So, you think you are secure and don't need precautions

No, I use Google all the time, but I won't click any link that isn't legitimate. There is a difference between Wikipedia.org and 8349stuff.38373.gythel.com.

Yes, and had the link been OBVIOUS such as 8349stuff.38373.gythel.com, I wouldn't have gone there either. However, something like htt://shoutback.com/metro/detroit/news/2010/01/04/WCSX-drops-DeminskiDoyle might not have appeared very questionable. It's too bad that I don't have the original link that I went to which tripped this up...I think you would find it didn't have an obviously fishy URL.

This type of response is exactly the type of response that I was talking about. Even though many of us think we are so much smarter or better equipped than everybody else...it's surprisingly easy to get tripped up with something minor like this...which is NOT obvious nor something that common sense really would have prevented. I've been using computers on the Internet since 1993 and haven't had any significant issues either...just minor things along the way.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
I have to agree with urban on this one...
 

My Computer My Computer

At a glance

Windows 8.1 PRO3rd Generation Intel Core i7‐3612QM CPU @ 2.1...8GB DDR3NVIDIA GeForce GT 525M (128 bit), 1GB Grpahics
Computer type
PC/Desktop
Computer Manufacturer/Model Number
DELL VOSTRO 3650
OS
Windows 8.1 PRO
CPU
3rd Generation Intel Core i7‐3612QM CPU @ 2.10GHZ
Memory
8GB DDR3
Graphics Card(s)
NVIDIA GeForce GT 525M (128 bit), 1GB Grpahics
Screen Resolution
1920X1080
Hard Drives
750GB 5400RPM
I have to agree with urban on this one...

That's fine guys, I can take the heat. If you want to rely on common sense and bank on the fact that only bad stuff can happen from poorly formed URL's...that's totally cool by me.

I posted this as example from somebody who knows this stuff, does this for a living, can use common sense on which URLS look fishy or not, is essentially trouble free and has always been....even then....although rare as it is, I depend upon various tools on my Windows box to keep things running smoothly.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
Protection is important

You definately need antivirus protection if you are doing any kind of surfing. Even legid sites can infect you.

How, well most sites have some form of advertising on the site, the advertising is being hosted on another website which could be infected.

So, you arrive at a good site and have no antivirus, BOOM infected and you will not even know you are. You have just become part of a zombie machine, your machine runs perfectly fine, but someone else is watching and can control it anytime. :cry:
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
I totally disagree with UrbanBounca. I've been studying malware and 'drive-by' droppers for far too long, to even suggest that protection against such isn't necessary.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
I just relived your experience and googled "Deminski and Doyle"... Cleary, (Well to me) the last couple sites are not legit...
 

My Computer My Computer

At a glance

Windows 8.1 PRO3rd Generation Intel Core i7‐3612QM CPU @ 2.1...8GB DDR3NVIDIA GeForce GT 525M (128 bit), 1GB Grpahics
Computer type
PC/Desktop
Computer Manufacturer/Model Number
DELL VOSTRO 3650
OS
Windows 8.1 PRO
CPU
3rd Generation Intel Core i7‐3612QM CPU @ 2.10GHZ
Memory
8GB DDR3
Graphics Card(s)
NVIDIA GeForce GT 525M (128 bit), 1GB Grpahics
Screen Resolution
1920X1080
Hard Drives
750GB 5400RPM
I totally disagree with UrbanBounca. I've been studying malware and 'drive-by' droppers for far too long, to even suggest that protection against such isn't necessary.

I'm currently studying law enforcement. In my experience studying the topic, juvenile violence is at an all-time high. However, in your experience as an average individual, juvenile violence hasn't changed in the past 10 years.

My point is that when you're studying something, whether it be law enforcement or PC security, it's going to look more severe to you, than to your average individual.

I haven't seen any extremely severe viruses, and with that being said, I don't feel I need the protection against them. It may be my ignorance, but when all is said and done, I'm still virus free, no matter how serious they have become.
 

My Computer My Computer

At a glance

Windows 7 Pro
OS
Windows 7 Pro
In my case, this wasn't severe at all. In fact, I cannot honestly say that it broke any of those icons...that may have just been a coincidence.

However, the checker detected it as a malicious java script page, and quarantined the browser cache file and such immediately as it happened. Without said checker, I would have likely just hit X on the website and went on oblivious to the fact that a malicious javascript file might have been lurking on my machine ready to install software if it was ever launched. So, without knowing about it from Trend...I might not have ever encountered any other problems....but that doesn't change the fact that it was there and could have caused problems. To me the ounce of prevention is worth having. To others, maybe not so much.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
Without said checker, I would have likely just hit X on the website and went on oblivious to the fact that a malicious javascript file might have been lurking on my machine ready to install software if it was ever launched.

If you had hit the 'X', the javascript file would not have just 'lurked'. The 'X' wasn't windows dialogue box button - It was a disguised Javascript 'I AGREE TO BE INFECTED' button, which was mocked up to look like a windows dialogue button. You would have been immediately redirected to a page which would scan your system for vulnerabilities, and then would automatically deliver a payload in accord with those vulnerabilities.

More than likely, and auto-download and an attempt to auto-execute would have occurred, but it's hard to say since these vectors morph on the fly to attack different systems.

I'm just pointing out that this is the new anatomy of attack. There is no 'waiting to be launched'. It'll find a way to launch itself.

EDIT: Additionally, in regard to the continuing conversation, you don't need to click anything to initiate the attack, either! You could be staring down one of these fakealerts just by using your bookmarks.

Here's a story with a recent example. In this particularly nasty situation, all someone had to do is visit one of the trusted websites afflicted, and have Acrobat installed. Bam. Infected.

It doesn't take a genius to stay safe? I'll agree with that. But it doesn't take a moron to get infected these days, either. The point here is that the bad guys are getting crafty. They are dangerous because they outstep your expectations.
 

My Computer My Computer

At a glance

Windows 7 RTMi7 9206 GB PatrioteVGA GeForce 275 GTX
Computer Manufacturer/Model Number
Custom
OS
Windows 7 RTM
CPU
i7 920
Motherboard
eVGA x58 SLi
Memory
6 GB Patriot
Graphics Card(s)
eVGA GeForce 275 GTX
Sound Card
Soundblaster X-Fi Gamer
Monitor(s) Displays
Acer 225Tw
Hard Drives
WD 1 TB
PSU
Corsair 750 W
Case
Antec Twelve Hundred
Cooling
Stock
Without said checker, I would have likely just hit X on the website and went on oblivious to the fact that a malicious javascript file might have been lurking on my machine ready to install software if it was ever launched.

If you had hit the 'X', the javascript file would not have just 'lurked'. The 'X' wasn't windows dialogue box button - It was a disguised Javascript 'I AGREE TO BE INFECTED' button, which was mocked up to look like a windows dialogue button. You would have been immediately redirected to a page which would scan your system for vulnerabilities, and then would automatically deliver a payload in accord with those vulnerabilities.
Interesting. If I recall correctly, as soon as I hit the page the Trend micro popup showed up, immediately followed by a redirect to a claimed scan which said I had problems their tool could fix. Then, I got a second pop up from Trend saying it stopped issue #2. From there, I right clicked the Firefox icon on the Superbar and chose Close Window. So to me, it looks like it ran without any interaction on my part. So, I cannot be sure that I didn't click on the X to close the browser Window. It is just a force of habit since that's the way you normally do close browser Windows.

EDIT: Additionally, in regard to the continuing conversation, you don't need to click anything to initiate the attack, either! You could be staring down one of these fakealerts just by using your bookmarks.
Like I said, I don't recall clicking on any part of the window. But as I get older my mind starts to fail me. Guess it's good that most of my surfing occurs on a Linux machine which is far more immune to this type of thing.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.
You are more than welcome to use it, but I've never had any symptom of a virus/malware. I'm not arguing they aren't getting advanced, and I'm not arguing that I'll never get one, but I can assure you, upto this point, I've never had a virus. I've used online virus scans a couple times, and I've even installed Norton and McAfee at one point, simply to prove that you don't need an AV to stay clean.

ok, couple of things:
1. Drive-by infection (dosen't require user interaction much)
2. rootkits (Rootkit - Wikipedia, the free encyclopedia)
Almost no symptoms, and I don't think you will be able to detect them with resident AV, not even saying about Online Scan.
3. Trojoan. (http://en.wikipedia.org/wiki/Trojan_horse_(computing)) almost no symptoms visible to end user.
4. Keyloggers (Keystroke logging - Wikipedia, the free encyclopedia) Symtomps?
5. Any Kernel level infections (http://en.wikipedia.org/wiki/Ring_(computer_security)) Symtomps?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
ok, couple of things:
1. Drive-by infection (dosen't require user interaction much)
2. rootkits (Rootkit - Wikipedia, the free encyclopedia)
Almost no symptoms, and I don't think you will be able to detect them with resident AV, not even saying about Online Scan.
3. Trojoan. (http://en.wikipedia.org/wiki/Trojan_horse_(computing)) almost no symptoms visible to end user.
4. Keyloggers (Keystroke logging - Wikipedia, the free encyclopedia) Symtomps?
5. Any Kernel level infections (http://en.wikipedia.org/wiki/Ring_(computer_security)) Symtomps?

If you can't detect a rootkit with a resident AV, what's the point in even having one? That being said, the majority of viruses have a symptom of some sort. I have enough experience to determine whether my system has been infected.
 

My Computer My Computer

At a glance

Windows 7 Pro
OS
Windows 7 Pro
10+ things you should know about rootkits - Strategy - Architecture - Builder AU
Rootkits are frustrating. By design, it's difficult to know if they are installed on a computer. Even experts have a hard time but hint that installed rootkits should get the same consideration as other possible reasons for any decrease in operating efficiency. Sorry for being vague, but that's the nature of the beast.
If the rootkit is working correctly, most of these symptoms aren't going to be noticeable.
Polymorphism techniques allow malware such as rootkits to rewrite core assembly code, which makes using antivirus/anti-spyware signature-based defences useless. Polymorphism even gives behavioural-based (heuristic) defences a great deal of trouble. The only hope of finding rootkits that use polymorphism is technology that looks deep into the operating system and then compares the results to a known good baseline of the system.

And answering you question.
"Why to have resident AV then?"
So, as we have seen from previous posts, rootkit which is working normal is really hard to detect.
And I mean really hard even if you are expert.
And from you example it's even harder, why?
Because you don't use any detection, prevention or atleast monitoring programs, so there is almost noway for you to tell rootkit symptoms, even if you was the person who created Windows all by yourself.
So your experience isn't enough to detect rootkit which is working as intended .

But, it is a lot easier to detect rootkit before it entering system, stealthing and Polymorpming.
So rootkit should be stopped at this stage.
How?
So there comes many things, but in our case.
Atleast Resident AV, which can still detect rootkit before polymorphism.

I know you next answer, "I can detect it myself"
really? :sarc:
#3: How do rootkits propagate?

Rootkits can't propagate by themselves, and that fact has precipitated a great deal of confusion. In reality, rootkits are just one component of what is called a blended threat. Blended threats typically consist of three snippets of code: a dropper, loader, and rootkit.

The dropper is the code that gets the rootkit's installation started. Activating the dropper program usually entails human intervention, such as clicking on a malicious email link. Once initiated, the dropper launches the loader program and then deletes itself. Once active, the loader typically causes a buffer overflow, which loads the rootkit into memory.

Blended threat malware gets its foot in the door through social engineering, exploiting known vulnerabilities, or even brute force. Here are two examples of some current and successful exploits:

Instant Messenger (IM) -- One approach requires computers with IM installed (not that much of a stretch). If the appropriate blended threat gains a foothold on just one computer using IM, it takes over the IM client, sending out messages containing malicious links to everyone on the contact list. When the recipient clicks on the link (social engineering, as it's from a friend), that computer becomes infected and has a rootkit on it as well.
Rich content -- The newest approach is to insert the blended threat malware into rich-content files, such as PDF documents. Just opening a malicious PDF file will execute the dropper code, and it's all over.
Just single exemple in which cases you are unable to stop it, just by yourself.


Rootkit - Wikipedia, the free encyclopedia
Rootkit binaries can often be detected by signature or heuristics-based antivirus programs, at least until they're run by a user and are able to attempt to conceal themselves.

and so on...
I wonder do you use atleast Firewall? :sarc:

2.About your safe sites. (as if safe...)
It is possible to make sites on your bookmarks to be malicious without notice of the owner of the site.

For example:
Code injection - Wikipedia, the free encyclopedia
Remote File Inclusion - Wikipedia, the free encyclopedia
Cross-site scripting - Wikipedia, the free encyclopedia

Will not go into details as it's too long.
Anymore questions?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
I've seen numerous posts of people who don't feel that they need a virus scanner or malware scanner with Windows and that they don't need the security features like UAC because 1) they know what they are doing 2) they use common sense 3) they have never had a problem in the past 4) they only go to reputable sites.

I have all of that stuff enabled too, but I run the Microsoft anti virus instead. What happened for me was:

While visiting one of my normal web pages, next thing I know the download warning bar flashed up. Then the anti virus said it has to delete a JavaScript Trojan from my temp files.

Ended up looking through one of my favorite tech sites to see that JS is computer health risk now.
 

My Computer My Computer

At a glance

Windows 7 Professional 64 Bit SP1INTEL DUAL CORE 2.1Ghz4GB DDR3INTEL
Computer Manufacturer/Model Number
HP DV6 1330sa
OS
Windows 7 Professional 64 Bit SP1
CPU
INTEL DUAL CORE 2.1Ghz
Motherboard
N/A
Memory
4GB DDR3
Graphics Card(s)
INTEL
Sound Card
LAPTOP
Monitor(s) Displays
2
Screen Resolution
3200x1080
Hard Drives
250GB
PSU
LAPTOP
Case
LAPTOP
Cooling
LAPTOP
Keyboard
SOLID YEAR 260U
Mouse
USB
Internet Speed
20 MB/S
10+ things you should know about rootkits - Strategy - Architecture - Builder AU
Rootkits are frustrating. By design, it's difficult to know if they are installed on a computer. Even experts have a hard time but hint that installed rootkits should get the same consideration as other possible reasons for any decrease in operating efficiency. Sorry for being vague, but that's the nature of the beast.
If the rootkit is working correctly, most of these symptoms aren't going to be noticeable.


And answering you question.
"Why to have resident AV then?"
So, as we have seen from previous posts, rootkit which is working normal is really hard to detect.
And I mean really hard even if you are expert.
And from you example it's even harder, why?
Because you don't use any detection, prevention or atleast monitoring programs, so there is almost noway for you to tell rootkit symptoms, even if you was the person who created Windows all by yourself.
So your experience isn't enough to detect rootkit which is working as intended .

But, it is a lot easier to detect rootkit before it entering system, stealthing and Polymorpming.
So rootkit should be stopped at this stage.
How?
So there comes many things, but in our case.
Atleast Resident AV, which can still detect rootkit before polymorphism.

I know you next answer, "I can detect it myself"
really? :sarc:
#3: How do rootkits propagate?

Rootkits can't propagate by themselves, and that fact has precipitated a great deal of confusion. In reality, rootkits are just one component of what is called a blended threat. Blended threats typically consist of three snippets of code: a dropper, loader, and rootkit.

The dropper is the code that gets the rootkit's installation started. Activating the dropper program usually entails human intervention, such as clicking on a malicious email link. Once initiated, the dropper launches the loader program and then deletes itself. Once active, the loader typically causes a buffer overflow, which loads the rootkit into memory.

Blended threat malware gets its foot in the door through social engineering, exploiting known vulnerabilities, or even brute force. Here are two examples of some current and successful exploits:

Instant Messenger (IM) -- One approach requires computers with IM installed (not that much of a stretch). If the appropriate blended threat gains a foothold on just one computer using IM, it takes over the IM client, sending out messages containing malicious links to everyone on the contact list. When the recipient clicks on the link (social engineering, as it's from a friend), that computer becomes infected and has a rootkit on it as well.
Rich content -- The newest approach is to insert the blended threat malware into rich-content files, such as PDF documents. Just opening a malicious PDF file will execute the dropper code, and it's all over.
Just single exemple in which cases you are unable to stop it, just by yourself.


Rootkit - Wikipedia, the free encyclopedia
Rootkit binaries can often be detected by signature or heuristics-based antivirus programs, at least until they're run by a user and are able to attempt to conceal themselves.

and so on...
I wonder do you use atleast Firewall? :sarc:

2.About your safe sites. (as if safe...)
It is possible to make sites on your bookmarks to be malicious without notice of the owner of the site.

For example:
Code injection - Wikipedia, the free encyclopedia
Remote File Inclusion - Wikipedia, the free encyclopedia
Cross-site scripting - Wikipedia, the free encyclopedia

Will not go into details as it's too long.
Anymore questions?

I use the Windows firewall, with Windows updating daily. Either way, you can keep explaining how severe some viruses can be, and it won't change my opinion in that 99% of viruses can be blocked by common sense. I use Firefox, 'cause IE is a death trap. I don't click on a questionable link, such as the example you've given regarding PDF files that can execute code. Why would I open anything from a questionable link? Once again, common sense.

I've never had any reason to believe I've had a virus on my PC. I've run numerous AV's, as I've already mentioned, to prove that you don't need an AV to be safe on the Internet, and I'm still firm to my belief.
 

My Computer My Computer

At a glance

Windows 7 Pro
OS
Windows 7 Pro
Blackhat Search Engine Optimization ('Gaming Google') and hijacking flash banner ads ('Malvertisement') are two trends on the sharp rise. The bad guys realize that people are smarter than they used to be, and won't open those emails/go to those porn sites anymore. More than fooling people into clicking links from trusted sites, these techniques can actually inject attacks into trusted sites, period. Imagine one day that you click on a bookmark to visit your favorite blog - which just so happens to be serving up banner ads at that time with hidden nasty stuff - BAM! You've been hit.

There's no such thing as 'Safe Surfing'.

As a note: Blocking javascript and flash can mitigate these attacks somewhat. Use Noscript on Firefox, and whitelist javascript and plugins in Opera. And if you EVER see an attack like this with a fake scan, NEVER click anywhere in the browser or otherwise. Clicking the 'Cancel' button will initiate the download. Clicking the red X button will initiate the download. Always go to the task manager and kill your browser. Then run MBAM or similar to clean up the leftovers in the cache, which should be harmless.

I think you still need to accept the installation manually, but if you're not patched up to code or are hit by a day-0, you might get infected without doing anything. That's the case right now with the Adobe vulnerability if you have javascript enabled.

I've seen numerous posts of people who don't feel that they need a virus scanner or malware scanner with Windows and that they don't need the security features like UAC because 1) they know what they are doing 2) they use common sense 3) they have never had a problem in the past 4) they only go to reputable sites.

So, yesterday at work, I format my Vista Enterprise machine and load Windows 7 Enterprise. I'm on an active directory domain and my user account is a member of the local admins group. I have UAC enabled at the defaults. I've got the Windows firewall enabled. I have Trend Micro installed as this is what we use at the corporate level for AV protection. We use a checkpoint firewall device for outbound access to the internet. I use Firefox. And I'm a systems admin for a living, have been for over 10 years and manage both Windows and Linux servers and am certified on both platforms.

On my way to work today, I notice that the typical DJ's on one of the local station don't seem to be on. Going into a commercial, I head an ad which seems to indicate that there might be new personality doing the morning slot now. So, after getting settled into work for the day and a few things done..I hit google.com and search for "Deminski and Doyle" which turns up a handful of links about the DJ's leaving WCSX. So, I click on a couple of the stories to read about what happened and BLAMMMOOOO, Trend goes off, at the same time that some "security threat" website pops up claiming my machine is infected with all sorts of junk and I need to buy their product. Further looking shows numerous broken icons on my desktop that were fine when I booted up this morning.

So, there you go. Somebody who has taken precautions, knows a bit about what he is doing, is using the latest and greatest OS's with features enabled and is simply using the Internet to google something non-nefarious...and even with all that...I'm hit.

For those wondering what it was, it wasn't a big deal...it turns out to be JS_RENOS.WCF. JS_RENOS.WCF - Description and solution. According to Trend, it's non destructive and not much of a problem....but I'm still interested in my broken icons.

Without said checker, I would have likely just hit X on the website and went on oblivious to the fact that a malicious javascript file might have been lurking on my machine ready to install software if it was ever launched.

If you had hit the 'X', the javascript file would not have just 'lurked'. The 'X' wasn't windows dialogue box button - It was a disguised Javascript 'I AGREE TO BE INFECTED' button, which was mocked up to look like a windows dialogue button. You would have been immediately redirected to a page which would scan your system for vulnerabilities, and then would automatically deliver a payload in accord with those vulnerabilities.

More than likely, and auto-download and an attempt to auto-execute would have occurred, but it's hard to say since these vectors morph on the fly to attack different systems.

I'm just pointing out that this is the new anatomy of attack. There is no 'waiting to be launched'. It'll find a way to launch itself.

EDIT: Additionally, in regard to the continuing conversation, you don't need to click anything to initiate the attack, either! You could be staring down one of these fakealerts just by using your bookmarks.

Here's a story with a recent example. In this particularly nasty situation, all someone had to do is visit one of the trusted websites afflicted, and have Acrobat installed. Bam. Infected.

It doesn't take a genius to stay safe? I'll agree with that. But it doesn't take a moron to get infected these days, either. The point here is that the bad guys are getting crafty. They are dangerous because they outstep your expectations.


WOW, I'm installing AV right now. thanks and reps to you
 

My Computer My Computer

At a glance

windows 7 professional & ultimate 64bit laptops2.27 boost to 2.53 & 2.53 boost to 2.804GBIntel® Graphics Media Accelerator HD
Computer Manufacturer/Model Number
Gateway/NV7923u & NV79C52u Laptops
OS
windows 7 professional & ultimate 64bit laptops
CPU
2.27 boost to 2.53 & 2.53 boost to 2.80
Motherboard
Mobile Intel® HM55 Express Chipset ???
Memory
4GB
Graphics Card(s)
Intel® Graphics Media Accelerator HD
Sound Card
realtek High-definition audio support
Monitor(s) Displays
17.3 " HD 1600 x 900
Hard Drives
hatachi Travelstar 5400 500GB & west digital 500GB
Internet Speed
35MB fios
@UrbanBounca
Please don't quote whole massage.

ok, I am not trying to make you to do something.
I am just explaining my point of view.
I do respect your point of view aswell.

But..
As I have already told you it's not about questionable links anymore.

ok, it was like this (don't click on questioable links, don't open unknown emails and blah blah blah), but it was at the beginning of the last decade.
Time has changed, malware writers aren't stupid, as somebody already mentioned they can see that nobody is opening SPAMs anymore, so they developed new methods.
So now sites on your bookmarks and favourites can become malicious any day..


Regarding my PDF example, how you tell if it is questionable or not?

As I can remember you mentioned that you are studying Law Enfoecement, right?
Just imagine you are going to your some law enforcement related site, (it's not some random site, you do trust it, It's some federal government site and you know that all students get informations from here)
So you find your information, would you open it?
From my last post you can see how easy it is to attack even this kind of government sites and infect them.
(Recently there were successful attack to 3 servers of NASA)

Or you receive even just doc document from you friend, you don't have alteast AV, how you will check it.

Do you do Online banking? or buy anything online?

And for your statement "you don't need an AV to be safe on the Internet"
Yeap, one doesn't need AV to be safe.
Because there are other software which can protect you like virtualization, Anti-executables, behaviour-blockers.
Or Windows native feauters like Software Restriction Policy, Applocker, Limited User Account (don't be happy even if they are Windows native features, you are not benefiting from them as you don't use them)

Why do you think Windows, itself even warns you that your security isn't enough.


Actually.... Good luck, glad that you haven't been infected yet and wish you not to be infected.
Hopefully you will be right and stay safe ;)

P.S. I hope you haven't been offended by my words, It was just friendly discussion and exchange of opinions. Are we ok?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
I fall on the side of thinking that a good AV-anti-AntiMalware program is useful.

But another tool often over looked by many is simply not surfing as a Administrative user.

Our site has 3500 PC's prior to migrating to active directory and and making all of our users Restricted users ALL WE DID was remove malware and viruses.

Since making that change we almost never get hit. We layer good perimeter security, workstation firewalls, Sophos corporate security and so far that has saved us.

At home I have two accounts on my PC. 1 Admin level for making changes and one restricted user for casual surfing.

I can't help but be struck by one posters claims that while he has never had a virus or infection of any type, yet he has the experience to know if he gets infected. Where exactly did this skill come from?
 

My Computer My Computer

At a glance

Win 7 64 Ultimate- Win 7 Home premium 64- XP-...Intel I7 920 OC'd 3.812 gigs Dominator 16002ea Nvidia 280's SLI superclocked version
Computer Manufacturer/Model Number
HomeBuilt
OS
Win 7 64 Ultimate- Win 7 Home premium 64- XP- Adndroid 3.1 and 2.3 Ubantu- Vista Ultimate 64
CPU
Intel I7 920 OC'd 3.8
Motherboard
Asus Rampage Extreme 11
Memory
12 gigs Dominator 1600
Graphics Card(s)
2ea Nvidia 280's SLI superclocked version
Sound Card
XFI
Monitor(s) Displays
Twin HP 2745's
Hard Drives
2ea 1 TB internal Drives - 6 TB External NAS
PSU
Thermaltake toughpower 1200 watt
Case
Lain Li A70b
Cooling
Air Cooled
Internet Speed
15 down 3 up Comcast
@UrbanBounca
Please don't quote whole massage.

ok, I am not trying to make you to do something.
I am just explaining my point of view.
I do respect your point of view aswell.

But..

I understand you're not forcing anything on me, and your knowledge on the subject is quite outstanding. I do home banking, and I've never had a problem with my home banking. I also purchase online, but only from major retailers. If I'm visiting a government site for criminal justice statistics, I trust that the site is legitimate, and as I've previously mentioned, you can typically look at the URL and determine the legitimacy.

I've been using the Internet for quite sometime now, and have a general knowledge of trusted sites. I don't use social sites, with the exception of Facebook. I don't use Digg or any other "linking" sites for that reason, they could be malicious.

Either way, I appreciate all your knowledge on the subject. It's quite interesting, but personally, I'm ignorant, and use my own experience to my advantage.

I can't help but be struck by one posters claims that while he has never had a virus or infection of any type, yet he has the experience to know if he gets infected. Where exactly did this skill come from?

That's a fair question.

I've helped a few friends with their virus problems, and have seen viruses/malware to the point where reformatting the HD is the only option. I've also been on the PC daily since 1995, which is a plus.
 

My Computer My Computer

At a glance

Windows 7 Pro
OS
Windows 7 Pro
Back
Top