Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2904676 times)

bob3160 · « **Reply #2730 on:** October 04, 2013, 06:39:32 PM »

Quote from: polonus on October 04, 2013, 06:36:54 PM

Hi Asyn,

Thanks for that article link.
Others here could google translate that articlke txt into UK English or American English.

Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.
Users should also explicitly allow the use of these readers in the browser
as is the rule with a lot of browsers now.
They should rfeally pre-scan document links or re-check these particular software executables and update uri's for malcode.
Through these latest hacks Adobe has manoevered itself into the ranks of Java and likewise security-problematic codes.

polonus

If you're using Chrome, it already handles that function.

polonus · « **Reply #2731 on:** October 04, 2013, 06:44:19 PM »

Hi bob3160,

Writing this in Google Chrome actually, thanks for the reassurance. Good Google Chrome was an early starter with Google Safebrowsing and the plug-in security.

polonus

Asyn · « **Reply #2732 on:** October 04, 2013, 08:04:00 PM »

Quote from: polonus on October 04, 2013, 06:36:54 PM

Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.

Unrelated to this issue, I do exactly that for a long time. (My personal suggestion is the free PDF-XChange Viewer.)

DavidR · « **Reply #2733 on:** October 04, 2013, 08:08:06 PM »

Quote from: Asyn on October 04, 2013, 08:04:00 PM

Quote from: polonus on October 04, 2013, 06:36:54 PM
Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.

Unrelated to this issue, I do exactly that for a long time. (My personal suggestion is the free PDF-XChange Viewer.)

I have long given up adobe reader, bloated, vulnerable a target for exploit.

I too have been using PDF-XChange Viewer for some time now (a year or more) I gave up on fox-it reader, became too much hassle and it tried to install other stuff.

bob3160 · « **Reply #2734 on:** October 09, 2013, 03:53:28 PM »

Attempted hack against AVAST

No one is ever 100% safe. We all need to stay vigilant!

Asyn · « **Reply #2735 on:** October 09, 2013, 03:58:00 PM »

Quote from: bob3160 on October 09, 2013, 03:53:28 PM

No one is ever 100% safe. We all need to stay vigilant!

I wouldn't be too worried about an attempted hack, but only about a successful one.

polonus · « **Reply #2736 on:** October 13, 2013, 12:18:04 AM »

Redirects hides malicious Google Chrome extensions: http://blogs.technet.com/b/mmpc/archive/2013/10/11/redirect-hides-browser-extension.aspx
link article author = MMPC's Jonathan San Jose

polonus

mchain · « **Reply #2737 on:** October 13, 2013, 10:14:54 AM »

Criminals Hit the ATM Jackpot (Symantec blog)

http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot

bob3160 · « **Reply #2738 on:** October 14, 2013, 01:22:13 AM »

I just received the following and, it was not caught by Gmail
as Spam or a Phishing attempt:

I don't have and have never had a Discover Card. the link provided leads to:
hxxp://alang-alang.vsu.edu.ph/language/red.php

polonus · « **Reply #2739 on:** October 14, 2013, 12:47:34 PM »

PHISHING is from a link to hadamak dot com dot br -> http://support.clean-mx.de/clean-mx/phishing.php
and the site was also hacked earlier this year: https://www.zone-h.org/mirror/id/18886560
See for original site (IP migrated): http://urlquery.net/report.php?id=6704542
Just PM-ed mchain about this and have sent him an extensive report,

polonus

P.S. We seem to continue doing "under par" in the Brazilian malware theater, due to the fact that there exists an avast! mono-culture and malware is specifically hardened by malcrteants to evaded and circumvent avast detection as we conclude from the avast detection rate of Brazilian banking malware which is definitely under par. Tech also repeatedly complained about this situation. Avast should go "the extra mile"here, like in the old days the Old-Roman legionaires had the right to enlist (conscriptum) a citizen to carry his 65 KG pack for one mile, there was no dispute over this because every army-road in the Roman Imperium had milestones. So that is where the saying originates.

Damian

bob3160 · « **Reply #2740 on:** October 14, 2013, 02:27:13 PM »

They also have one prepared for Wells Fargo.
In case you didn't fall for the Discover Card Scam.

The link leads to the same hijacked place as the last one.

polonus · « **Reply #2741 on:** October 14, 2013, 10:14:27 PM »

Hi bob3160,

Some further analysis observations:
See where the redirect went: alang-alang.vsu.edu.ph/language/red.php (no alerts detected now)
What was there before: http://urlquery.net/report.php?id=6711562
For the IDS alerts suppressed: http://www.support.jpgottech.com/knowledgebase.php?article=52 (info Knowledgebase)
And here we are at the malware redirect:
GET /components/com_jnews/includes/openflashchart/tmp-upload-images/discovercard/discovercard/discover/index.php HTTP/1.1
Host: -hadamak.com.br
See: htxp://lifestyle.fsp.co.za/errors

On that main site htxp://lifestyle.fsp.co.za
lifestyle.fsp.co dot za/sites/all/modules/lightbox2/js/modal.js?9 benign
[nothing detected] (script) lifestyle.fsp.co.za/sites/all/modules/lightbox2/js/modal.js?9
status: (referer=lifestyle.fsp.co.za/)saved 953 bytes 88f181fe0d9236fdf705dde023973361ed3716cb
info: [decodingLevel=0] found JavaScript
error: undefined variable Drupal
error: undefined variable Drupal.behaviors
error: line:1: SyntaxError: missing ; before statement: (will leads to warnings in some IE browsers)
error: line:1: var Drupal.behaviors = 1; (do not dump PHP variables into JavaScript strings in such a way)
error: line:1: ....^
suspicious:

polonus

bob3160 · « **Reply #2742 on:** October 15, 2013, 12:59:32 AM »

Thank Damien but, I never clicked the link so was never in any danger from the redirect.
This just points out that when you click on things you have no business clicking,
Your computer will most likely take a licking!

polonus · « **Reply #2743 on:** October 15, 2013, 01:17:04 AM »

Hi bob3160,

Very well put, bob3160.

These are the things we learn here at the forums,
just to "really watch our clicks".
You might be just one click away from danger.
Keep that at the back of your mind always.

I hope a lot of trigger-happy clickers will read through these posts,
and learn from it or....
they have to learn it "the hard way",

polonus

MikeBCda · « **Reply #2744 on:** October 15, 2013, 01:20:09 AM »

I'm constantly getting this kind of email, but just ignore it if I know darned well I've never done business or had an account with them. On extremely rare occasions I'll get the same kind of phishing attempt supposedly from my own bank or Paypal (quite a few from the latter lately), and I just forward those to the respective anti-phishing addresses for any appropriate further action on their part.

(edit, Polonus posted while I was still typing) Interesting typo there, looks like you "downgraded" Bob by 10 and then gave it back to him in the next line.