New
#31
I had browsed to a high-end bicycle manufacturer's website, Orbea bikes. I posted about it on Bikeforums.net and one guy checked it out for me and replied this:System restore is a great thing but I wouldn't rely on it to remove a infection. I would recommend to all that have this virus to aleast run Defender Offline.
Windows Defender Offline - Windows 7 Forums
Virus can also hide in restore points and be activated later. Does anyone that got infected have any idea what you were doing when you got this infection?
bikeforums.net user said:Ok, I had a look. It appears the site has been subverted with an exploit kit which will make a one-time attack using a variety of exploits, including Java and PDF exploits. If the target system has an out-of-date, vulnerable version of Java, Adobe Reader, Adobe Flash Player, or several other widespread softwares, then the exploit kit can use one of them to drop an executable file into the user's profile directory and attempt to launch it. If this is successful, the executable file gains the same privilege level as the user, or possibly higher in the case of Java.
I didn't see anything posing as a Flash Player update, but that's a common method of getting the computer's user to simply hand over the keys to the kingdom. Never run anything claiming to be an update unless you went to the official site yourself (such as Adobe.com) or have started the actual program and are using its built-in update function. Even that should be done only on a trusted network, to protect against an EvilGrade-style attack.
For a home user with a Windows system, your easy wins against exploit kits begin with uninstalling Java and never looking back, then installing Secunia's Personal Software Inspector and updating any out-of-date software it alerts you to. Hit the Windows PC security link in my signature for some additional suggestions.