Embedded malicious javascript, flash ads [RESOLVED]

hmm, i don’t know Josh123,
I just read your post/article,

I will have to agree CFP v3 is damn good, I’ve got it on my computer and its here to stay.
Browsing the net via web browsers is probably the most insecure thing there is.
Have you noticed how many sites uses flash now? and i mean in a bad way, in a malicious advertising way, I had a site the other day that kept popping up and trying to scan my PC like a diagnostic thing, but one i was aware of and read about as being a malicious program.
now the flash movie site i was on i needed to use flash, i wasn’t going to turn of that plugin in my browser (:AGY)

but what happens? i click to watch a vid and then when the new browser window opens up to play the video instead this rogue flash based commercial embedded program starts up instead.
What do we do about that? CFP and nothing prevents that. it would be so nice to have some form of security intergreted in the web browser that will stop these new threats from happening and not in a way that prevents us from running a flash video but prevent these unlegit flash programs/advertising crap diagnostic thingies from opening up and running in our browsers.

forgive me for saying but firrefox, opera IE no browsers can prevent that unless we turn of an active x control? but thats not a solution i do not want to turn of a plugin that enables me to watch a flash movie just to stop some rogue crap from opening and running.

Melih what do you think about this, and is there any solution down the line to problems like these?

P.S ad blockers. pop up blockers or anything else doesn’t stop such things from appearing and running, i find it an annoyance and intrusion but also i know its a threat cause i read about a month ago about hackers and scam advertisers now using this method to compromise PC’s and steal info

Ron,

Your browser can do the job if you configure it correctly, no need to have a resident program that thwarts what you’re allowing another running program to do. First you can allow flash, javascript, etcetera in some sites and block it in others. (By the way Flash can be very annoying but it doesn’t have much security risk, javascript is the most potentially dangerous thing that your browser can do.) Second you can ban sites so any content they send to the browser, even embedded in another site, is blocked. But anyway, that story makes me think that the site you were visiting isn’t trustworthy in the first place.

Anyway if you want further help on this in particular please start another topic. :slight_smile:

hi Japo,

the site i experienced the other day that had this problem was http://www.filecabi.net/
its never had this problem before. you can try it and see, when you click a video to watch, and its just funny videos 5 out of 10 times or more a diagnostc flash scanner will automatically load in the new window and when u close it it closes the original browser window too >:(, i have read on some news security site a reputable one that this is today’s problem. all sites use advertising and an advertiser submits an ad to a site to be used. but now either the coder for the ad embeds it with some code to run some software they want to try and get ppl to buy or rogue coders embeds it with one of todays more destructive adwares, it is a real concern about a month ago alot of security news sites was reporting the academic of this new threat and reporting of some serious cases even the FBI and american bank were victims to this so if such institutions can fall victim thos that, then so thats saying alot.

I know i can block sites but if i started doing that for legit sites that ends up with compromised adware ads then … well i’m sure you can see how counter productive that would be,

thanks for the response… i hope someday some tool can be introduced that tackles that problem without us blockig sites, cos what if one day comodo site gets one of them adware ads, i wouldn’t block comodo site if i come across teh articles again i’ll post them somewhere in a new thread, cos i am not able to explain it well it was a quite a while ago i read about it.

P.S thanks fo rmoving it :stuck_out_tongue: after reading a post i just wanted to comment and show that there still are threats that how much ever you try to prevent happening they still happen, because these threats feed of clicking or doing something legitimate. i’m sure someone else can explain what i’m talking about more better. if i come across any of the articles that been reporting about this threat then i will post it to this thread. thanks

That happening in a legit site looked like the less likely possibility, but curiously enough I have seen it before. One day the normal ads at photobucket.com turned into suspicious aggressive ones, and what is worse there was embedded javascript. Fortunately every browser nowadays blocks unsolicited popups, but photobucket needs javascript to work and so still every time I cliked any javascript button a popup appeared shouting that I was infected and prompting to download a rogue security program. The popup wasn’t blocked because its script was blocked with the legit one that I had solicited when clicking.

But there are two questions about this. First, I emailed photobucket at once, and they solved the problem immediately, emailed me back and thanked me. You should do that with filecabi.net. Anyway of course it’s bad news if a legit site is hijacked, and it’s another reason not to surf with admin rights. But if a little user can do his job to keep himself malware-free, business and other sites sure can do even more --although true they’re a bigger and more sought-after target; maybe they’re not conscious enough about security at filecabi.net even though they’re legit themselves as you say. But they’ll likely learn some lesson from this, so go ahead and email them informing them about what you’re experiencing.

Another consideration is that, at least in my case with photobucket and I think it’s most usual, the embedded content is not hosted in the hijiacked site but in the rogue one. So even if a legit site is hijacked, if the rogue site is blocked you can still visit and enjoy the infected site whereas blocking the infection.

Actually you can go deeper and block sites not only at the browser level but in the firewall, in CFP just go to Firewall > common tasks > my blocked network zones.

intersting :slight_smile:

thanks I will try blocking them intrusion sites url or IP, i just hope this one shows its url or ip, cos some of them are a pain in the butt and don’t have an address bar showing their url or ip.

but yeah i know your right so i’ll try doing that and see if i can avoid that happening again from such sites, thanks :slight_smile:

Which browser do you use? It may be easier or harder depending which one you’re using. Anyway if you email the webmaster of filecabi.net you can always ask him about the rogue domain; but it’s always possible to find out yourself. :wink:

I’m using IE 7

I prefer it to firefox which i’ve used about 2 years ago. i found with firefox it wasn’t compatible with every website, where as IE doesn’t have that problem.

i checked that filecabi.net site earlier today and clicked a few of them vids. no rogue website opened up this time. it was lastnight that it would. so i guess they are fine now, but if it happens again I’ll try adding whatever rogue site that comes up into my block zone.

thanks :slight_smile:

Okay I’ll lock this thread and tag it as solved, for better forum tidiness. If someone wants it opened again at any time just PM me or any other mod.

Cheers