We take virus and malware concerns seriously...

My task this week has been to identify PC's that have been subjected to a Adober reader vulnerability. A trojan seems to infect PC's that have not been updated to the latest version of Adobe reader. One of the tojans is called crazybadegg.pdf. A lot of legit sites have this trojan embedded and when a user opens a PDF file it then attacks the machine. Malwarebytes and Microsoft essentials does a good job of getting rid of it and we then patch the reader to stop it happening again...

Originally posted by booda

My task this week has been to identify PC's that have been subjected to a Adober reader vulnerability. A trojan seems to infect PC's that have not been updated to the latest version of Adobe reader. One of the tojans is called crazybadegg.pdf. A lot of legit sites have this trojan embedded and when a user opens a PDF file it then attacks the machine. Malwarebytes and Microsoft essentials does a good job of getting rid of it and we then patch the reader to stop it happening again...

Just what can the Adobe reader do to the machine other than auto-update (not via pdf information) and read PDF files?

I've not used it in ages, opting for foxit reader. But if Adobe has the ability now to alter my machines files that do not directly and explicitly affect it's own function, Im concerned about that.

???

Im glad I worked out how to use sandboxie in a windows 7 64bit environment using xp-mode.

reply to post by SkepticOverlord


Great news, thanks for taking the time and money to make this happen (although I have never had any issues).

This is why ATS is second to none IMHO.

Originally posted by mikelee
reply to post by 12GaugePermissionSlip

 

Buy a Mac and be done with all that hassle

Old myth. Mac's are just as prone to these things as a PC. The only reason you see less is Mac has such a tiny market share the evil doers concentrate on PC's.

I like both equally for differing reasons. I use PC's because of the price to performance ratio and the availability of way more software.

On topic -

Thank you

reply to post by SkepticOverlord


can you get rid of the ads all together? its almost impossible to surf ats when im offline with all the ad traffic.

For those useing Mac or Windows.. Try Ubuntu *linux. Its a very user friendly linux distro.. Download the ISO and burn it to a disc.. Boot the computer and when you get to the partition section of the installation it'll allow you to partition free space for it and you can duel boot both windows and linux. I dont use windows anymore.. U2U me if anyone has questions about it.

Edit to add: Skeptic you and the rest of your staff are doing a fantastic job with the site....

Here is a screenshot of my dual monitor setup.




Ubuntu

[edit on 1/22/2010 by madmangunradio]

[edit on 1/22/2010 by madmangunradio]

I'd like to add that with wine and playwithlinux installed under ubuntu, 95% of my windows based games run just fine in linux.

Originally posted by SkepticOverlord
After some testing of competing services (and some price negotiations, this ain't cheap), we've zeroed in on a firm who will very-soon begin long-term proactive scanning of all the ads that appear on ATS,

Good on ya!

Still, the conspiracy theorist in me believes that these "competing services" that ain't so cheap are the sources of these malicious ads, perhaps by proxy, perhaps directly themselves... In the end ... They get paid well by site owners like yourself.

Walkswithfish... sigh.. d*mit you gave me a headache.. same goes for anti-virus software.. *sarcasm* Lets not do anything.... ** Kudos to Skeptic and crew cleaning the ads... No disrespect Walkswithfish.. I understand what your saying.

Oh yeah, I've had the Adobe Acrobat pop up at LEAST 30 times since last week... I have _javascript turned OFF, so its all fine.

But, just now, I was browsing Fragile Earth, and the page went white, and I get the windows box pop-up saying I need to scan my PC for virii... lol

Whats going on with all these Trojan ads?! I've NEVER been to a website or Forum with this many attempted hijacks/infections.

I think you need to cancel some of these ad companies.. they gotta be shady if they allow that type of ilk.

I'm a pc tech, since 1985, so I know how to protect myself, but others may not..

Hope you find that ad that is doing it, and ban it.

Originally posted by Ha`la`tha
Just what can the Adobe reader do to the machine other than auto-update (not via pdf information) and read PDF files?

You may never even see the pdf file, but it's delivered, with an encrypted virus payload that antivirus can't detect, then a script runs to unencrypt the virus and you're infected.

These are very sophisticated attacks by cybercriminals and there are several types but here's some information about one of them, for example:

www.finjan.com...

LuckySploit tries to exploit the same vulnerabilities other toolkits are trying to - Adobe Flash and PDF exploits
Here’s how it works. First, as we have seen with many other crimeware toolkits, a user is visiting a compromised website and is being redirected (using IFRAME or other techniques) to a server armed with LuckySploit. All is invisible to the user’s eyes and happens “behind the browser scene”.

The first LuckySploit’s malicious page that is sent to the user’s browser contains a moderately obfuscated JavaScript code. The code is created at runtime with random variables and functions names. This part is used to construct the “brains” of the toolkit – an asymmetric key encryption and decryption.
(snip)
This dynamic technique makes it almost impossible to do an offline (or post-infection) analysis of the toolkit and the served malicious code, since the key used by the client is not available. On every round a new key is generated.

Due to the difficulty of detecting this type of payload delivery, I wonder how effective the service will be at detecting this type of threat, but they should at least be able to detect the redirects SO mentioned.

This toolkit is a great example for the sophistication, time and efforts that toolkit makers are investing in to make their “Swiss knife” undetectable for security products.

I'm impressed that ATS is going to these lengths to try to keep the site safe for us, there are plenty of sites that aren't so proactive.

Good job ATS!

[edit on 26-1-2010 by Arbitrageur]

Ok, I just got a virus scan alert about 10-15 minutes ago.

I selected this video to watch:
media.abovetopsecret.com...
The video was preparing to play when a dialog box for my virus scan software popped up warning me of the following:

VirusScan Alert!
Name: NC(1)
Detected as: JS/Redirector.f
Detection Type: Trojan

Using the same window, it then immediately tried to redirect my browser (IE) to URI thebestpharmacypill.com...

Tried to duplicate after jotting down the info, by going back to the previous page but was not able to recreate the problem.

I suppose the ad must have changed.

Feel free to U2U me and I can supply my IP in case someone wishes to check the logs.

Hope this helps.

Skeptic, is this going to affect any bandwidth issues as far as accessing the site and load times? Just curious...it's not like I'm addicted or anything......

I am glad to hear this! Nothing but the best for the members of ATS.

Cheers for taking such measures for those who feel uneasy, but i have never had any problems with ATS. My computer is well protected mind you.

reply to post by SkepticOverlord


I have protection and while I was on here viewing a video how to upload the avatrs i was attacked it was a ranked as high. So that is wierd any Idea of what could be going on and soon after that happened a post was added in my intorduction post wierd timing and Hmmmm. I will have to check this out.

well if you guys got that contract to have your ads scanned I suggest you cancel it because my WORK COMPUTER (with a lot of protection) just got the "Antivirus Soft" malware from ATS!

This program will be pretty brutal to any novice computer users as it locks down almost everything in attempt to get you to buy the program (how is this legal?)

im pretty unhappy, and STILL in the process of getting it removed.

do something quick or I may not visit this site anymore.


I also made a malware report about it btw

Originally posted by A-Dub
I also made a malware report about it btw

And it contained no actionable information that would help us locate the problem.

I sent you a U2U asking for the information specified in the instructions for providing a malware complaint via our form.

Originally posted by A-Dub
well if you guys got that contract to have your ads scanned I suggest you cancel it because my WORK COMPUTER (with a lot of protection) just got the "Antivirus Soft" malware from ATS!

Encountered and removed this one before for a customer. It can be quite tricky.

Try this if you haven't already. Give me a u2u if you need a hand

Phoenix

reply to post by A-Dub


Download and run ComboFix - guaranteed to resolve your issue .

It's specifically-designed to eliminate and remove these type Fake Alert variants.