Millions of Sites Hit with Mass-Injection Cyber Attack

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
The ploy is the same: you visit a website and it informs you that your computer is compromised and needs to be scanned. This version is not really all that different, but it looks like it has infected an unusually high amount of computers. The easiest way to beat the malware is just say no. Is the malware getting smarter or the average computer user just getting dumber? :D
 
I seem to spend 25% of my service time removing this bullshit from users computers. There has GOT to be a way to end it!

I do know that Symantec AntiVirus and McAfee simply go crouch in a corner and piss all over themselves when one of these hit. It's pathetic. The only AV I've seen proactively stop it is NOD32.
 
TechLarry said:
I seem to spend 25% of my service time removing this bullshit from users computers. There has GOT to be a way to end it!

I do know that Symantec AntiVirus and McAfee simply go crouch in a corner and piss all over themselves when one of these hit. It's pathetic. The only AV I've seen proactively stop it is NOD32.
Click to expand...

They get past nod32 just fine, too. The only protection that works is a trained clicker finger.
 
TechLarry said:
I seem to spend 25% of my service time removing this bullshit from users computers. There has GOT to be a way to end it!

I do know that Symantec AntiVirus and McAfee simply go crouch in a corner and piss all over themselves when one of these hit. It's pathetic. The only AV I've seen proactively stop it is NOD32.
Click to expand...

In the zombie apocalypse you won't need to outrun the rabid zombies, just your fat friend.

And in the modern world or internet security your clued up user doesn't need 'foil hat' levels of paranoia while your average Jo is fool hardy enough to be taken in with things like this.

Lock down your mum and misses computers, and sit back and take in the easy business this sort of thing creates. People will eventually wise up to this, forcing the crooks to find new methods of getting other peoples money (as they always have and always will) but for the time being just be happy to be ahead of the curve.
 
Hide your kids, hide your wife, and hide your husbands cuz they're Mass-Injection Cyber Attacking everybody out here.
 
MajorDomo said:
The easiest way to beat the malware is just say no.
Click to expand...
Not always. Sometimes clicking "no" means yes anyway and trying to "red x" your way out doesn't work.

I got hit with one recently and took a screenshot and went into IrfanView to save it. I did not click anything, and before I knew it, it had installed itself. Ugh!

These days it's all about Firefox with NoScript installed. :eek:
 
i removed something exactly like this the other day from my housemates computer

heh he truly believed he had a virus
 
It was found to be in to several of the Ad servers that farms out Ad banners to several sites at a time. It also was tagged to several sites with names close to the American Idol voting site. So if you tried to vote and clicked on the wrong site it infected the computer. The day after the American Idol show this week I ended up have to clean it off several peoples computers.
In my honest opinion the people who make these programs need to taken out to a back ally and permanently crippled so the only job left to them is as cum catchers for their prison cell mates.
One of the main issues with these programs seem to be that they can Nuke most of the AV programs loaded on to these computers. Norton, Mcafee, Bit Deffender, and several others were rendered useless on first contact. Annoying as hell.
 
So what did you end up using to cleanup thoer systems?

I agree with the crippling comment
 
Then you will be convinced that your machine couldn't possibly be hacked.:D Score one for the Jobs followers.

Personally, I'd be happy with a secure OS (Linux apparmor is a good start, but I would prefer a usable SELinux) and a secure web browsed. I'm pretty sure that any secure browser wouldn't be able to view all of the sites I want to visit (maybe some sort of warning: webmonkey is clueless, this site can not be secured...).
 
Baditude said:
So what did you end up using to cleanup thoer systems?

I agree with the crippling comment
Click to expand...

The versions I've seen are all tagged to the Explorer.exe shell So just booting to safe mode has not worked as it runs even there . So clean boot to command prompt with out that starting explorer.exe will allow you to go in and manually delete files. After that Ctrl-Alt-delete for task manager and file, new Task(Run) and run Malwarebytes from a thumb drive. Or use whatever programs your used to using. And while I'm sure someone here has a better way or better program everyone does things differently so use the one your most comfortable with. This is what has been working for me.
 
I''m sorry. I'm might be missing something here, but how is this news? Sounds exactly like the Vundo and Zlob trojans with a new alias.

BigYoSpeck said:
sit back and take in the easy business this sort of thing creates.
Click to expand...

Like P.T. Barnum once said...
 
How I do it -

Remove infected HDD.

Install infected HDD in docker.

Scan HDD as a pure data drive with -

Malwarebytes
MSSE
Clamwin

Each of those will find stuff. Malwarebytes finds less and less so beware.

Then install HDD back in PC/Laptop and then run Combofix to find the rest and reset the registry so stuff works again.

One product isnt enough.
 
Lethal said:
Not always. Sometimes clicking "no" means yes anyway and trying to "red x" your way out doesn't work.

I got hit with one recently and took a screenshot and went into IrfanView to save it. I did not click anything, and before I knew it, it had installed itself. Ugh!

These days it's all about Firefox with NoScript installed. :eek:
Click to expand...

Best to just hard reset the PC the second you get hit rather than click the window AT ALL.
 
GushpinBob said:
I''m sorry. I'm might be missing something here, but how is this news? Sounds exactly like the Vundo and Zlob trojans with a new alias.



Like P.T. Barnum once said...
Click to expand...

This is news because almost over night it went from a few Hundred thousand infected to Millions. On top of that it seems to be several different programs pretty much all doing the same Hostageware take over but using slightly different means to do it. 2 different people hitting the same infected site will get 2 different versions of the hostageware and while the effect is the same there does seem to be slight difference in how the infection takes over the computer. One may get infected just by being on the site while the other gets redirected to another site before being infected. One will even over wright Java to an older version to exploit a hole there that a new version of Java plugged and in one case (Still trying to figure out how) It installed Java on a system a friend had taken the time to completely remove java from it.
Funny thing is, It looks to be several different groups working in concert. (If that make any sense).
 
anonmoniker said:
Best to just hard reset the PC the second you get hit rather than click the window AT ALL.
Click to expand...

Its even better to keep a giant can of WD-40 around. Open the case, spray it all over the inside to loosen up that pesky rotten slow computer of yours, and voila, problem fixed. See you in $700 later when you buy a new one ;) The PROBLEM however did get fixed.
 
daglesj said:
How I do it -

Remove infected HDD.

Install infected HDD in docker.

Scan HDD as a pure data drive with -

Malwarebytes
MSSE
Clamwin

Each of those will find stuff. Malwarebytes finds less and less so beware.

Then install HDD back in PC/Laptop and then run Combofix to find the rest and reset the registry so stuff works again.

One product isnt enough.
Click to expand...

true, I do use a few different programs to remove them. Malwarebytes, Adware, search and destroy ect ect. that is why I said use programs your comfortable with using. I've seen Combofix not find anything while Search and Destroy found most of them and Adware found the rest and vice versa. The one major problem with doing that is these programs do not play well together and that can be a huge pain in the ass.
 
skinnydaddy said:
true, I do use a few different programs to remove them. Malwarebytes, Adware, search and destroy ect ect. that is why I said use programs your comfortable with using. I've seen Combofix not find anything while Search and Destroy found most of them and Adware found the rest and vice versa. The one major problem with doing that is these programs do not play well together and that can be a huge pain in the ass.
Click to expand...

Also, I do not have a dock for HDD's. My resources are very limited. As I am currently unemployed and just doing this on the side for extra cash.
 
skinnydaddy said:
Also, I do not have a dock for HDD's. My resources are very limited. As I am currently unemployed and just doing this on the side for extra cash.
Click to expand...

Cheapo external hard drive dock = 20 bucks. That's a small fraction of the fee you should be charging each customer for this type of work.
 
skinnydaddy said:
Also, I do not have a dock for HDD's. My resources are very limited. As I am currently unemployed and just doing this on the side for extra cash.
Click to expand...

Thanks for your reply, I figured Malwarebytes along with the others mentioned. I agree with Breakspirit, a cheap dock could make things easier and I sure someone would not bitch too much since your saving thier pictures and music etc.. from thier fuckup. Just add the cost into one of your repairs. After all if they take it to BB theuy will be paying alot more Im sure.
 
skinnydaddy said:
One will even over write Java to an older version to exploit a hole there that a new version of Java plugged and in one case (Still trying to figure out how) It installed Java on a system a friend had taken the time to completely remove java from it.
Click to expand...

Reminds me of some of the kids back in '99-2000 or so who would install web servers on computers they had access to just so they could "deface" them.
 
wizdum said:
Or just open the side of your PC case and plug the drive in.
Click to expand...

Dude if you want to plug someone else's virus-infested drive into your machine along with its boot partitions and such, be my guest. I'll stick with external usb docks that let me easily hot swap and all the other goodness that comes with that.
 
breakspirit said:
Cheapo external hard drive dock = 20 bucks. That's a small fraction of the fee you should be charging each customer for this type of work.
Click to expand...


Ok, Lets put it this way. $20 bucks for a dock or 5 extra mins of work and I can use the extra cash on fuel or food. I'm not charging these people much to begin with. If I start to do this full time I'll buy a few docks and far better equipment. I do not think of my self as professional by any means. I have been doing tech support since 95 and at that time I was hardcore in to everything even remotely related to computers. I have found that as the years go by I'm not keeping up with current trends or even going out of my way to learn new things anymore.The only reason I even looked at this hostageware was because I was starting to seeing the same thing on several different computers but with subtle differences. What has this to do with buying a dock? Let me finish. I get a call from someone I know who's screwed up and now their computer is spiting sandscript and call for the end of days. I get what info I can from them and tell them to shut it off. I grab a couple of thumb drives load what software I think I need and head over. Thats it.
I fix it. Give them a lecture on back ups and making sure its updating and I leave.
And while I'm sure there are far betters ways to do it. Its all I need.
If they want more, I'll go professional and charge them for it and I lose someone who I could go out drinking with later. The Idea behind this is simple. I'll fix it when its broke, but I'm not 24hrs. I'm not selling you anything and I am not a teacher and I don't charge jack shit.
 
PornoSatan said:
Reminds me of some of the kids back in '99-2000 or so who would install web servers on computers they had access to just so they could "deface" them.
Click to expand...

Lets not forget about script Kiddies. Talking about how bad ass they were in AOL/Compuslave chat rooms.
Or days of Steve Jackson games BBS being yanked because a hacker trophy passed through it and the SS not understanding what Cyberpunk was.

Stupidity can be found anywhere at any time. No sector of business is safe from it. No Country has a monopoly on it. Its just that the IT sector has better documentation.:D
 
skinnydaddy said:
Ok, Lets put it this way. $20 bucks for a dock or 5 extra mins of work and I can use the extra cash on fuel or food. I'm not charging these people much to begin with. If I start to do this full time I'll buy a few docks and far better equipment. I do not think of my self as professional by any means. I have been doing tech support since 95 and at that time I was hardcore in to everything even remotely related to computers. I have found that as the years go by I'm not keeping up with current trends or even going out of my way to learn new things anymore.The only reason I even looked at this hostageware was because I was starting to seeing the same thing on several different computers but with subtle differences. What has this to do with buying a dock? Let me finish. I get a call from someone I know who's screwed up and now their computer is spiting sandscript and call for the end of days. I get what info I can from them and tell them to shut it off. I grab a couple of thumb drives load what software I think I need and head over. Thats it.
I fix it. Give them a lecture on back ups and making sure its updating and I leave.
And while I'm sure there are far betters ways to do it. Its all I need.
If they want more, I'll go professional and charge them for it and I lose someone who I could go out drinking with later. The Idea behind this is simple. I'll fix it when its broke, but I'm not 24hrs. I'm not selling you anything and I am not a teacher and I don't charge jack shit.
Click to expand...

Cool story bro.
 
What's ticking me off about all this is nobody is saying exactly WHAT the vulnerability is that the SQL injection is taking advantage of to infect the servers in the first place. As a user I know how to avoid being attacked by an infected site. That's the easy part. I'd really like some useful information about how this thing is working so I can know if my own website is vulnerable or not. Then again, perhaps the "experts" haven't figured it out yet. :(
 
a lot of the new ones are not bad as its norm only 1 file to remove (norm does not require malwarebytes to be ran or combofix) but i have come across mess with the reg setting for exe files so you have to run the fake av with the program, some that are nasty that mess with system drivers (i have an 99% fix rate on most of the systems i work on that do not Require an windows reload, other 1% is an windows reload to fix the problem),

does not matter what virus scanner you got on your computer the protection ends when you do what that person did on his youtube VMware box (Press run) your securty ends when youfo that no antivirus can protect you from users maybe stupidity (but first time an user hits an issue like this they just assume its there antivirus or windows warning)

most of my customers know its fake so they do not run it, but as i have commented before and one other user has commented in here about Automated Fake AV install, just going to an broken website is some times enough to get it installed on your system (that is what i have been removing of loads of systems last 3 weeks but I think MS has patched the bug now as i am only getting the customer fault fake av installs)

the only fix for that is Use Chrome, opera or firefox (and install IE9 even if you DO not use it) as automated problems should norm not happen
 
I've never seen one of these 'work.' I really liked seeing the video with explanations.
 
Is the malware getting smarter or the average computer user just getting dumber?
Click to expand...

definitely users getting dumber.

i wonder why they don't make more of this malware for OSX.

Apple users tend to know less about how to use a computer, and are more likely to install this bullshit
 
Congratulations to my wife. This happened a couple weeks ago and she didn't click thru it. Damn I'm a lucky man!
 
On all our computers in the house (Windows 7), I run the account as Standard User and just type in the Admin password when needed. Its an extra step most of the time, but its one more brick in the wall. Going into Windows 7 was the first time I ever ran as anything but Admin, and I don't blame Microsoft for this....the more that computers become mainstream the more assholes out there are gonna pull this crap.

Microsoft needs to find a way to stop keyloggers....they are a huge issue right now.
 
mtrupi said:
Congratulations to my wife. This happened a couple weeks ago and she didn't click thru it. Damn I'm a lucky man!
Click to expand...

I remember a few months ago when my dad got one of the fake AV scanners coming up as a pop up in his browser. The problem is they look so convincing to a lay person they don't realise it's still just in their browser. Luckily his first instinct was to panic and flick the wall switch. I blame my self for not training my parents properly but there are so many attack vectors these days I've pretty much just nannied up there PC so it won't do anything other than what I've set it to do.

I have to Teamviewer into it quite a lot to install or change things for them but it's peace of mind.

Has there never been a watchdog expose on things like this, I mean they scare monger you into thinking all PS3's are going to YLOD but I've not seen one on basic common sense web vigilance.
 
My laptop actually got infected with one of these, it made it so I can't use exe files. The kicker is, the only site that was open was a gamefaqs walkthrough. Closed my lid, and woke up to windows total 7 protection. Very strange.
Posted via Mobile Device
 
You must log in or register to reply here.
Back
Top