Help!

"Spyware Protection" Takeover

  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> General Discussions RSS
Next:  Trusted women Online Ashley Madison affair  
Author Message
biggerfisch
External


Since: Dec 21, 2010
Posts: 2
PostPosted: Tue Dec 21, 2010 4:44 pm    Post subject: "Spyware Protection" Takeover
Archived from groups: alt>comp>virus (more info?)

Hi all,

I have a friend who was browsing the web today and his computer was
taken over by some adware/scareware program called "Spyware
Protection". It near instantly kills all new programs executed,
saying that every file on the machine is infected with the blaster
worm. AVG free couldn't find it before it executed and killed all non-
essential processes. I am confident in being able to remove it, but
what worries me is the attack vector. He was using (according to him)
the latest version of Internet Explorer, which I know there was a
fairly recent 0day out there, but I thought that was already fixed.
He can't remember anything strange happening recently, no flash drives/
CDs, nothing. Any ideas on how it got in?
Back to top
biggerfisch
External


Since: Dec 21, 2010
Posts: 2
PostPosted: Tue Dec 21, 2010 6:22 pm    Post subject: Re: "Spyware Protection" Takeover [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> Do not use internet explorer.


Yeah, the problem is that you can lead a horse to water, but you can't
make him drink. Maybe after this, he'll listen...
Thanks for the link.
Back to top
David W. Hodgins
External


Since: Mar 04, 2006
Posts: 54
PostPosted: Tue Dec 21, 2010 8:32 pm    Post subject: Re: "Spyware Protection" Takeover [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Tue, 21 Dec 2010 19:44:08 -0500, biggerfisch wrote:

> what worries me is the attack vector. He was using (according to him)
> the latest version of Internet Explorer, which I know there was a
> fairly recent 0day out there, but I thought that was already fixed.

There's another one.
http://www.winrumors.com/new-critical-un-patched-internet-explorer-css...lnerabi

Do not use internet explorer.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Back to top
Gufus
External


Since: Dec 22, 2010
Posts: 1
PostPosted: Wed Dec 22, 2010 1:08 pm    Post subject: Re: "Spyware Protection" Takeover [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi David,

21 Dec 10, David W. Hodgins writes to biggerfisch:

>> what worries me is the attack vector. He was using
>> (according to him) the latest version of Internet
>> Explorer, which I know there was a fairly recent 0day out
>> there, but I thought that was already fixed.

> There's another one.
http>: //www.winrumors.com/new-critical-un-patched-internet-ex
http>: plorer-css-vulnerability-discovered/

> Do not use internet explorer.

I guess, your millage will vary program to program.

--
K Klement

Enhance your marketing at http://www.gypsy-designs.com
mailto:info@gypsy-designs.com
Gypsy Designs Fax: (403) 242-3221

.... Sleep is an inadequate substitute for caffeine.
Back to top
David W. Hodgins
External


Since: Mar 04, 2006
Posts: 54
PostPosted: Wed Dec 22, 2010 3:24 pm    Post subject: Re: "Spyware Protection" Takeover [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Wed, 22 Dec 2010 15:08:25 -0500, Gufus wrote:

> I guess, your millage will vary program to program.

The Internet Explorer exploit has now been published.
http://www.h-online.com/security/news/item/Exploit-published-for-unpat...d-Inter
which links to a demonstration of the exploit at
https://www.metasploit.com/redmine/projects/framework/repository/entry...dules/e

Note that all versions of Internet Explorer are vulnerable.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> General Discussions All times are: Eastern Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum