Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viral Scareware Infects Four Million Websites

Posted by timothy on from the warning-your-computer-may-be-at-risk dept.

oxide7 writes "A fast-spreading SQL injection attack that illegally peddles a bogus scareware has been breaking anti-virus barriers and compromising millions of websites, besides defrauding unsuspecting victims. The news of this attack was brought out by Websense Security Labs in its blog last week. Websense said its Threatseeker Network identified a new malicious mass-injection campaign which it named LizaMoon."

71 comments

  1. 1000 by Anonymous Coward · · Score: 0

    THE OWER OF 1000HACKERS!!!1

    1. Re:1000 by Alex+Belits · · Score: 1

      "OWER"?

      --
      Contrary to the popular belief, there indeed is no God.
    2. Re:1000 by Anonymous Coward · · Score: 0

      You've got the ouch!

      You've got the OWER!!!!!!!!!!

      captcha: frauds

  2. Stupid by jd · · Score: 1

    Didn't we already see this article?

    Anyways, as said before, there's plenty of guides (including by the NSA) on how to not suffer cross-scripting attacks. That anyone still suffers from them is not through a lack of resources.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Stupid by clang_jangle · · Score: 3, Insightful

      ...breaking anti-virus barriers...

      Only people who've been thoroughly windows-indoctrinated could use terminology like that -- it actually means nothing at all, except "we don't know what we're doing here".

      --
      Caveat Utilitor
    2. Re:Stupid by Haedrian · · Score: 4, Informative

      Anyways, as said before, there's plenty of guides (including by the NSA) on how to not suffer cross-scripting attacks. That anyone still suffers from them is not through a lack of resources.

      SQL injections and XSS attacks aren't necessarily related.

      XSS attacks require you to push the parameters in the URL itself. If an attacker modifies the SQL, they don't need to change anything, you just visit the site, and they'd change it 'server side' instead. So its much more dangerous, and there's no real way for the user to avoid it - except of course turning off scripts I would assume. And being careful about links.

    3. Re:Stupid by Anonymous Coward · · Score: 1

      Not to mention it is factually inaccurate in this case, the fake AV that is pushed here is not installed via an exploit, it is installed by the user after being redirected to a site showing false warnings. Moreso, 24 out of 42 of the scanners on virustotal detect it at the moment.

    4. Re:Stupid by jd · · Score: 2

      I'd interpret it as "our firewall AV isn't stopping it", which is fine because AV software isn't a generic solution but one that detects specific, well-defined viruses. And when you shove it onto a firewall, it can't do much checking if you don't want horrible packet loss.

      What it does mean, though, is that whoever wrote the article doesn't use NIDS or HIDS (the former will detect cross-scripting attacks, the latter will detect changes to files that aren't supposed to change) but relies entirely on anti-virus software on a (probably) mis-configured firewall that (likely) is running obsolete software.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    5. Re:Stupid by clang_jangle · · Score: 1

      Nah -- it's fake nomenclature designed to dazzle non or wannabe geeks into thinking "it isn't Norton's (or whomever's) fault" It's the computer equivalent of turn signal fluid. :)

      --
      Caveat Utilitor
    6. Re:Stupid by clang_jangle · · Score: 5, Funny

      "This latest viruses attack your computer's humours, exchanging it's good aire for foul and musty spirits, thus disrupting the subtle fires necessary to process your data. Most inauspicious. That's why you need Semantec's Miracle Oil, the Ninth Wonder of the Worlde!"

      --
      Caveat Utilitor
    7. Re:Stupid by TheGratefulNet · · Score: 1

      security boxes can scan at very high (near wire) rates, these days.

      DPI is all the rage and fast packet i/o with filtering and even on the fly modification is do-able.

      sad to say.

      --

      --
      "It is now safe to switch off your computer."
    8. Re:Stupid by cbiltcliffe · · Score: 2

      Moreso, 24 out of 42 of the scanners on virustotal detect it at the moment.

      Maybe the fake AV itself, but yesterday I downloaded (using wget, of course) the script file that redirects you to the malware site, and sent it to virustotal. Zero detections.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    9. Re:Stupid by sixsixtysix · · Score: 1

      +1 hilarious

      --
      ...
    10. Re:Stupid by LordLimecat · · Score: 1

      Its like "counterhacking the proxy" or "wardialing the WEP key". Just because you dont know what it means doesnt mean the rest of us arent on board.

    11. Re:Stupid by LordLimecat · · Score: 1

      Everything is Symantecs fault. Everything. Its some kind of computing rule or something.

    12. Re:Stupid by jd · · Score: 1

      Hey, don't knock it! In a hundred years time, that could be the best-selling soft drink for electronics!

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    13. Re:Stupid by Anonymous Coward · · Score: 0

      No, sorry. But now we know you're a wannabe geek who probably thinks the jargon used by that goth girl on NCIS is real. :)

    14. Re:Stupid by Anonymous Coward · · Score: 0

      Hey now, don't bust his trace.

    15. Re:Stupid by Opportunist · · Score: 1

      Right now I'm still looking for some replacement smoke for my CPU.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    16. Re:Stupid by LordLimecat · · Score: 1

      Dont be hatin cause I can create VB GUI interfaces to track the haxxers.

    17. Re:Stupid by seibai · · Score: 1

      XSS attacks require you to push the parameters in the URL itself.

      That's not actually true. Reflected XSS attacks are sometimes exploited through a URL string element (post data can also work). Persisted XSS attacks occur when user provided data is stored on the server and then later rendered in HTML without being properly encoded first.

      It's entirely possible (and not all that uncommon) for an attack to rely on both an XSS issue and a SQL injection issue. Say there's some popular CMS that has a SQL injection attack that can be exploited through a form post if the user making it is logged in with a session cookie. If this attack allows the malicious SQL to then inject script into some part of the page on that CMS so that it's rendered unencoded, it could then execute the script for other users who visit the site and attempt to make the same post to other sites that come up as the result of a Google search (Google is a great enabler of these sorts of things).

    18. Re:Stupid by tsm_sf · · Score: 1

      You need a Taoist magician to capture it properly. It can be interesting to watch them perform their rituals, but the economy of scale will always mean that it's cheaper to just buy a new CPU from asia.

      People often complain that American children show a lack of interest in engineering, but you rarely hear about our serious metaphysical deficit.

      --
      Literalism isn't a form of humor, it's you being irritating.
    19. Re:Stupid by Anonymous Coward · · Score: 0

      Hey!
      Leave Abby alone.
      She can use whatever jargon she wants to.

  3. Original post... by Zapotek · · Score: 3, Informative

    http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx

  4. more information by Anonymous Coward · · Score: 2, Interesting

    which sites are vulnerable? are there any more precise information than "outdated CMS and blog systems" ??

    1. Re:more information by Anonymous Coward · · Score: 0

      which sites are vulnerable?

      4 million sites infected and you want it to list them for you? Wow...

    2. Re:more information by Anonymous Coward · · Score: 0

      No, and there won't be, it gets articles pulled and writers shunned. iTunes links have it but they don't count because iTunes "blocks the scripts from being run". Really? For How LONG? Is that for all platforms? What about on windows (the main attack vector anyway...), where the individual is still running IE6?

    3. Re:more information by Relayman · · Score: 1

      Let me help you: "fast-spreading" "compromising millions of websites" All vulnerable Web sites are infected by now. If your Web site is out there and not infected, then you're probably okay. If it did get infected, you tried to fix it and it gets reinfected, you haven't fixed it!

      --
      If I used a sig over again, would anyone notice?
    4. Re:more information by grcumb · · Score: 5, Informative

      which sites are vulnerable? are there any more precise information than "outdated CMS and blog systems" ??

      As others have noted, the original article is much more informative.

      First, only MS SQL Server seems to be affected. This isn't because of a flaw in SQL Server, but because the injection seems only to work on a web app that's designed to run this DBMS in the back end, The article authors note that they don't know which application this is, however. This seems a little surprising, given that they should be able to spot the commonality between all the infected sites.

      Second, to determine whether your server is affected, just check to see whether your site now has an URL like http://domainname/ur.php. If it does, you're infected. If you run on Linux and Apache, it looks like you're safe from this particular attack.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    5. Re:more information by Anonymous Coward · · Score: 0

      I'm guessing he was hoping for an answer something like:

      "Any site running IIS and Microsoft SQL Server."

    6. Re:more information by butlerm · · Score: 3, Insightful

      First, only MS SQL Server seems to be affected. This isn't because of a flaw in SQL Server

      Strictly speaking, that is true. However, SQL Server supports a multiple statement binding syntax that makes it uniquely vulnerable to these kinds of injections in poorly written programs - i.e. you can start a new SQL statement anywhere simply by injecting a semicolon followed by whatever SQL you like.

      That is why if a SQL injection attack ever affects tens of thousands of sites, it is inevitably a poorly written SQL Server application. If I were Microsoft, I would add an option to turn the traditional syntax off, deprecate it for future use, and require block syntax to process multiple statements. That doesn't eliminate the problem, but it greatly reduces the possible attack surface, and the severity of the attacks that do get through.

    7. Re:more information by Alex+Belits · · Score: 1

      Bobby Tables' mom strikes again?

      --
      Contrary to the popular belief, there indeed is no God.
  5. Websense good for something? by Anonymous Coward · · Score: 0

    Websense does more then play net nanny for corporations and make really awful database designs? Who would have thought.

  6. Dupe by pgn674 · · Score: 1

    Massive SQL Injection Attack Compromises 380K URLs - Slashdot

  7. What kind of sites??? by Fuzzums · · Score: 1

    I'm getting "please install this update for bank X" for several months now and they usually link to a site that uses Joomla.
    I'm reading about this super SQL injection for several days now, but what I would like to know is what kind of sites are targeted this time. Who should be worried? Who should spend some extra time upgrading or hardening their sites?

    --
    Privacy is terrorism.
  8. how about lizamoonattack.com? by Anonymous Coward · · Score: 0

    Hey - how about sending a little traffic to http://www.LizamoonAttack.com? ;)

  9. I think it got me... by Anonymous Coward · · Score: 0

    I was running a slightly out of date version of wordpress and I woke up to "this site has been pwned by iranian hackers blah blah" across my front page.

    It also fried the database, so I'm guessing it's the same attack.

  10. News? by Gonoff · · Score: 1

    I have been dealing with the results of this for nearly two weeks. Whilst it is nice to hear the background story to it, I am puzzled why it has made /. the BBC, The Register and a load of other less useful websites. Why is it big news today?

    If anyone has to deal with a PC that has this, the fix is nice and easy.
    Copy everything off the users desktop etc - it does not seem to infect stuff
    Delete the user profile, reboot and let them log in.

    I am sure many people here will feel that the best way not to get it is not run windows in the first place. It is probably enough not to use Windows as a webserver.

    I have been using it as a tool to get all our users work moved off their desktops and onto the servers where it should be in the first place. That is a never ending striggle...

    --
    I'll see your Constitution and raise you a Queen.
    1. Re:News? by hairyfeet · · Score: 4, Insightful

      Actually I'd say the problem isn't Windows, it is PEBKAC which NO OS will solve or they would have done so by now. I just got finished cleaning one of these scareware infections where the user uninstalled their working AV to install the malware. Now why would they do that you say? Simple, they saw the number of "infections" reported on the fake scareware page and decided their good AV must not be working (since it wasn't reporting the non existent viruses) and therefor " must have gone bad" like cheese in the fridge and tossed it to install the malware.

      Now show me ANY OS that would protect the system from that level of stupid, I dare you. You can't because idiot proofing will always be defeated by the bigger idiot. For Linux here is a nice trick, how to write a Linux virus in 5 easy steps that uses nothing but bog standard social engineering. hell it doesn't even need root to be able to do all the things your average malware writer wants to accomplish. And we know this works because they used similar methods in the KDELook attack, where thousands of KDE users were infected by fake screensavers that were actually malware. Sound familiar?

      So it is real simple folks, if the user has install rights then they have the ability to screw themselves, full stop. You can try education, making them jump through hoops like UAC or root prompts, it doesn't matter. it is the classic dancing bunnies problem where if the user WANTS the malware (and that is what it all boils down to, the malware uses fear or social engineering to convince the user they want to install the malware, a classic con game) then by God they're gonna get that malware whether you like it or not!

      So in the end you do what you can, make sure they have a backup solution, and be ready to clean up the messes when they happen. it reminds me of how an old Linux admin of mine ended up being threatened with firing and had to show up before the head of the regional office because the PHB over him was demanding he allow the PHB's emails from Melissa without interference. In the end there is only so much you can do, you just can't knock the stupid out of some folks.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:News? by Anonymous Coward · · Score: 0

      Fail!

      The "vector" the Feb 2009 article refers to is one where the launcher doesn't require execute permissions. They now do.

      If you've been emailing your Linux using friends with that one you'll have to update your anti-Linux troll kit.

    3. Re:News? by hairyfeet · · Score: 0

      Afraid to make an account? they are free you know. And thanks because I so rarely get to use this in a sentence...WHOOSH! And frankly i couldn't care less about your piddly little 1% OS okay? Go hang with the Amiga and OS/2 users, I hear they can almost party as well as Linux users!

      And since you missed the point so completely, maybe you were trying to fix your wireless problems or get your OS to actually work, who knows, but the point which WHOOSHED by so easily over your head was the vast majority of attacks are social engineering based which NO, I repeat NO operating system can protect against since you are pitted against the user and if the user is actively helping the malware, which is how a social engineering attack works, then you WILL lose, full stop.

      Unless you are telling me you support the Apple walled garden where no code is allowed without corporate approval? While that kinda spits in the face of your Linux freedoms having a locked down system where the users has no control WILL kill social engineering dead. Personally I don't care for that approach myself, but if cell phones become the new PCs we could see that happen.

      of course if that happens we won't have to worry about Linux no more since it'll be dead as 8 tracks, but hey, take the good with the bad I always say. And before you scream Android where is the code for 3.0? oh right you can't have it, as Google is flipping you the bird. That is TiVoization for you. tried to warn ya, nobody listened. oh well so much for those pesky four freedoms eh?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:News? by Anonymous Coward · · Score: 0

      And so your next post demonstrates, you're really just one of those sad, woe is me Windows user who doesn't know how to cope with their poor little fav OS being hit yet again. You know, Windows has many favourable attributes. Just because it gets hit with malware doesn't mean it's of no use you know.

      Whoosh to you :-)

    5. Re:News? by Anonymous Coward · · Score: 0

      Ouch! That must really make you quite butthurt.

    6. Re:News? by hairyfeet · · Score: 1

      Hey how is those latest graphics cards working? or those thousands of devices sold in the B&M stores? oh right, they don't. Look I have NO problem with Linux in the server role in fact I use it that way all the time. The reason it works as a server is because millions of dollars and man hours have been spent making it rock solid and making sure it just works. Also OEMs have likewise spent millions (which they wouldn't have had to if Linus wasn't a douche and would allow a hardware ABI which everyone else has had FOR OVER A DECADE) to make sure drivers are solid and stable.

      What I DO have a problem with is dipshits like you that think you can take a server OS and stuff it onto a desktop and then think because YOU were able to surf the mounds of Man pages, the piles of Howtos and readmes and other bullshit, that suddenly that makes it ready for the masses. Well to quote Mel Brooks bullshit bullshit AND bullshit. There is a damned good reason why XP stomped Linux on netbooks, even though netbooks were designed around the strengths of Linux and that is because your entire driver model is shit. I repeat your driver model? Poo, crap, shite, runny nasty festering turd o' fail.

      There is also a good reason why Linux TMs exist, read them if you dare, because unlike normal people who find they have a problem who...oh whats the word?...oh yeah FIX IT...FOSSies (or as they call them on Linux TM Freetards) will make up the same stock excuses such as "worksforme" or "Linux supportsmorehardware" and trot this bullshit out so many times I can cover a good 90% of any conversation with a FOSSie with nothing but TMs.

      So if you don't want to stay in dead last forever, ask yourself THIS question"What are the others doing right that I'm doing wrong?" because when you can't even update Dell Ubuntu machines using the standard repos because it breaks half the hardware you should know your shit is shit and needs serious work. but go ahead, lay some TMs on me. It'll be like buzzword bingo, I'll match a TM to every thing you counter. Because that is what your arguments will be, hot air and bullshit.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    7. Re:News? by Anonymous Coward · · Score: 0

      The problem here is clearly education. People have been taught for generations now not to trust the "miracle medicine" salesman on the corner, they have since been taught not to trust door-salesmen selling whatever, since it is usually inferior quality at inflated prices (Though this scheme sometimes still works!!) they must now be told never to trust "window-salesmen" that opens a popup on their computer and tries to sell them something (even if it is free) since it is - at-best - inferior quality and as worst will blow up their computer.

      And yes, we can't save users from themselves, but we can at least tell them what is what and what to avoid.

      Making stuff fool-proof is impossible because fools are so ingenious...

    8. Re:News? by Anonymous Coward · · Score: 0

      Afraid to make an account?

      To resort to attacking anonymous posters for being anonymous is to surrender the argument unconditionally. You have screamed your agreement with your parent poster, and you can never take it back.

    9. Re:News? by sumdumgai · · Score: 1

      Wow. Troll much? Clearly you are not happy and you choose to attack Linux to vent your frustration with your own operating system. How are those antivirus updates going?

      The article you show as an example of the security failings of Linux is laughable. The "virus" they create must be downloaded, saved to the desktop and then executed. Hardly virus like behavior. And even then it only gains access to the user's environment. To get it to do anything malicious to the OS, you must login as root and install the virus. HAHAHAHA.... pretty dangerous virus there.

      --
      âoeIn theory, theory and practice are the same. In practice, they are not." â Albert Einstein
  11. ORDER BY popularity DESC LIMIT 10 by tepples · · Score: 1

    4 million sites infected and you want it to list them for you? Wow...

    I'd at least like to know a few of the most popular ones. Or in SQL: SELECT host FROM infected_sites ORDER BY popularity DESC LIMIT 10

    1. Re:ORDER BY popularity DESC LIMIT 10 by Paradise+Pete · · Score: 1

      Or in SQL: SELECT host FROM infected_sites ORDER BY popularity DESC LIMIT 10

      Shouldn't that be something like this?

      SELECT host FROM infected_sites ORDER BY popularity DESC LIMIT 10; DROP TABLE infected_sites; --

  12. Can someone explain why this scam works? by morikahnx · · Score: 1

    I can understand scaring people into buying fake anti-virus software. I've seen it happen on people at work where they assume its something IT installed on their machine. What I can't understand is how the people that peddle it get away with it. I mean... they trick you into buying their product.. which means they have to process money and deal with banks. Couldn't any law enforcement simple track where the money is going, grab the bad guys and just end it?

    1. Re:Can someone explain why this scam works? by Anonymous Coward · · Score: 2, Informative

      Scammers sometimes use "mules", people who are in desperate need of a job and agree to handle payments to "a foreign business that needs a representative in the country". They receive the money and then use something like Western Union to funnel the money to the "business"/scammers in an untraceable way. Money laundering isn't just for drug cartels anymore. If you take a stroll through your spam folder, you'll probably find a few "job offers" like that. Needless to say, this is very illegal and nobody should even consider participating in something like that, no matter how desperate they are. The mules get caught every time.

    2. Re:Can someone explain why this scam works? by morikahnx · · Score: 1

      So the cash is turned into something physical then.. its 'gone'.

  13. Misleading by Daley_G · · Score: 1

    The headline says Four Million Websites, but the truth is (according to Google) is that it's Four Million Webpages, and a good number of those are security-related sites that talk about the vuln, not expose it. Can we possibly look into reporting the facts instead of inflating them?

    1. Re:Misleading by Anonymous Coward · · Score: 0

      My Google search for ur.php returned: About 56,400,000 results (0.08 seconds) which is the same as yesterday. If a million are references to articles, that leaves a lot of pages. How many sites that translates to i don't know.

  14. Totally blown out of proportion by Trerro · · Score: 2

    The submitter clearly didn't read the damn article.

    All does does is force sites to display an ad for a trojan. It does NOT "break AV barriers" nor do absolutely anything to users who aren't stupid enough to actually install the software.

    It's still a problem, because yes, a good number of idiots will fall for it, but fake security software scams have been around pretty much since there's been banner advertising on the net.

    As for why this is hitting 4 million sites, I blame a lot of beginner tutorials, that are quick to teach people the basics of web development, but gloss over security or don't mention it at all. SQL injection is stupidly easy. Either
    A:
    -Call a function to escape all characters that could force the server to run entered code. In the extremely unlikely event that you're using a language that doesn't have a built-in function for this, it's not at all difficult to write your own (or grab someone else's).
    or
    B:
    -Make use of prepared statements, and call those instead of feeding SQL directly to the server.

    Either works. Doing neither is simply asking for it.

    1. Re:Totally blown out of proportion by Trerro · · Score: 1

      Err, "preventing SQL injection is stupidly easy", rather than "SQL injection is stupidly easy."

    2. Re:Totally blown out of proportion by Ben4jammin · · Score: 1

      Well both statements are somewhat true. Apparently SQL injection IS stupidly easy as it keeps happening and as others have said, preventing it is not exactly rocket science

  15. Cool it, Bobby by tepples · · Score: 1

    With a query that simple, you can use parameters (e.g. LIMIT ? OFFSET ?), which are immune to injection. It's only once you get into a variable number of parameters (e.g. right side of operator IN, or some forms of query-by-example parsers) that you really have to worry about building SQL at runtime and escaping to prevent injection.

  16. if you see this starting to load by Anonymous Coward · · Score: 0

    Someone got this POS going at work. This normally careful person came and got me when it started loading. By the time I got to their PC, it was fully entrenched.
    Later that week the same happened to me, but I just hit the Close Window button. It didn't get installed, thankfully.

    My wife got it also because it tricked her into "downloading some anti-virus updates". I actually did a System Restore, went back about and picked a date about three weeks before the "incident". From personal experience/s I have a very low success rate with System Restore. Then I ran Malwarebytes' Anti-Malware (very fine!) product. MWB removed the 30 or so net nastie in short order.

  17. WinHDD and Defender Scareware by blanchae · · Score: 1
    I've seen two instances of the scareware. In the first instance, up pops a tool that looks like a genuine Microsoft tool but called WinHDD. It reports that your hard-drive is failing and you are losing data. In order to fix it, you must activate WinHDD. But you have to pay to activate it. Spybot Search and Destroy cleans it.

    The 2nd scareware camouflages itself by taking the Windows Defender name. It claims that your computer is infected with a worm. It can be extremely difficult to remove as it intercepts all commands: everything you click on returns a message that you are infected. Looks pretty legit but you have to activate Defender and in order to activate it, you have to pay. This one is trickier to get rid of. You have to boot into safe mode, exam the bat file in the startup folder to track where the parent program (exe) is located - usually in the user's My Documents. Remove the bat file and the exe. Than reboot to safe mode plus networking, download the latest Spybot Search and Destroy, do a scan. Then you should be good.

  18. sites using Microsoft SQL Server 2003/2005 by Pf0tzenpfritz · · Score: 1

    According to SANS: http://isc.sans.edu/diary.html?storyid=10642&rss , only sites running MS SQL Server 2003/05 (and PHP, obviously) are targeted.

    --
    Oh, the beautiful gloss of greality!
  19. The Human Comment by tanya2011 · · Score: 0

    I would like to start by saying that many of the people complaining about this are people with little knowledge of the Android development cycle. For starters, the newest version of Android is always released closed source so that Open Handset Alliance partners get premium access. Eventually the versions are all released under the Apache license. The only difference between Honeycomb and previous versions is that Google is slowing down the release a bit. manolo blahnik nfl jerseys

  20. Simpsons by infolation · · Score: 1

    I always thought that if Comic Book Guy was ever given a license to have children, he'd find it amusing to give them an SQL injection attack name like Bobby Tables.

    And to be honest, the mindset behind this new breed of convoluted scam methods to trick customers out of money (such as the one in TFA) often seem to be dreamt up by someone whose grip on reality is based in the world of the Simpsons et al, rather than by dealing with real human beings.

  21. What ever you do don't mention Windows by doperative · · Score: 1

    What ever you do, don't mention Windows, but do mention Apple even though it isn't affected:

    "fast-spreading SQL injection attack .. scareware attack .. malicious file then sells a software .. bogus scareware [ is there any other kind ?] .. Apple iTunes were also infected" ...

  22. Silly Isp's by onepoint · · Score: 1

    First, that's to another poster out there that told me the destination site.

    Solution to those that run firewalls or ISP's

    I happen to use open dns for all the companies and friends I help out needs

    I just logged in and blocked the web site and the IP address.

    saves me future problems and prevents idiot's from causing long term harm.

    thanks everyone.

    --
    if you see me, smile and say hello.
    1. Re:Silly Isp's by Anonymous Coward · · Score: 0

      correction: idiots not idiot's

  23. Block executables at the doorstep by yuna49 · · Score: 1

    Since the problem is keeping people from downloading crap like this and running it, the solution is pretty easy -- block executable files with a web proxy like Squid. It's really trivial to write a few ACL's in Squid that forbid the download of .exe, .bat, .com, .msi, etc. files. Obviously you need to exempt sites like Windows Update from this filter, and you might need to permit a couple of senior admins to download executables as well. Otherwise, there's just no reason in most organizations to let ordinary users download executable files. It's just asking for trouble.

  24. I still think it is funny by Anonymous Coward · · Score: 0

    When these scareware applications start a new window on my machine telling me C:\Windows\System32\something.sys is infected and I should install their product to remove the infection... Seen as there is no valid path on my computer starting with C...

    In other news, targeting my mom with this is unfair as I am the one having to save her from it! She have been taught never to believe any of these ever again, where ever they may seem to come from or what message they tell... Just like door salesmen. Perhaps that is the analogy to tell everyone in the introductory to any browser... Anyone trying to sell you something on the net is a doorsalesman, close the door(window) and go on with your business without further notice, they are always lying and never sell anything of quality anyway, whatever their sales story is.

  25. Hairyfeet's NOT 1 to criticize ("Greatest Hits") by Anonymous Coward · · Score: 0

    See subject-line above, & these "prime examples" below via links to the originals of WHY hairyfeet shouldn't have gone to "ITT Tech" (because he clearly doesn't even understand how HOSTS files benefit you for added security, speed, and even to a degree extra 'anonymity' online):

    ---

    Static vs. Dynamic (lol, "according to hairyfeet"):

    http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060

    ---

    Hairyfeet's single solutions SECURITY FAILURES? See inside:

    http://slashdot.org/comments.pl?sid=2064694&cid=35690260

    ---

    Your sources on "security" vs. mine (actual security people) (AND myself, a source on it):

    http://slashdot.org/comments.pl?sid=2064694&cid=35690328

    ---

    Only thing constantly changing's your "math", 3x ++ or more no less:

    http://it.slashdot.org/comments.pl?sid=2061048&cid=35686444

    and

    http://it.slashdot.org/comments.pl?sid=2061048&cid=35686566

    as well as this:

    http://it.slashdot.org/comments.pl?sid=2061048&cid=35686630

    ---

    Lastly, as to your LIBEL of myself (w/ arstech):

    http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740

    ---

    The defeat of hairyfeet by APK (video analogy - hilarious, BUT, apt):

    http://slashdot.org/comments.pl?sid=2064694&cid=35690536

    ---

    They say it all, & usually vs. hairyfeet's own words quoted! I wouldn't pay him too much heed, especially after you read the above b.s., lies, changing figures, & even LIBEL of others that hairyfeet likes to do. After all - he's from "ITT Tech" (student).

    APK

    P.S.=> Personally though - because hairyfeet is only a "techie"? I suspect he doesn't want people to know about HOSTS files' added LAYERED SECURITY benefits to the end-user: Why? Because if users stop getting so much "malware-in-general" which layered security (and HOSTS) give you added layered protection against, he's out money...apk