1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server-side-polymorphism-malware

Discussion in 'Windows - Virus and spyware problems' started by Mez, Aug 23, 2013.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I have been criticized for believing in invisible malware even though I have posted links supporting this as far back as 12/12.

    Even 2old will probably get it if he takes time to read the link that I know he will. No offence 2old I just like to stir the pot too and you have taken enough cheap shots at me. I apologize in advance.

    Below is the best article I have read so far on 'invisible malware' or unscannable malware. The video at the bottom is a must. You see code, you see a function scrambel the code then you see several scrambles more scrables each scramble looks nothing like the others then the garbage is executed and it works fine. Traditional AV scanners have no hope of detecting this new plague.

    server-side-polymorphism-malware by sophos
    This is why most malware infections are all done from web servers. The attacks are mainly in the form of links. If you click on the link you are infected. Infected adds and infected legit web pages also will infect you using hidden injection frames/ports. There has been a massive increase into website getting hacked through a varity of processes.

    Sorry I cut and pasted the link. I was at work and the only allowed browser would not allow me to use the link button and it also 'truncated' some of the url in the middle of the url not at the end and I didn't catch it.
     
    Last edited: Aug 23, 2013
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Where's the video? the link only takes me to the naked security web site..

    p.s. which article is it?
     
    Last edited: Aug 23, 2013
  3. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,725
    Likes Received:
    46
    Trophy Points:
    78
    i think i will take my chances here.piss on the electric fence enough and it gets numb.lol.
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    OOOOOOOOOOOOOOh aldan, be nice! You know I have the patience of a Sphinx... Has not moved in 5000 years. :)
     
    Last edited: Aug 23, 2013
  5. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yeah, I can't spell well and if I miss spell with another word that is spelled correctly and my spell corrector misses it, I get chastised by someone who doesn't know the difference between Then and Than.. gotcha :)

    I am getting a different page from that link, now. Maybe one of those invisible Tooth Fairies were holding me back and shaking in their little Pixie boots.. LOL
     
  7. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    that is why i did it as you got me the last time. stop scaring thoes faries, you meanie!!!!!
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    That's far from new.. How do you think JavaScripts get into your computer and why they are so hard to remove?

    Just follow the first 3 rules for computing 1.backup! 2.backup! and 3.BACKUP!
    With your OS and applications backed up, you can simply restore your C drive and 'Poof' the unknown/ invisible becomes history.... Besides, If you goose a ghost... You get a handful of SHEET!
     
  9. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,725
    Likes Received:
    46
    Trophy Points:
    78
    just got of a 19 day stint working.i havent moved in 3 days.lol.
     
  10. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Is the link working for you now?

    I corrected the link. The problem was I cut and pasted the link but didn't test it. 99% of the time that works fine but I was at work and the security is tight. The browser has java scripts ect turned off and users can't alter them. If you figure out of to get around any security and they find out, kiss your job goodby. The browser also 'figured' the url was too long and took out some of the url characters out of the middle and I missed that while pasting.

    aldan, I have seen pictures to the result of pissing on something electric. I hope it wasn't an electric fence as advertised. The weener was charred around the urethra.
     
  11. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,725
    Likes Received:
    46
    Trophy Points:
    78
    nah mez,thats just an old joke.took a look at the video.sure a challenge for the security companies eh?
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @aldan, Mez was a city boy and just doesn’t understand electric fences like us country bumpkins. LOL

    @Mez the best way to keep from getting these invisible, Java Ghosts is to use Avast! With a real time JavaScript scanner and K9 Web Protection:

    K9 Web Protection by Blue Coat.

    K9 Web Protection is a FREE service. I say service because the way it works is the sites you visit are filtered through their servers as opposed to them being checked through something like a HOST File that’s installed on your computer. You still have to install a driver on your computer, but the work is done remotely. The administrative control panel is actually a Web site you go through to view sites.

    How does K9 work?
    K9 maintains a database of Web sites that contain pornography, malware, spyware, suspicious, hate speech, violence, gambling and more than 60 other categories. When a computer user tries to go to a site that's in a category set to blocked, the "prohibited" screen appears and the site is Blocked.
    If a user tries to go to a Web site that the database hasn't seen before, it scans the content of the site for inappropriate material, and then either permits or prohibits the site (this process is called DRTR -- Dynamic Real-Time Rating). This happens so quickly the user doesn't realize its happening. New prohibited Web sites are added to the database.


    Check it out. I never get anything I don’t want. And my routers SPI Firewall keeps the lion’s share of the crap I didn’t request OUT!


    p.s. I have my computer so locked down from malware that I don't get any.. note: if and when something does slip through, it tickles the piss out of me, then I get to play with the malware.........what a thrill!
     
    Last edited: Aug 24, 2013
  13. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Thanks 2old! Good suggestion.

    We use a high-end blue coat product at work. I didn't know they had a free or even affordable product so I will look into that. No one has figured out how to make an infected web page scan clean.

    Buy the way I may not be as big a bumpkins as you but I am familiar with electric fences. Enough to know some have a pulse. You can carefully touch one, think it is safe then get zapped. Although I have lived in the burbs most of my life they have mostly been the rural burbs. Like where I am now. Deer are the major trouble makers. You can only shoot deer with bows. When we first moved in we thought it was nice to see a herd of deer grazing in our back yard. Now I sick the dogs on them when ever I see even one. My son caught a copperhead in our back yard last year. We are the wild kingdom.
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    LOL where I live, If something doesn't have fangs, teeth, claws or a stinger; it has Thorns! :(
     
  15. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Sound like you are out west. I live near DC so were are very green. I live up in the head waters of Rock Creek. The White House used to get its drinking water from that creek. All the land surrounding the creek is park. I live between 2 small branches so we are nearly surrounded by park. That is handy when you have organic trash to get rid of. Our boys would 'live' in the woods during the summer. Because we are heavily wooded every other homeowner has a chain saw.

    We are in an ultra liberal county. You can't even shoot a gun here. Up about 20 miles, in the next county I have been to parties where after you drink your beer, you throw the can into the creek and sink it with a bullet. At one, if you couldn't sink it within 2 shots you were flagged. They kept a wide array of pistols on a picnic table just for that purpose. My wife did not approve of these kind of parties but came along anyway. I enjoyed my self.
     
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hell, my back yard is bigger than DC... LOL Horned toads, bobcats, diamondbacks, scorpions, etc. etc. etc. :)
     
  17. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    My sons and I would love it. Not my wife.

    If I wasn't working I would not be close to people. An hour each way commute is plenty.
     
  18. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I finally gotten around to researching K-9. My worry was more about false positive and that infections are very transitory for any decent site. I will give it a shot. I have upped the security on my firewall as well. Again ramping up the security will cause some trouble. Hacker will fake a later responce to something your browser sent. It is set now to reject those. I may be able to relax that after I start using K-9. I believe these attacks mostly come from an infected site that you are browsing. By avoiding the page you prevent the attack.

    As all your suggestions this was a good one.
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I try never to suggest anything that I have not fully tested. When setting up K-9, I use the custom web category settings and only select Spyware/Malware, Spyware effects, Suspicious and Phishing. Then in Other Settings, select Filter Secure Traffic and in Blocking Effects select Show HTTPS Blocks. I don’t use any of the other categories but they are useful if you have young kids on the computer.

    I do not use a software firewall, I use a NAT Router with at minimum WPA2 security and SPI Firewall. I won't beat this to death, but hardware is always better than software.

    To test AntiMalware, security programs, I use a virtual machine program called Deepfreeze and get ZeroDay malware to test with from sites that display this warning:
    This month I have tested against 215 new ZeroDay exploits. That way I can figure just what is the best combination to use in a layered security setup..

    2oG
    da old yin
     
  20. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I will need to check it out I installed it on the family computer yesterday but I didn't have a chance to play with it. My wife usually doesn;t follow any security precautions.

    My hats off to you!
     

Share This Page