Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Most AV software is USELESS against SCRAPER Sites

01 Feb 2010   #1

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 
Most AV software is USELESS against SCRAPER Sites

Hi all

We seem to get more and more bogged down with finding the best AV software for preventing Viruses / worms / trojans etc etc.

These are largely old hat now -- what most of this software DOESN'T protect you against (and its difficult to see how to devise good protection for this type of attack) is clicking on to sites that you've been directed to via SCRAPER SITES which have already adjusted the search order say in Google putting Rogue sites at the top of the search list.

These are automated sites that continually scan pages in say News sites to scrape info from these that keep their pages at the top of a google search. Now on a google search most people tend to click on sites at the start of the search so a lot of the Scraper sites have ensured that the rogue sites are at the top of the search and the "Victim" is directed to a rogue site with "fly by" or other malware stuff present.

You need to be careful now in just using things like google without realizing what can happen.

Most AV software is currently 100% (in fact 150%) USELESS against this type of attack.

I wish some of the AV companies were even as HALF as good as some of the scammers.

I'm using MS Forefront Client security which has a decent real time protection but most of the typical stuff people have on their machines doesn't do real time protection. This these days is a MUST if you use any search engine and then visit a site you don't know and trust COMPLETELY.

Cheers
jimbo

My System SpecsSystem Spec
.

01 Feb 2010   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This would be a 'browser hijack'.

<snip> from a web page:
Quote:
Most browser hijackers take advantage of Internet Explorer's ability to run ActiveX scripts straight from a web page. Generally, these programs will request permission to install themselves via a popup that loads when you visit a certain site. If you accidentally give them permission to install, IE will execute the program on your computer, changing your settings. Others may use security holes within Internet Explorer to install themselves automatically without any user interaction at all. Worse, these can be launched from popup ad windows which the user has not even intended to view.
As well as making changes to your home page and other Internet Explorer settings, a hijacker may also make entries to the HOSTS file on your system. This special file directly maps DNS addresses (web URLs) to IP addresses, so every time you typed 'www.pcstats.com' (as an example) you might be redirected to the IP address of a sponsored search or porn site instead.


This is why I advocate using SpywareBlaster and SpywareGuard. Please read the tutorial.
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
My System SpecsSystem Spec
01 Feb 2010   #3

XP Pro & Vista Home Premium (x86); Windows Ultimate 7600 x64 Retail
 
 

Quote   Quote: Originally Posted by Jacee View Post
This would be a 'browser hijack'.

<snip> from a web page:
Quote:
Most browser hijackers take advantage of Internet Explorer's ability to run ActiveX scripts straight from a web page. Generally, these programs will request permission to install themselves via a popup that loads when you visit a certain site. If you accidentally give them permission to install, IE will execute the program on your computer, changing your settings. Others may use security holes within Internet Explorer to install themselves automatically without any user interaction at all. Worse, these can be launched from popup ad windows which the user has not even intended to view.
As well as making changes to your home page and other Internet Explorer settings, a hijacker may also make entries to the HOSTS file on your system. This special file directly maps DNS addresses (web URLs) to IP addresses, so every time you typed 'www.pcstats.com' (as an example) you might be redirected to the IP address of a sponsored search or porn site instead.
This is why I advocate using SpywareBlaster and SpywareGuard. Please read the tutorial.
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Most definitely use SpywareBlaster. I also suggest installing Spybot Search & Destroy and loading its HOST table which redirects known bad sites IP addresses to the host PC (effectively NULL address). Note that with Spybot I use the Internet Protection option and loading its HOST table. I do not use its "TEATIMER" function as it incurs additional overhead.

The home of Spybot-S&D!

These two steps/apps utilize passive protection against known bad sites with little to no processor overhead.
My System SpecsSystem Spec
.


01 Feb 2010   #4
jav

Windows 7 Ultimate x86 SP1
 
 

jimbo45, I do agree with you in a way and respect you, but...
Yes, most AV can't stop this kind of attack.
But wait They are "Anti Virus" (and I mean classic only signature based scanners, which are rare now), and they are not meant to stop this kinds of attacks...

But If we are talking about Internet Security programs, Internet Security Suites or other programs like Jacee has suggested or any other programs designed for this then it's another subject and most of them can protect from this kind of attacks.
Note: That's actually why they are called "Internet Security" and almost all AV vendors recommen it if you want to use Internet...

There are lots of new technology now being implemented to Internet security programs to protect not only from browser hijacks but even from phishing and user stupidity...
Almost all Internet Security suites give you browser protection, hijack protection, ActiveX control and even link scanners.

So AV softwares aren't designed for Internet attack, that's why they are in a way useless, but we can't blame AV companies. They have created more specific programs for those of us who want protection from Internet threats and called them Internet security.

I am not saying that AV is the best thing ever... But I think it's unfair blame to AV companies...

P.S. No offence meant to you I do respect your opinion, it's just we have different opinions.
My System SpecsSystem Spec
01 Feb 2010   #5

 
 

There is only one way to browse the net in complete safety and that's to run your browser through Sandboxie.

Learn Sandboxie's capabilities and I doubt you would ever surf the net without it.
My System SpecsSystem Spec
01 Feb 2010   #6

 

Quote   Quote: Originally Posted by Jaxryley View Post
There is only one way to browse the net in complete safety and that's to run your browser through Sandboxie.

Learn Sandboxie's capabilities and I doubt you would ever surf the net without it.
flash clipboard is still exploitable...Sandboxie only prevented local buffer overflows if they happened against a protected process. Sanboxie doesn't protect (via virtualization) the entire OS. Leaving several heavily exploitable attributes "unprotected".
My System SpecsSystem Spec
01 Feb 2010   #7

 
 

Probably not with start/run restrictions implemented and I can't remember seeing this exploit being posted over at SB's forum.

Do you have a link or poc.
My System SpecsSystem Spec
01 Feb 2010   #8

XP Pro & Vista Home Premium (x86); Windows Ultimate 7600 x64 Retail
 
 

I am wondering which websites you folks are visiting that allows the internet to so easily infect your PCs...

Perhap 2 machines are needed. One to do actual work on and the other for surfing porn/cracked software sites.... you can just restore the porn site machine's system image after each "session".....
My System SpecsSystem Spec
01 Feb 2010   #9

 
 

Quote   Quote: Originally Posted by Muad Dib View Post
I am wondering which websites you folks are visiting that allows the internet to so easily infect your PCs...
You can find a few sites below. Some links go dead fairly quick and there are quite a few lists like this around the place.

MalwareURL - URL listing
My System SpecsSystem Spec
01 Feb 2010   #10

 
 

Quote   Quote: Originally Posted by brady View Post
Quote   Quote: Originally Posted by Jaxryley View Post
There is only one way to browse the net in complete safety and that's to run your browser through Sandboxie.

Learn Sandboxie's capabilities and I doubt you would ever surf the net without it.
flash clipboard is still exploitable...Sandboxie only prevented local buffer overflows if they happened against a protected process. Sanboxie doesn't protect (via virtualization) the entire OS. Leaving several heavily exploitable attributes "unprotected".
OK I found a link to this exploit over at SB's forum.

www.sandboxie.com :: View topic - Flash Clipboard Exploit
My System SpecsSystem Spec
Reply

 Most AV software is USELESS against SCRAPER Sites




Thread Tools



Similar help and support threads for2: Most AV software is USELESS against SCRAPER Sites
Thread Forum
The Useless Web Chillout Room
Solved 2Q's 1:Can I delete useless partition? 2:Best backup software? General Discussion
30,000 Wordpress Sites Infected to Redirect to Fake AV Sites Security News
New laptop with a useless software. Software
Scroogle Scraper Scrapped General Discussion
any sites where i can check a sites ip address General Discussion
Anti-malware software is not all that useless. Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:33 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33