Comprimised Web Sites ......
BadGirl said:
Trojan.Dumaru (Backdoor.Nibu [Symantec]
Troj/Dumaru [Sophos]
Backdoor.Dumador [Kaspersky])
Threat Level: High
Author: Smash and SARS
Description: Trojan.Dumaru opens a backdoor on the infected machine. It can log keystrokes and capture text from browser windows while visiting certain Internet banking sites. It will also steal local information including cached passwords, clipboard data and confidential information residing in the registry.
It found it again yesterday.. it didn't find it all day, or the day before.. now have to figiure out where I am picking it up at..
Basically yet to be patched security hole is Internet Explorer and Windows ..
Stuff like this:
http://www.eweek.com/article2/0,1759,2089951,00.asp?kc=EWNKT0209KTX1K0100440
from whatis.techtarget.com
drive-by download
A drive-by download is a program that is automatically downloaded to your computer, often without your consent or even your knowledge. Unlike a pop-up download, which asks for assent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message. Frequently, a drive-by download is installed along with another application. For example, a file sharing program might include downloads for a spyware program that tracks and reports user information for targeted marketing purposes, and an adware program that generates pop-up advertisements using that information. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any action on your part.
Xupiter, an Internet Explorer toolbar program, is frequently installed as a drive-by download. The program is said to replace the user's home page, change browser settings, and use redirection to take all searches to the Xupiter Web site. In some versions, the program initiates drive-by downloads of other programs. Furthermore, although it comes with an uninstall utility, Xupiter is said to be next to impossible for the average computer user to remove.
There are some arguments to be made in favor of drive-by downloads, particularly for downloads of patches or service packs that address security flaws. If these were automatically installed, instead of depending on the diligence of server administrators, computers and the Internet in general might be safer from malicious programming such as viruses and worms. In January 2003, a worm called the SQL Slammer exploited a known buffer overflow vulnerability in Microsoft SQL 2000 server systems to cause widespread Internet outages. The attack was launched precisely six months after Microsoft released a patch for the flaw. If the patch had been installed to vulnerable systems, the attack would have had little impact.
However, although drive-by downloads for patches might address specific security flaws, they might also conflict with existing system configurations, and thus create more problems than they solve.
Read more about it at:
> SearchSecurity offers a collection of Best Web Links about Malware (Trojan horses, viruses & worms).
> ZDNet's BizTech Library features an article called "Beware of Drive-by Downloads."
> The Counterexploitation Web site has advice about "Adware, Spyware and other unwanted "malware" - and how to remove them ."
Last updated on: Feb 16, 2005
) do you want this ?" you just block crap like that automatically ..........
