[NCSA-discuss] windows cleanup following gratuitous download
Jeff The Riffer
riffer at vaxer.net
Tue Oct 10 15:08:05 EDT 2006
On Mon, October 9, 2006 10:28 pm, Joseph Mack NA3T wrote:
> Tonite my son went to a new game site (flashportalgames.com)
> looking for new games, where he found that unbidden a bunch
> of downloads occured and he had a new twirling animated
> cursor, presumably the logo of the game site. While he did
> click on something, he didn't give any informed consent on
> what was about to happen.
Well I checked the website and the main site itself doesn't appear to have any
payloads. But that's just a generic search portal. It's not vetted, edited or
professionally maintained. It's basically a parked domain that someone hopes
to sell one day and in the meantime is trying to get some sponsorship revenue
from.
> o how did a download and install of this cursor occur
> without him asking for/permitting it?
An Internet Explorer bug was exploited, most likely. There are a number of
"zero-day" exploits for IE floating around that can allow a website to
initialize arbitrary code execution without any user interaction. Some of them
are patched so you need to make sure all the latest updates are installed. But
there are also some that have NO patches available yet.
Basically, surfing with IE is very dangerous. Going to specific, known sites
is better. Portals should be avoided.
> o is the executable that did the install still somewhere?
Quite possibly.
> o is there some executable that was downloaded along with
> the cursor lurking around?
Very likely
> o what else don't I know about what happened tonight?
You may have a trojan on that system, making it part of a Botnet. Along with
the spyway software recommended, I strongly recommend downloading McAfee's
STinger, which is free. If you don't have antivirus installed and active, go
buy a copy of Kapersky Lab's antivirus product.
####################==============---- ----==============####################
# riffer at vaxer.net - Jeff The Riffer - Drifter... - Homo Postmortemus #
# Disclaimer: I am not a number, I am a free man, and my thoughts are my own. #
# GCS$ d-- H++ s:++ !g p+ au0 a31 w+ v?(*) C++ UA P? L 3 E---- N++ K- W-- M+ V#
# po--- Y+ t+ 5+ !j R G' tv b+ D++ B--- e+ u--- h--- f+ r+++ n- y+++* #
More information about the ncsa-discussion
mailing list