pm |
|
Wiz,
Off-Topic Forum
Can you further explain. I hate to sound stupid here, but there is no forum link to "Off Topic". Do you mean a link? ... to somewhere that may cause harm? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 2 Nov 2008 10:00 pm
|
|
| Jeff Hyman wrote: |
Wiz,
Off-Topic Forum
Can you further explain. I hate to sound stupid here, but there is no forum link to "Off Topic". Do you mean a link? ... to somewhere that may cause harm? |
The Off Topic Forum does have a link and it is in the Feedback section. I won't provide a link here, because it is not on our SGF server and the content may offend some members. The link leads to another forum location. That location hosts image ads to earn commissions, which is fine. Unfortunately, one or more of those ads was hostile and led to a multiple malware infection via stealth drive-by downloads, for one of our members.
I couldn't reproduce the problem myself, because the ad iframe was totally blank when I went to investigate (after allowing it temporarily in NoScript and Firefox). The offending ad was served by admeld.com, an ad broker, via the ad.yieldmanager servers, which are owned by Yahoo. This could happen to any website that has affiliate ads. Having strong web shields and current Windows Updates, and anti spyware protection is paramount!
BTW: Do not try this at home. I am a trained professional and know how to look at malware without getting infected automatically. Of course, I could be tricked, but that is another story.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jim Cohen
From:
Philadelphia, PA
|
Posted 2 Nov 2008 10:09 pm Re: Off-Topic forum may be hosting hostile ads
|
|
| Wiz Feinberg wrote: |
| Off-Topic forum may be hosting hostile ads |
It always seemed to me that the Off-Topic forum was hosting hostile threads! 
_________________
www.JimCohen.com
www.RonstadtRevue.com
www.BeatsWalkin.com |
|
|
|
John P. Phillips
From:
Folkston, Ga. U.S.A., R.I.P.
|
Posted 2 Nov 2008 10:16 pm
|
|
Right-on Jimbeaux,
and if I recall,
those hostile threads
carried some pretty
sharp needles and
it was easy to get stuck !
_________________
Just remember,
You don�t stop playing cause you get older,
You get older cause you stop playing ! http://www.myspace.com/johnpphillips |
|
|
|
Jeff Hyman
From:
West Virginia, USA
|
Posted 3 Nov 2008 7:44 pm
|
|
Wiz... I think some others are on the same thought process as I am. I interpret your objective as:
A message that may contain a virus... or bug, placed somewhere else. If so, why not just delete it instead of allowing some other innocent user catching the virus?
My take on this is, a message in a thread, or a fresh thread, containing hostile content... thus being taken off the main street and put in a back ally (virus or no virus).
I could use your help to further explain.
TIA |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 3 Nov 2008 10:40 pm
|
|
Hi Jeff;
In this case the messages are clean. The devil is in the selection of ad banners served by the ad agencies, via a visible iframe on the right side of the text messages. The ads are affiliate ads presented by the forum that hosts the Off Topic forum for us. The SGF has no control over the operators of that forum (yuku.com). The ad agencies are being duped into hosting hostile images and flash content that redirects users to malware servers that exploit browser vulnerabilities to silently install malware.
My strong recommendation to anybody who wishes to venture onto the Off Topic forum is as follows:
- Download Firefox (current version) and install it as an Administrator into all user accounts;
- Import your cookies and Favorites from Internet Exploder into Firefox;
- Download/install the NoScript! Add-on for Firefox;
- If you are browsing from an account with full Administrator privileges you are completely at risk from exploit codes that are successful against your browser. Virtually all malware requires full Administrator privileges to install into your operating system (any OS). Reduce your user account privileges from Administrator to Standard or Limited User level.
To reduce your user privileges, do this:
From your regular (Administrator level) account create a new Administrator level account, for performing tasks that can only be done by an Administrator, and give it a password. Log off your regular account and log into the new Administrator level account, then, using Control Panel > User Accounts, demote your regularly used account to a Limited or Standard (Power) user. Log off the new account and back onto your usual account and continue browsing and using your programs pretty much as before, but with reduced exposure due to the restricted privileges. When you need to escalate your privileges, use the Run As (Administrator) right-click option before launching the program.
Linux users should not operate or browse the Internet as "Root" and Windows users should not do so as "Administrator," except to install Windows Updates or uninstall programs installed with Administrator privileges.
I have several extensive articles about this subject on my wizcrafts.net website, both in my FAQ's and on my Blog.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
