Avast WEBforum

Other => General Topics => Topic started by: FreewheelinFrank on August 27, 2007, 11:38:47 AM

Title: "Storm" worm spam video- bespoke exploits
Post by: FreewheelinFrank on August 27, 2007, 11:38:47 AM

"Storm" worm spams serves up different exploits to different browsers, modifies the exploits to evade detection, and offers a malware file under various names:

F-Secure Video (http://www.youtube.com/watch?v=fm9ikZs5o38&eurl=http%3A%2F%2Fwww%2Enet%2Dsecurity%2Eorg%2Fvirus%5Fnews%2Ephp%3Fid%3D851) (On YouTube)

Title: Re: "Storm" worm spam video- bespoke exploits
Post by: polonus on August 27, 2007, 11:51:01 AM

Hi FwF,

That is why I say we should block all script etc. from running inside a browser until we know a certain site to be free of malware. In FF and Flock the safest way to go is having NoScript installed, and temporarily allow a site when scandoo or another linkscanner or DrWeb's av linkscanner shown the site to be free of malware. For these embedded scripts, tags, malicious code etc. there should not be a chance of running automatically inside a browser brought in by browser developers BY DEFAULT, else we loose the fight. How to convince opposing parties this is the only way to go? (With opposing parties I mean those that benefit from monitoring, tracking, clickstream harvesting etc, and the lazy unaware browser user of the "I cannot be bothered to do anything about it, must be easy and fast" types).  What we need here basically is a change of attitude, that is really what it is all about.

polonus