Avast WEBforum
Other => Viruses and worms => Topic started by: Shalimar on August 29, 2010, 02:43:38 PM
-
2 simultaneous incidents just happened regarding "URL:MAL".
I clicked on the following search link and Avast showed alert: URL:MAL
Reptilian/ Reptoid Information Resource | The information you need
I interviewed a few of the former employees on these ... modern airport built on an alleged underground, reptilian base. ... reproductive organs, tongues, etc. used for -- i.e. the ...
wXw dot freewebs.com/reptoids/undergroundbases.htm
...BUT...Avast showed the URL to be: "the movie downloads dot com" as the URL instead of showing the URL listed as from freewebs dot com! :o ???
Next, I went to Unmask Parasites in order to see what it said about "the movie downloads dot com" URL...BUT...as I entered Unmask Parasites from MY SEARCH PAGE OF "Start page dot com", Unmask Parasites instantly showed me that my start page "start page dot com" has:
23 suspicious inline scripts found. ??? :o
Next, I typed in the URL for "the movie downloads dot com" to see malware...BUT...Unmask Parasites shows that URL to be "clean"!
So I had only intended to alert you about the original search page link that Avast sounded off on (wXw dot freewebs.com/reptoids/undergroundbases.htm) but which Avast also said was coming from a different URL (the movie downloads dot com)! AND now, ALSO, even though Unmask Parasites says the URL for "the movie downloads dot com" is clean...it is telling me that my start page I use (most of the time instead of Google), called "start page dot com" has 23 suspicious inline scripts found!
I tried to make this sound intelligible, but I realize I may not have stated this too clearly! ::)
Can someone please advise me as to whether I should stop using "start page dot com" for awhile?
...and...is there malware in the URL of either those 2 URLs that Avast had trouble with, but which Unmask Parasites did not have trouble with?
EDIT: I forgot to say that while on the Unmask Parasites website, I tested out BOTH of those URLs that Avast questioned, and both were stated to be clean.
-
Both were stated to be clean?Don't worry,i think is a false alarm.
:)
-
hxxp://www.freewebs.com/reptoids/undergroundbases.htm
.....this is the search link I clicked
hxxp://www.themoviedownloads.com
.....this is the URL Avast showed as the URL
hxxp://www.startpage.com (my chosen search page I mostly use instead of Google)
-
Thank you. I saw that Unmask Parasites showed those two first URLs as "clean", but I thought perhaps something might have been wrong since Avast sounded off...I glad nothing was wrong after all!
BUT...what about my start page that I use called "hxxp://www.startpage.com"?
Unmask parasites says I have 23 suspicious inline scripts on it.
-
Hi,you can scan the link by this website:http://www.urlvoid.com/.
Please do not visit the following website:hxxp://www.themoviedownloads.com/(DANGEROUS)
;D
-
hxxp://www.freewebs.com/reptoids/undergroundbases.htm
.....this is the search link I clicked
It tries to load some .gif file from themoviedownloads.com
also! If unmaskparasites has said that themoviedownloads.com is "clean" it doesn't mean it is. It means that it hasn't "suspicious" code or something. but it could host malware for example. If avast blocks it, there is(or there was) some reason to do so.
-
Ok, so hxxp://www.themoviedownloads.com URL might still have something wrong with it.
I am curious though as to how or why Avast showed the above URL instead of the one I clicked on called: hxxp://www.freewebs.com/reptoids/undergroundbases.htm
I guess somehow the link I clicked on got redirected perhaps to the movie downloads link? ??? ???
-
If you go back to that google search, then just hower your mouse pointer on the headline
What url is then showing at the bottom of your browser ?
-
Maybe this is more than you want to know, but...
From my start page, called hXXp://www.startpage.com, I used the following search words:
Drakenberg, Dragon Mountain, i.e. a former Reptilian base...
The 3rd search link from the bottom of that search page shows:
Reptilian/ Reptoid Information Resource | The information you need
I interviewed a few of the former employees on these ... modern airport built on an alleged underground, reptilian base. ... reproductive organs, tongues, etc. used for -- i.e. the ...
hXXp://www.freewebs.com/reptoids/undergroundbases.htm
AND...when I hover over the link, it indeed shows the link to be:
hXXp://www.freewebs.com/reptoids/undergroundbases.htm
Therefore, that has left me questioning how hXXp://www.themoviedownloads.com URL was showing in Avast's alert.
-
Have you done a malware check with Malwarebytes ?
also clean your temp files
Temp File Cleaner by OldTimer ( will clean ALL and ONLY tempfiles )
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator)
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
-
Therefore, that has left me questioning how hXXp://www.themoviedownloads.com URL was showing in Avast's alert.
The link you clicked tries to load .gif file from themoviedownloads.com.
-
I ran Malwarebytes and everything was fine.
When I opened Firefox again and checked Unmask Parasites against my startpage.com, NOW it showed my startpage was fine, also!
However, I went ahead and downloaded the TFC and used it, too.
Next, I decided to try that startpage search page link, again, so I typed in the words:
Drakenberg, Dragon Mountain, i.e. a former Reptilian base...
and the 3rd link from the bottom of the page was the link in question:
"Reptilian/ Reptoid Information Resource | The information you need
I interviewed a few of the former employees on these ... modern airport built on an alleged underground, reptilian base. ... reproductive organs, tongues, etc. used for -- i.e. the ...
hXXp://www.freewebs.com/reptoids/undergroundbases.htm"
.....Again, when I clicked on that search link, Avast sounded off...AND AGAIN showed the URL in question to be a different URL that has the "URL:malware":
hXXp://www.themoviedownloads.com/image/banner_1n.gif
What I don't understand is why Avast is showing malware for the URL of movie downloads - a totally different URL than I even have available to me - when I'm actually clicking on a link for the free webs.com site?
OOPS! I just discovered that the hXXp://www.freewebs.com/reptoids/undergroundbases.htm web page contains information about the "movie downloads" website...it states:
Sponsors....Movie Downloads...Click Here to Visit Movie Downloads.
So I went a step farther by copying those few lines and pasting them into my email (where I have some notes about this avast problem), and AS SOON AS I PASTED THOSE LINES INTO MY EMAIL, the Avast alerted me, again! Perhaps the Avast would have gone off no matter what I copied from that web page? But at least I discovered why Avast kept referring to "movie downloads" as the culprit even though I was trying to access a different website...it's because "movie downloads" is IN that website! Maybe I should be saying "duh!"? ::) ;D
-
Well I don't know what is with that "false alarm": http://www.mywot.com/en/scorecard/themoviedownloads.com
Web of Trust doesn't like it ::)
About startpage, I don't know that search engine, I trust in Microsoft, and I help them by submitting dangerous results to improve Bing, it's marked as clean by Web Of Trust and some users agree too, only one said something about McAfee gave him an alert. (On StartPage)
Freewebs? Another nice site: http://www.mywot.com/en/scorecard/freewebs.com
Light green but it has more red comments than green ;D
And the first 2 lines are partly answers for this question:
"Avast sounded off...AND AGAIN showed the URL in question to be a different URL that has the "URL:malware":
hXXp://www.themoviedownloads.com/image/banner_1n.gif
What I don't understand is why Avast is showing malware for the URL of movie download"
I think you get URL:MAL because avast! has this site on it's blocklist - so it blocks the connection, and that's why avast shows the URL, and not the infected item(s) ;D
About this:
"So I went a step farther by copying those few lines and pasting them into my email (where I have some notes about this avast problem), and AS SOON AS I PASTED THOSE LINES INTO MY EMAIL, the Avast alerted me, again!"
- Well, the most used tracking method is a transparent gif image with 1x1 pixel size, and when you copied the text, you could copy an image too, avast! (as I know) won't give you warning if you copy and paste some text. (That image could be located anywhere inside the text)
And as I said, because this site is listed on avast!'s URL Blocklist, when you pasted the text, avast! detected that there was something in that text you copied, warned you and blocked the connection.
I hope I was understandable ;D
-
I ran Malwarebytes and everything was fine.
When I opened Firefox again and checked Unmask Parasites against my startpage.com, NOW it showed my startpage was fine, also!
However, I went ahead and downloaded the TFC and used it, too.
Next, I decided to try that startpage search page link, again, so I typed in the words:
Drakenberg, Dragon Mountain, i.e. a former Reptilian base...
and the 3rd link from the bottom of the page was the link in question:
"Reptilian/ Reptoid Information Resource | The information you need
I interviewed a few of the former employees on these ... modern airport built on an alleged underground, reptilian base. ... reproductive organs, tongues, etc. used for -- i.e. the ...
hXXp://www.freewebs.com/reptoids/undergroundbases.htm"
.....Again, when I clicked on that search link, Avast sounded off...AND AGAIN showed the URL in question to be a different URL that has the "URL:malware":
hXXp://www.themoviedownloads.com/image/banner_1n.gif
What I don't understand is why Avast is showing malware for the URL of movie downloads - a totally different URL than I even have available to me - when I'm actually clicking on a link for the free webs.com site?
OOPS! I just discovered that the hXXp://www.freewebs.com/reptoids/undergroundbases.htm web page contains information about the "movie downloads" website...it states:
Sponsors....Movie Downloads...Click Here to Visit Movie Downloads.
So I went a step farther by copying those few lines and pasting them into my email (where I have some notes about this avast problem), and AS SOON AS I PASTED THOSE LINES INTO MY EMAIL, the Avast alerted me, again! Perhaps the Avast would have gone off no matter what I copied from that web page? But at least I discovered why Avast kept referring to "movie downloads" as the culprit even though I was trying to access a different website...it's because "movie downloads" is IN that website! Maybe I should be saying "duh!"? ::) ;D
I'm sorry,Shalimar.I checked the website again in the morning,i found all of them are clean.I think you can turn-off the Avast! real-time when you visit hxxp://www.themoviedownloads.com,But you must install AVG LinkScaner to keep you visit website safety.I hope can help you,Thanks!
-
I think you can turn-off the Avast! real-time when you visit hxxp://www.themoviedownloads.com, <snip>
Never turn off your real-time shields. That is like telling someone to drive a car without knowing there are no brakes! Avast shields are there to protect you.
I just performed several on-line scans and for those of you who did visit the site, I have bad news :'( -- see Anubis (the 2nd and 3rd give detailed results).
http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996 (http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996) (Summary of analysis)
http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996&format=pdf (http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996&format=pdf)
http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996&format=xml (http://anubis.iseclab.org/?action=result&task_id=177687135e85aa4149dff8c725a78e996&format=xml)
http://www.virustotal.com/url-scan/report.html?id=198d22f04ae721e416dd5286dc9b7d2b-1283132837 (http://www.virustotal.com/url-scan/report.html?id=198d22f04ae721e416dd5286dc9b7d2b-1283132837) - clean
http://www.unmaskparasites.com/security-report/ (http://www.unmaskparasites.com/security-report/) - clean
http://www.novirusthanks.org/services/scan-websites-for-iframes/ (http://www.novirusthanks.org/services/scan-websites-for-iframes/) - clean for iFrames
Checking several sites was worth it.
To all of you who went on this site:
1. Update your Avast definitions and run a Full Scan. If you have a 32-bit machine run a Boot-time scan as well.
2. Check for malware with MBAM Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select "Perform FULL Scan", then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply. - to the OP or anyone infected
3. Download CCleaner Slim version (scroll down to see the Slim version - 4th down) without the toolbar http://www.piriform.com/ccleaner/builds (http://www.piriform.com/ccleaner/builds) to clean up your machine.
4. Download Download TFC by OldTimer to your desktop.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/)
· Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
· It will close all programs when running, so make sure you have saved all your work before you begin.
· Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
· Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Please do not visit the site mentioned in this thread or enter the site into any email. Thank you.
-
Visiting that site without real-time shields? 3/16 detections on URLVoid (hpHost, Web of Trust and TrencMicro Web Reputation)
http://www.urlvoid.com/scan/themoviedownloads.com
-
I was scanning under the original web site the OP posted (no need to repeat it here). The OP then got the movie site listed in the Avast scan. If you look at the results of Anubis, this site can cause many changes.
To play it on the safe side, I would have one of our malware experts review this later and add comment to this. In the meantime, I would not turn off Avast shields and follow instructions I have posted earlier. Thank you. :)
-
@Sartigan...
About this:
"So I went a step farther by copying those few lines and pasting them into my email (where I have some notes about this avast problem), and AS SOON AS I PASTED THOSE LINES INTO MY EMAIL, the Avast alerted me, again!"
- Well, the most used tracking method is a transparent gif image with 1x1 pixel size, and when you copied the text, you could copy an image too, avast! (as I know) won't give you warning if you copy and paste some text. (That image could be located anywhere inside the text)
And as I said, because this site is listed on avast!'s URL Blocklist, when you pasted the text, avast! detected that there was something in that text you copied, warned you and blocked the connection.
I hope I was understandable
Thank you for your explanation.
As I previously said, I didn't know if Avast would have sounded off its alarm with almost anything I would have copied from within that "freewebs" website, but because I had found words related to the other website called "movie downloads" within its web page (of which Avast had been sounding off its alarm), I wanted to report back to the forum what I had found...and so I chose to go ahead and copy/paste that text into an email draft only because it was quicker for me to do that instead of taking the time to write down the information. Foolish of me? "YES"!
As stated previously, the text I had copied/pasted from within the "freewebs" web page was:
"Sponsors....Movie Downloads...Click Here to Visit Movie Downloads"
And, of course, I was surprised to hear Avast sound off after pasting those words into my email because I then had been thinking it basically had been a false alarm.
@Devil...
I'm sorry,Shalimar.I checked the website again in the morning,i found all of them are clean.I think you can turn-off the Avast! real-time when you visit hxxp://www.themoviedownloads.com,But you must install AVG LinkScaner to keep you visit website safety.I hope can help you,Thanks!
Of note is that I don't download movies, so I have never "visited" or even attempted to visit the website called hXXp://www.themoviedownloads.com
With that said, I guess it appears the reason Avast was sounding off its alarm when I was trying to access the website called - hXXp://www.freewebs.com/reptoids/undergroundbases.htm - was because that website actually contained information about the "movie downloads" website WITHIN its web page and was containing the image/banner_n1.gif malware.
Also, for what it's worth, I would like to mention that I personally would prefer never to turn off my Avast when using the internet because I wouldn't feel safe in doing so.
@SafeSurf...
"I just performed several on-line scans and for those of you who did visit the site, I have bad news Cry -- see Anubis (the 2nd and 3rd give detailed results)."
"Please do not visit the site mentioned in this thread..."
(A) For me personally, I only tried going to this website link:
hXXp://www.freewebs.com/reptoids/undergroundbases.htm
...which contains malware on its web page from an image/banner by "the movie downloads" website.
So until that ever gets fixed, I realize that I should not try linking to the "freewebs" website.
(B) I have no intentions of ever going to the "movie downloads" website.
QUESTION:
Are you referring only to hXXp://www.themoviedownloads.com?
OR...are you referring to both websites; the website I tried linking to and then actually ended up visiting, also (hXXp://www.freewebs.com/reptoids/undergroundbases.htm)?
Since I didn't know if you were also referring to the website I actually ended up visiting (the freewebs one) "after" I ran the first MBAM & TFC scans (and CCleaner), and in order to be safe, I ran both of them, again, and all is well.
-
Are you referring only to hXXp://www.themoviedownloads.com?
OR...are you referring to both websites; the website I tried linking to and then actually ended up visiting, also (hXXp://www.freewebs.com/reptoids/undergroundbases.htm)?
Since I didn't know if you were also referring to the website I actually ended up visiting (the freewebs one) "after" I ran the first MBAM & TFC scans (and CCleaner), and in order to be safe, I ran both of them, again, and all is well.
I ran the online scanners for the malware detection with hXXp://www.freewebs.com/reptoids/undergroundbases.htm and got the positive hit with Anubis.
Keep MBAM as an on-demand scanner; just remember to always update prior to using it and you can do a Quick scan in the future. Many of us use it here. The cleaners come in very handy as well.
Was your Avast FULL scan clean? If you have a 32-bit machine, did you do a Boot-time scan and was that clean as well? If you have a 64-bit, let me know and I will give you another diagnostic tool to use.
Is your machine otherwise acting normally now? If not, please describe any problems. Thank you.
-
Hi SafeSurf!
Thanks for explaining which website you scanned because I was mistakenly under the impression you had scanned the movie downloads site instead.
QUESTION:
If the freewebs website (hXXp://www.freewebs.com/reptoids/undergroundbases.htm) would eliminate the "movie downloads" text they have within their web page, do you think their website would then be free of malware? ::)
I do updates with MBAM, SuperAntiSpyware, & Spyware Blaster daily before going on the internet, and I had done updates, again, before running MBAM both times regarding this issue. I use the quick scan regularly, but I chose to do full scans in this case.
I also use CCleaner daily (actually more than once daily). I had never used the TFC before, so I really don't know if that is something I should be using on an ongoing basis or not. ???
Yes, my Avast full scan was clean, and here are the results of the 2nd scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4505
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/30/2010 4:38:58 AM
mbam-log-2010-08-30 (04-38-58).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 216460
Time elapsed: 24 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
My machine has been working fine so far. I have a 64-bit OS (which includes a 32-bit internet explorer), so if you wish to give me another tool to use, please advise, and thank you.
-
I had never used the TFC before, so I really don't know if that is something I should be using on an ongoing basis or not.
It comes in handy if you have malware located in the temp files that can not be removed. Essexboy use it as part of the weekly cleaning...
-
@Pondus...
It comes in handy if you have malware located in the temp files that can not be removed. Essexboy use it as part of the weekly cleaning...
Thank you! I will now include TFC as part of my armor!
OFF SUBJECT:
I just read about the new rootkit "destroyer" in another thread and discovered that if you have a 64-bit Windows with UAC turned on, you should be safe from getting infected. Well, I've been running my 64-bit with UAC turned "off" :o...but I shall now go turn it back on!!! 8)
I knew I was supposed to be leaving UAC "on", but I had preferred not to...but no longer! ;)
-
QUESTION:
If the freewebs website (hXXp://www.freewebs.com/reptoids/undergroundbases.htm) would eliminate the "movie downloads" text they have within their web page, do you think their website would then be free of malware? ::)
If they detect it, but this page belongs to a website hosted on freewebs. (I don't know who will remove it)
I would avoid freewebs ::)
-
Make the UAC pop-up not so invasive.
Configure Windows 7 UAC
http://www.w7forums.com/configure-windows-7-uac-t1553.html
-
@Sartigan...Thanks!
@YoKenny...
RE: My "off-topic" note
I've been using this new PC for 5 months now and with the UAC "off". :o Unfortunately, just within the last couple of hours with the UAC "on", I have been getting a tad bit frustrated >:(, but I'll just have to get used to it for safety sake. Sometimes we don't like things that are actually good for us, right? ;D Anyway, I'm going to change my UAC to the one you showed because I see it will be less invasive, so thank you very much!
-
Sometimes change is good and staying still leads to old age then senility! ;)
-
If the freewebs website (hXXp://www.freewebs.com/reptoids/undergroundbases.htm) would eliminate the "movie downloads" text they have within their web page, do you think their website would then be free of malware?
Until the freewebs website removes the malware, I would not go on that site.
It sounds like you are doing all the right things to protect yourself and your MBAM log is clean.
What browser do you use normally? Perhaps adding some extra safety features within your browser may help you, but ultimately it is the user that needs to make the careful choice of where to go/surf.
I may also suggest that you check to make sure that your software is up to date using Secunia Software Inspector: http://secunia.com/vulnerability_scanning/personal/ (http://secunia.com/vulnerability_scanning/personal/) on a weekly basis since software changes so frequently. This will also add security to your system.
Please let me know if you have any additional questions. Thank you. :)
-
I try to remember running my Secunia PSI weekly, but it has been about a week or so since I last ran it...
AND so I just ran it and it shows that I have 3 insecure programs.
SECUNIA PSI SHOWS:
ASSESSMENT: AT LEAST ONE ATTACK VECTOR EXISTS WHEN USING THIS BROWSER.
(1) Microsoft Internet Explorer 8.x ---------- Insecure, no solution SA24314
(2) Microsoft Internet Explorer 8.x (64-bit) - Insecure, no solution SA24314
ASSESSMENT: NOT SECURE FOR BROWSING; AT LEAST ONE CRITICAL ATTACK VECTOR EXISTS WHEN USING THIS BROWSER.
(3) Mozilla Firefox 3.6.x ---------------------Insecure, no solution SA41095
RE: INTERNET EXPLORER
Criticality level: Less critical
Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities.
Where From remote Solution Status Unpatched
Software: Microsoft Internet Explorer 7.x and 8.x
CVE Reference(s):
Description:
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected.
RE: FIREFOX:
ASSESSMENT: NOT SECURE FOR BROWSING; AT LEAST ONE CRITICAL ATTACK VECTOR EXISTS WHEN USING THIS BROWSER.
Mozilla Firefox 3.6.x --------------------Insecure, no solution SA41095
Criticality Level 4 Highly Critical (4 of 5)
Impact System access
Where From remote
Solution Status Unpatched
CVE Reference(s) CVE-2010-3131 CVSS available in Customer Area
Description:
A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 3.6.8 for Windows. Other versions may also be affected.
Solution Do not open untrusted files.
I posted some comments from 2 people about this subject:
palisade
RE: Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability
22nd Aug, 2010 19:52
I have verified this exploit still works on the latest IE8. I also tested Chrome and Firefox, they are not vulnerable.
Update: The IE9 preview is not vulnerable to this exploit. However, the preview is far from ready to be used as a replacement web browser for IE8 and it is not officially out yet. This vulnerability is not actually closed until MS fully releases IE9 to the public after the beta this September.
mlefevre
28th Aug, 2010 12:39
According to https://bugzilla.mozilla.org/show_bug.cgi?id=59157... , Mozilla's reference for this is https://bugzilla.mozilla.org/show_bug.cgi?id=57959... , although that bug is still locked.
It seems to have been fixed in the source code, so I guess that 3.6.9 will fix this (a release candidate for 3.6.9 just came out, and it's scheduled for release on September 7th).
SO....On September 7th, Firefox will have a new release (3.6.9) which will have the fix in it.
AND..Sometime in September, IE9 will be released, with the fix included.
In the meantime, while we wait for the "fixes", and to be on the safe side...just stop using your computer! :o ;D
P.S. If anyone discovers that I don't really know what I'm talking about here, please feel free to let me know...I can take it (I think?). ??? ;)
EDIT:
Well, I re-read the information above and elsewhere, and it appears that I DID misunderstand about the IE9 release in September. Supposedly, the IE9 beta is to be released on September 15 and (as said above) it is NOT vulnerable to the harmful exploits which IE8 & IE7 are. BUT the official full release, of course, could take a long time to be released...a lot longer than just September!
Again, from a statement made above in these notes somewhere, this comment was made:
"This vulnerability is not actually closed until MS fully releases IE9 to the public after the beta this September"
I then discovered these statements from the following website:
http://www.computerworld.com/s/article/9180659/Microsoft_to_release_IE9_public_beta_on_Sept._15?source=toc[/b]
Microsoft has said nothing about a ship date for IE9, though many have speculated on an April 2011 release to coincide with MIX, the company's annual Web conference, which is slated to take place April 12-14, 2011, in Las Vegas.
It's possible the ship date will be significantly later: Microsoft finalized IE8 a full year after it released the first public beta for that browser. If it maintains the same pace for IE9, the upgrade's final edition might not appear until September 2011.
Does this mean that the regular public might be waiting over a year to have this security issue fixed? I hope not. Well, for now, I'll be looking forward to September 7th, when Firefox fixes the issue with their 3.6.9 release.
Again, if I'm making too much of this issue, I hope someone will please let me know! It's just that I find it hard to believe that people might end up waiting a year or longer to get a security fix!
@SafeSurf
Aren't you glad you reminded me to scan my computer with my Secunia PSI?!?! I sure am, BUT look at the length of this posting I just finished with...sorry! ::)
-
As far as the Fx warning goes, just follow the advice of not opening untrusted files.
But then, that is good advice always. ;)
-
@Gargamel360
Good advice. :)
I've decided that I've just made way too big of an issue out of not having a secure browser...but that doesn't make me feel any more secure! ;D
-
Yeah, its a downward spiral if you let it get that way. :)
Being smart about security already puts way down your odds of infections and the like,
just don't be "possessed" by every little possibility. As you have noticed, that is a dead-end street. Just keep up-to-date on types of threats out there, and them relax
and be happy that you are in the minority that actually enable your own security,
rather than waiting to have it handed to them.
-
Aren't you glad you reminded me to scan my computer with my Secunia PSI?!?!
Nah...now you're starting to sound like me. ;D
You have done excellent homework, and looking at your Signature, you have added great add-on's to help improve your security in your browser. Yes, the FF release will be coming very soon, which will help. I think you have learned a lot and I would keep doing what you are doing. Now you can help teach others. ;)
Let me know if you have any other questions. If you feel that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. Thank your for allowing me to assist you.
-
I'm trying Secunia PSI 2.0 Beta
We are happy to announce the immediate availability of the Secunia Personal Software Inspector (PSI) 2.0 Beta.
We hope you will take the opportunity to join the last part of the testing phase before the Secunia PSI 2.0 goes "Final". By joining the beta you can help make the new Secunia PSI 2.0 a better product which hopefully will help millions of users secure themselves against the threat from having unpatched programs.
http://secunia.com/blog/123
User Type Difference
Average user with Secunia PSI: +6%
Average user without Secunia PSI: +15%
-
@Gargamel360
Good advice. :)
I've decided that I've just made way too big of an issue out of not having a secure browser...but that doesn't make me feel any more secure! ;D
If you haven't already got the NoScript add-on for firefox that goes a long way in combating 0 day/unpatched vulnerabilities/exploits, etc. Another add-on, RequestPolicy further adds to your protection, but many find this add-on a step to far as there is far more user interaction required. But both add-ons after a while require very little user input as you would have set the various settings for the site you regularly visit.
Add to that a healthy degree of common sense (highly effective) and you will avoid many of the scams/exploits, etc.
-
@YoKenny
RE: Secunia PSI 2.0 Beta. Thank you! I hadn't realized the Beta was available. I went to the website and my desire to download it kept changing as I read through several comments. "If" I decide to get it, I will definitely turn off the "automatic updates" feature for Java and Adobe Flash because I want to personally uninstall those in the proper manner before any updates are done to them!
@DavidR
Another add-on, RequestPolicy further adds to your protection, but many find this add-on a step to far as there is far more user interaction required. But both add-ons after a while require very little user input as you would have set the various settings for the site you regularly visit.
You got me, DavidR...I'm one of those "many" that found the add-on "a step too far"! I've tried it 3 separate times, but it was too mind boggling for me; each time uninstalling it because I didn't want to spend time in making it allow scripts that NoScript was already allowing. I just didn't have the patience, I guess! :o
@DavidR
Wow...U get "2 replies from me"! ;)
I do use NoScript and I wouldn't ever want to be without it -- which is one of the reasons I never plan on leaving Firefox! It's almost the greatest thing since the creation of life!!! 8)