New virus rampant on the Internet

[polonus]

Hi malware fighters,

There is a new Trojan out on the Internet since last week this Trojan alone has been responsible for half of the reported malware. The name of the infection: JSRedir-R.

This according to av-vendor Sophos. Almost half of all the infestations with malicious software were caused by the Trojan Troj/JSRedir-R. This malware is hosted by third party sites:
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirr.html?_log_from=rss

The Trojan only infects machines with a Windows OS.

The PC of the internet user that visit a malicious site is instantly being  infected. The malware then tries to steal personal data. "Nobody should doubt the fact that the World Wide Web is the domain par excellence for cybercrime attackers.

This new threat shows that this situation is gonna stay with us for the foreseeable future, according to Graham Cluley, Sophos's senior technology consultant for their IDG News Service, re: http://news.idg.no/cw/art.cfm?id=4F640339-1A64-67EA-E401EE325C601C9D

Scan!

"The big problem here is that too many users think that surfing on the Internet is without any dangers. But a lot of reputable legit sites fall victim to these attacks. So it is high time to wake up!. Hackers won't stop their attacks on the web. The attacks can only be countered by pre-scanning every website for malcode", according to Cluley.

Follow the standard procedure for deleting Trojans. Websites infected through Troj/JSRedir-R could also be infested with another Trojan: Troj/PHPMod-A,

polonus

[Dwarden]

i assume this is the same JSRedir-R which Avast detects for 'quite' some time as one of firsts but i assume there are so many variants that 'first' is not possible to claim by anyone ...

btw. interesting thing is 2nd url of your post leads to IE8 tag crash with (and works after reload)

Event Type:   Error
Event Source:   Application Error
Event Category:   None
Event ID:   1000
Description:
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module embd3260.dll, version 6.0.13.45, fault address 0x0002f0fd.

[Confused Computer User]

[/quote]

btw. interesting thing is 2nd url of your post leads to IE8 tag crash with (and works after reload)

well that's strange. Why did MS came out with IE8 if it's so buggy. It's also annoying on Vista. Very slow.

@Plonus or any one.
Sorry to ask this but you are more able to answer this than me. If JSRedir-R gets in on your computer (in essence breaching the firewall) would it be able to send your personal information if the computer uses the vista firewall with the Vista Firewall Control installed? I ask this because I feel that if it breached the wall to get in, can't it do the same to get out?

Thanks.

[polonus]

Hi Confused Computer User,

As to why IE8 with their inbuilt protection does not have the same protection grade as with Firefox or Flock with NoScript extension installed, you can read here:
http://forum.avast.com/index.php?topic=45411.0
Naturally IE8 is a critical update over IE7, but then as for loads of users IE came with their computers and they do not know any other way to go to the Internet or are not educated to turn IE from the default settings into a more secure browser, and they also find that working NoScript inside Fx is for them way over their heads, these users are sitting ducks for cybercrime re-directors that easily can score with one of the many Adobe and Flash or IE-MS specific holes.

Moreover while the larger majority of users won't do any upgrading or patching themselves for third party software (in previous days old buggy java still being on their machines and making 'em vulnerable). Now we, security aware,  use Secunia PSI to get all the patches and security updates for all third party software. Normal users never heard the word, and also their providers do not alert to the fact that half of their users do not own their computers anymore, because it is a bot-driven zombie working beyond the radar (lost some cycles and see slightly more activity from the console leds) but alerting their users that they are spam spewing bot-owned would not be good for their business model. They would have to take strict measures to take bot-nets out or have users clean their machines as they do not know how.

Now a third complicating factor as the malware of old has changed for low profile cybercrime directed malware downloads to see they earn money of their online victims, cybercriminal gangs and bot herders have learned that security awareness of big Web 2.0 reputable websites is full of cracks and vulnerabilities and they can cash in on that situation (example we find here in this thread, also recent SEO ad-click manipulation like gumblar.cn infections, rogue av installers, and spyware etc.

Well 60% of sites have these vulnerabilities, some have 1 some have 7 laying around that can be exploited). Normal users are not even aware of this current situation nor is the average web-owner, and all this is further being hindered by the credit crisis, so these days and times is a boom-haven for malware all sorts. Then finally also to please the average browser and Windows user the MS firewall was only one way by default.

That is why I see so many HJT logfiles where we see no active software firewall running, and that is putting users that do not know how to SafeHex at risks exactly from these new attack vectors. Good that avast is having the shields, and that the users of avast are protected here, because avast will disconnect from any redirect to a silent malware downloader site. Again I say use Fx with NoScript and RequestPolicy installed and there is not much that can harm you there,

polonus

[Confused Computer User]

HI Plonus,

As usual, thank you for your reply. That was quite interesting and I'll tackle each topic at a time.

As to why IE8 with their inbuilt protection does not have the same protection grade as with Firefox or Flock with NoScript extension installed, you can read here:
http://forum.avast.com/index.php?topic=45411.0

I all already followed this holly instruction of adding NoScript to my Firefox and haven't looked back since. Once your daily sites are added it all goes well.

Now we, security aware,  use Secunia PSI to get all the patches and security updates for all third party software.

Again, thanks to you and the Avast forum (It might have been Tech that suggested this soft to me... my memory is not clear on this aspect), I am aware of this gem.

Normal users never heard the word, and also their providers do not alert to the fact that half of their users do not own their computers anymore, because it is a bot-driven zombie working beyond the radar (lost some cycles and see slightly more activity from the console leds) but alerting their users that they are spam spewing bot-owned would not be good for their business model. They would have to take strict measures to take bot-nets out or have users clean their machines as they do not know how.

Well I consider myself a normal user (then again using Windows or Macs or even Linux doesn't work the same way. Windows is a bit more high maintenance.... from my perspective and in comparison to Mac... Linux is more for those that like code or don't want to pay for Windows).

Again I say use Fx with NoScript and RequestPolicy installed and there is not much that can harm you there,

Got it all except the request policy. For the time being it's still in the experimental phase... see link:
https://addons.mozilla.org/en-US/firefox/search?q=RequestPolicy

Also I use the Vista Firewall Control program to have a watch on my outgoing connections. The one thing which I was not sure was as to it's effectiveness. Meaning that if something sneaks-in through the firewall, would it not be as likely to sneak-out via the same way even with the Out-bound protection turned on?

Thank again for the fast reply. I'll go through the thread you gave me and see what I absorb.

Cheers

[polonus]

Hi Confused Computer User,

And I thank you for asking these questions. So whenever you (and all the others that read this) are aware of these security issues, you are already half way there of finding protection against these online threats.
First know what is out there, know how and why you are putting up certain protection, and let that grow into an attitude, and you have all that it takes to establish a secure computer environment. Essentially this comes down to: a. download and patch OS and third party software to the latest available, b. use your OS when you do not need admin rights just using normal user rights (malware there can do less harm and that goes for 92% of all known malware on MS), c. use in-browser protection (we discussed that many times here in the forums), d. use a coctail of one resident av solution and additional non-resident anti-malware programs, e. use some common sense in what you do with a PC (not going after warez, keygens, activities that are frowned upon) and contribute to an ongoing building anti-malware knowledge base here, I wish you to be secure and safe on the Internet,

polonus

[Confused Computer User]

I wish you to be secure and safe on the Internet,

Thank you for the wish. I appreciate it as well as your continued support.

Cheers

[cinchez]

ha!
A new trojan on the loose eh?!

Well im not scared, not shaken as well^^

As long as i have my avast! updated, im SAFE at the very least^^

Anyway u guys will help me if ever i will be infected by this new trojan^^---worse case scenario^^

Tnx for informing us polonus^^

[Mr.Agent]

Well Avast! im sure wont let it free. You alway got a second scanner so that what its really good and also your firewall can see his activity and block it

Mr.Agent