Viewing post #651513 by wayne

You are viewing a single post made by wayne in the thread called Totally annoying ad....
Image
Jul 3, 2014 3:55 PM CST
Name: wayne
memphis (Zone 7b)
Keeper of Poultry Region: Tennessee
Bonehead said:It followed me to another site, and I'm thinking it might be some icky thing rather than an ad - didn't seem to be promoting anything. I ran my anti-malware/virus program so perhaps that got rid of it. But if it does show up again, I'll try to get the URL. Thanks.


short version:

That sounds like a browser hijack. You may want to ensure your system is running the latest versions of adobe shockwave as well as java. It sounds like you are pretty fastidious with your system security, so you should just continue to keep an eye open and things should be fine. While it is possible for any website to be compromised, but I think you're right to assume the problem came from elsewhere. I say that because this particular website seems to be curated at a level that 99.9% of the websites in the world are not.

longer, slightly more nerdy version:

There are a couple of newer threats floating around the internet right now which are particularly nasty if successful. I work in cybersecurity and I spend all day investigating threats on a large network. The behavior you just described sounds quite similar to something we have been seeing recently.

The attack usually happens in three phases - the user performs an innocent google search and lands on a page that has been infected with a line of malicious code. This code causes your web browser to download the second phase of the attack. This phase actually reviews the software installed on your system and identifies any vulnerable software on your system. The common targets are Flash, Shockwave, Acrobat Reader, Java, as well as Internet Explorer, Firefox and Chrome. Anyway the third phase involves the delivery of the actual malicious code. At that point, the attacker attempts to harvest login information from your browser before disappearing into the night. The amazing thing to me about all this is that even after your computer gets to that third level and is actually infected...the actual theft of data is quite rare due to environmental circumstances (the jerk who wrote the evil code misspelled something, you have a good firewall on your network, you are really bad at networking and route things incorrectly). There are several resources online that track infection rates, but typically it's in that 7-12% range.

As for why I feel confident the problem didn't originate here (not that that was implied...again this is my thing so I jumped in with both feet) is because the compromised websites I see every day are cookie-cutter, out of the box jobs with almost no modifications...this site would take a lot of attention in order to crack.

Well, my first post to ATP I mispelled "lily" in the thread subject. My second post is now a rambling screed against unskilled virus writers. No where to go but up from here Smiling
Last edited by wayne Jul 3, 2014 5:26 PM Icon for preview

« Return to the thread "Totally annoying ad..."
« Return to Site Talk forum
« Return to the Garden.org homepage

Member Login:

( No account? Join now! )