Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware via Legitimate Sites


  • Please log in to reply
7 replies to this topic

#1 jeff___H

jeff___H

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philly Burbs
  • Local time:02:32 PM

Posted 28 October 2009 - 01:46 PM

When my machine became infected last week, I suspected that it came through a legitimate site, and that it exploited Adobe. According to the following article, it looks like my hunch was correct:

http://www.wired.com/threatlevel/2009/10/gawker/

BC AdBot (Login to Remove)

 


#2 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 07 November 2009 - 12:58 AM

yep. I got hit by one back in July. Posted to a local papers comments section before they knew enough to lock it down. But it made me go through all my puters and update the reader bho's and flash blockers and all my old versions of acrobat.

#3 jerger

jerger

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 09 November 2009 - 02:17 PM

i've been pretty lucky with prevention so far on win7 with microsoft security essentials x64...
anyone know if it checks websites in addition to files when doing its lookup? might be useful for these cases
for what its worth

#4 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:02:32 PM

Posted 09 November 2009 - 10:24 PM

I donít exactly what just happened but about an hour ago I looked at Drudge and there was a link about a story where NASA was going to debunk the 2012 myth. Clicking this brought me to Breitbart and suddenly Adobe acrobat starts to open. This seemed weird.. McAfee alerted that NetMeeting chat wanted access to the internet , which I blocked.
I closed everything but Firefox was hung up. When I would click the Firefox Icon I got a box saying Firefox was running. Closed this box with task manager. Did an MBAM scanned that turned up nothing. Did a restart. Firefox and everything else seems Ok.
Could this be the Adobe vulnerability others have mentioned or was I just paranoid?
Regards
Nawtheasta.
P.S. Where is the best safe place to go to update Adobe?? Is there a link in BP?

#5 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 10 November 2009 - 09:46 AM

The current adobe reader has a "check for updates" in the help menu. I don't remember seeing it in older versions.

Secunia vulnerability scanner pointed me to a lot of updates.

http://secunia.com/vulnerability_scanning/

#6 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:02:32 PM

Posted 10 November 2009 - 01:17 PM

Thanks Ken
I found the download link here on BP ( Resources / Must have software) . Did the download last night. Still don't know if I tripped up a legitimate application and panicked because it did not look right or if I really dodged a bullet.
Anyway the computer seems ok.
Best Regards
Nawtheasta
P.S. Thanks, I will check out Secunia

Edited by Nawtheasta, 10 November 2009 - 01:18 PM.


#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:32 PM

Posted 12 November 2009 - 04:55 PM

Nawtheasta, when I go to a lot of legit sites my firewall notifies me that Adobe is trying to open, so I would not worry about that one. Net Meeting trying to access the web seems more weird than Adobe opening.

#8 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:02:32 PM

Posted 12 November 2009 - 10:24 PM

Hi Stang777
This was the first time I have noticed Adobe start to open when I clicked a link to Breitbart in Drudge. Firewall did not alert about it. It just started to open. I have never used NetMeeting so it did not really know what was going on but suspected it could be bad.
I just did a Google search for Breitbart Malware. One of the results was an article from May of this year by Errata Security that mentioned a SQL injection vulnerability ( I donít have a clue what this means) in Breitbart. The article states that this means that hackers have probably compromised this site.
I always assumed that sites like Drudge would be safe but I guess you never know for sure.
Best Regards
Nawtheasta




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users