Commercial sites spread trojans

A new threat has appeared in the UK in which hackers have hijacked commercial sites which then download trojans and javascript viruses. See:

for more details.

Java-script is bad, even worse if you are running as administrator.
Use FireFox and get the no-script extension :

I have visited sites with that exploit, on purpose, and didn’t get infected
because no-script blocked the scripts .

■■■■■■■ serious stuff…

Luckily, NoScript protects from JavaScript and XSS :BNC

I use No-script too, but how many sites do you visit that use Java for transferring pdf’s, operating on user input, downloading and so on? I find that I am “Temporarily allowing” about one site in three. If you visit a commercial site that you are confident is not a spoof site, you don’t really worry about allowing Java. Or at least I didn’t until now.

metamorphic viruses… XSS on legit sites… google account stealing… doesn’t it sound like an apocalypse? :-)))))) one by one these thingies head our poor heads…

NoScript here as well, I think it provides excellent protection. To me it’s a kind of HIPS like Defense+. But it sure is worrying when the sites you have white-listed get hijacked, then the threat may get serious. Luckily Defense+ should catch it if it gets out of the browser.


yeah but it won’t catch anything that is INSIDE the browser - fraud forms for example.

But, you know… in ZASS there was a feature (the ONLY feature i miss) called ID Theft Protection… The goal of it was to prevent certain strings (like your credit card PIN number) leaving your computer without your consent - that is, every time i was connecting to my email box, i was prompted if i wanted to give away my password (to authenticate myself). Of course i could create a rule for it, but i was just testing. And since i had no really valuable info on my comp except my own passwords for ICQ, emails and stuff, i had no real use of it, but the above described scenario (about banking fraud) is one of possible benefit of this “ID Protection”… If (AND ONLY IF) the data from a legit page was transferred DIRECTLY to a 3rd party, not via some server-side scripts.

PS i hope COMODO will come up with similar (and probably better!) solution for ID Theft Protection… Of course, using legit certified hacker-proof sites is an option, but what about a user just not willing their email address gets in someone else’s hands? I for example don’t really surf for the things i NEED, but rather things i WANT - IT news, forums etc… And this site is the ONLY site that has a certificate i visit!

Sure, D+ won’t, but NS would - right? Unless one has already allowed it.


these types of filtering for things do not necessarily work, cos malware coudl encrypt it before it sends it out…

We already have a VE for antiphishing, we are coming up with more innovation for protecting against phishing.


OK, i’ll test VE soon. The thing i want to do is: copy some website (e. g. Gmail login form? some bank?), mix it up with some PHP and we’ll see if it detects fake…

I think I have some fake sites (eBay, Yahoo and some more) if you want them, tho they might be a bit out-dated.
Just in case you want :stuck_out_tongue:

are they detectable by VE? PM me the links please :-))

I think VE will detect them, as VE checks the IP of the webiste? Then they would fail, as you would put them on another webpage, but of course it’s possible to make it say in the adress bar even tho it’s some fake site.
But I’ll PM them for you so that you can test them :wink:
Modify them if you want. Remember that the original site probably have changed some :stuck_out_tongue:

VE will only tell you if they are legitimate.
if they are not, it will simply say nothing.