| Printable Version of Topic
Click here to view this topic in its original format |
| Celtic Radio Community > Technical Support > An Attack On My Computer |
| Posted by: Dogshirt 17-Aug-2008, 01:35 AM |
| Twice now my Norton Security has blocked an attempt on my computer of what it terms a HIGH RISK intrusion. This has happened after I have typed a post and then hit the "Post new" button. It lists the risk as; HTTP Adobe SWF Remote Code Exec And shows it coming from; pagead2.googlesyndication.com (209.85.171.166, 80) Has anyone else run into this? Can anything be done?  |
| Posted by: Shadows 17-Aug-2008, 06:52 AM |
| I use Zone Alarm and in my security settings there is a place to allow or dis-allow mobil code on a site by site basesis... I have pagead2.googlesyndication.com dis-allowed so I would not see this notice and it does not get to my machine. I would see if you can do that with Norton... |
| Posted by: Dogshirt 17-Aug-2008, 10:02 AM |
| Norton blocked it fine, and I can check the box so it will do so and not tell me. I've just not seen anything like this on this site befor and wondered what was going on. |
| Posted by: Leelee 17-Aug-2008, 10:42 AM |
Aye, that happened to me yesterday (same code), thankfully my Firewall blocked it but infomed me of the intrusion (malware).  |
| Posted by: CelticRadio 17-Aug-2008, 12:33 PM |
| The google ads that help pay for the site are responsible for those messages of your firewall. I've never had a problem with google ads causing a problem. Sometimes security products can provide way to much security so that they start disabling websites from functioning properly. |
| Posted by: subhuman 17-Aug-2008, 11:59 PM |
| As Mac said, it's a false alarm. Anytime something is trying to run on your computer that did not originate at the webpage you're currently viewing, it should "throw a warning." In this case, it's not harmful- but this tactic is also used by others with malicious intent. The website you're viewing is celticradio.net, and your computer is told to run code (based on SWF extension I'd say it's a video clip) from another site- in this case pagead2.googlesyndication.com. Since they're not the same, you get this warning. My personal experience with Norton is that it throws out too many "false positives" on malware. I've had it flag a program I've written as "malware" simply because it was UDX packed (a form of compression to make it smaller) and Norton apparently thinks trying to save bandwidth and disk space is "suspicious behavior." |
| Posted by: Robert Phoenix 21-Aug-2008, 07:56 PM |
| Well, my computer really got hit this last Friday. I went looking for a pattern to make a sporran. I typed in "how to make a sporran" into the search area and when the results came up there was one that was titled "How to make a Sporran" in capital leters. I clicked on it and it was just a video screen that said it required Active X something or other. When I tried to download this Active X thing every thing went. I got a huge red wallpaper with a big Warning on it and an offer to get rid of all myspyware, etc for just 50.00. I discoved that this wallpaper effectively highjacks and transplated itself over my old one leaving only a few iconsthat olead to "you hav been inffected" popups. Couldn't get rid of it so into the shop it went. Just got it back today and with a few adjustments of my own it seems to be running great. |
| Posted by: subhuman 21-Aug-2008, 09:53 PM |
| 1) Never install *anything* ActiveX. Period. While you're at it, ditch MSIE and use either Firefox or Opera. Java was built from day one to be secure. ActiveX wasn't. If you *do* have to use ActiveX (like for MS updates, etc) only do so from a trusted site. Something that you visit once that you found via a search engine is not a trusted site. 2) that's not really "from this site" as were the previous "attack" reports. Most likely, it was from google. As much as I despise google (that's a rant for another time) you can't really blame them, either. They did return a result matching your search criteria- it just turns out that the site they returned lied to google, and also lied to you. 3) these types of scams are becoming more and more common (we found malware, pay us $$$ to remove it). Some are really a bitch to remove- with no automated programs to do it for you. For two different cases on friends' computers I've had to boot from a CD and kill the crap through a DOS shell. 99% of the time, the only malware on your computer is the program that claims it found malware. (duh, hey I found myself!!) 4) Although this wasn't the case here, in general don't click on anything that offers "some expensive item for free" or "free money" or "kewl pr0n" or "leet warez" because the closest you'll get to porn from them is when they screw you. 5) Everyone here should be using http://phoenixlabs.org/pg2/. Although originally designed for use in P2P file-sharing networks, its most prolific use is in blocking IPs of known harmful sites. At minimum you should block these IP lists: http://www.bluetack.co.uk/config/ads-trackers-and-bad-pr0n.gz http://www.bluetack.co.uk/config/bogon.zip http://www.bluetack.co.uk/config/hijacked.zip http://www.bluetack.co.uk/config/iana-reserved.zip http://www.bluetack.co.uk/config/spider.gz http://www.bluetack.co.uk/config/spyware.gz http://www.bluetack.co.uk/config/trojan.zip Also use Bluetack's HOSTS file: http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=25 Over 90% of malware infections come from ignorance. I don't mean that as an insult, everyone is ignorant on one or more topics. If we weren't, we would not be human. However, you can begin to protect yourself by doing what I mentioned above. Contrary to what commercial products want you to believe, they are not the best protection available. The best protection available is blocking malicious sites at the driver level. This is what both PG2 and the HOSTS file do. Most commercial malware scanners look for infections that have already entered your machine. These products prevent you from communicating with malicious sites in the first place. As an analogy, a commercial malware scanner is a cure to a disease. These products are an immunization to the same disease. A cure takes effect after you've already been infected. The immunization prevents you from contracting the disease in the first place. People hear about commercial products because those companies make money off the product, thus they have an advertising budget. The free products listed above are made by users- with downloadable source code- and since they're free, there's no money involved... hence no advertising budget. Oh, well. I see I moved into one of my "open-source software is best" rants again without even meaning to.  |