Page 1 of 1

Advice: How to protect against malicious code on websites?

Posted: Sat Aug 15, 2009 4:43 pm
by teaguechod
Hi everyone!

I am just looking for some advice... I recently got a massive virus infection on my computer (resulting in a complete wipe, its all fixed now) from simply going to a website. I opened a few tabs of websites to search for freeware audio recorders, none of them particularly dodgy looking, but instantly it infected a few core windows files. Avast picked it up, and so did Malwarebytes Anti-Malware program, but even though they 'cleaned' it all it still turned my comp into a plague-ridden brick.

I always scan files I download. I never go to any websites, or download anything, that looks dangerous. I have Avast realtime scanning, but no firewall (my Billion modem has an inbuilt firewall. I find Windows Firewall to be a total attention seeking douchebag of a program, and other firewalls have caused many issues). In any case, I was told a firewall wouldn't have stopped the malicious code from executing.

So, my question is: is there any way to protect against malicious code on websites? I'm using Firefox, if that makes any difference.

Re: Advice: How to protect against malicious code on websites?

Posted: Sat Aug 15, 2009 5:21 pm
by Dazzled
Try Opera, which would be the most secure browser under Windows, and immensely configurable and scriptable. It is compatible with FF plugins. As long as Windows is underneath, you are exposed. A Mac, or one of the new Linux distros on your PC, are both safe against this sort of trouble and run without any anti-malware suite onboard. You can amuse yourself surfing warez sites in Opera/Linux.

The browser is at http://www.opera.com/. There are lots of useful users' customisations at http://operawiki.info/Opera

{an illustrative aside - there have been requests here for an Opera usage meter like the FF one. It can be done in a free standing Opera widget, but not in the browser proper, because Opera will not permit javascript to load code from a different server (Exetel's) from the page source (the meter code). "Security Violation" is what it tells you. Something similar to this may have happened to you]

Re: Advice: How to protect against malicious code on websites?

Posted: Sat Aug 15, 2009 5:50 pm
by Dazzled
For a recorder, try this reputable site http://audacity.sourceforge.net/

For all-round media goodness, try VLC http://www.videolan.org/vlc/

Re: Advice: How to protect against malicious code on websites?

Posted: Sat Aug 15, 2009 6:59 pm
by teaguechod
Hey, thanks for the advice re: VLC and Audacity, I actually have both of those and love them!

But they can't (as far as I have figured out) record streaming audio (such as played from websites). That's what I was trying to find, and did indeed find a small application that does the trick. In any case, I'm just suprised that malicious code can access a computer so easily!

Also thanks regarding the Linux/Opera comment, it is food for thought, but I still hope to stick with WinXP for a while longer (Im a sucker for punishment apparently). :?

Re: Advice: How to protect against malicious code on websites?

Posted: Sat Aug 15, 2009 7:37 pm
by Dazzled
Have you tried this way to capture sound? http://audacity.sourceforge.net/help/fa ... =streaming
VLC can capture a stream also.
The VLC plugin may be of interest http://www.videolan.org/doc/vlc-user-guide/en/ch07.html

PS VLC can capture the changing screen too - use file->wizard and from an existing playlist choose screen://

Re: Advice: How to protect against malicious code on websites?

Posted: Sun Aug 16, 2009 8:00 am
by teaguechod
Ah thanks. I think I must have a quite old version of Audacity, because I can't do that in mine. Time to update I guess!

In any case... does everyone agree there's no way to protect against malicious code, except to change browsers or OS's?

Re: Advice: How to protect against malicious code on websites?

Posted: Sun Aug 16, 2009 10:36 am
by Dazzled
Teaguechod, with Windows you need to keep alert - you are every blackhat's target because there are so many unaware users, and also because the design is unsound from the bottom up. Many drive-by exploits involve javascript operating within your browser, or unannounced website redirects to collect something, so your browser should be able to limit or configure what happens here. You can also get code planted in images and the like. Of the Windows browsers, Opera is most capable in these respects. It has a bonus, it doesn't run ActiveX or VB, both security nightmares.

Re: Advice: How to protect against malicious code on websites?

Posted: Sun Aug 16, 2009 12:11 pm
by CoreyPlover
teaguechod wrote:I recently got a massive virus infection on my computer (resulting in a complete wipe, its all fixed now) from simply going to a website. I opened a few tabs of websites to search for freeware audio recorders, none of them particularly dodgy looking, but instantly it infected a few core windows files.
I have only known of one instance where navigation to infected web sites can cause infection and that was under Internet Explorer 6 several years ago. I have not heard of this behaviour occurring under Firefox (or Opera).
teaguechod wrote:In any case, I was told a firewall wouldn't have stopped the malicious code from executing.
Correct
teaguechod wrote:So, my question is: is there any way to protect against malicious code on websites? I'm using Firefox, if that makes any difference.
Firefox should protect you just as well as Opera. Can you recall the name of the virus(es) that AVG detected?

Re: Advice: How to protect against malicious code on websites?

Posted: Mon Aug 17, 2009 10:21 am
by teaguechod
I am interested to hear that malicious code off websites is not well-known...? I was using the second-to-latest version of Firefox (have upgraded now, with the reformat and all).

It was Win32:RustNT doing most of the merciless attacking on my system files, although it apparently downloaded a few of its friends automatically somehow. (I thought my comp was clean, after 3 scans, restarts, and registry and startup cleaning, but the instant I plugged my internet back in it reappeared with TWICE as many infected files and more viruses).

It is true that I simply opened a website and was infected - within a second, Windows File Protection popped up in my system tray, saying that my Windows files had been changed and that if I put in my WinXP cd it could restore them. This is apparently a real Windows service, however, the pop-up notice had a spelling error in it so I was extremely wary that it could be the virus mimicking it instead. It disappeared before I could decide what to do in any case.

I don't know what website it was - as I said, I opened about 6 different 'options' at once and it must have been one of them. I'm certainly not going to go back and look again!

Re: Advice: How to protect against malicious code on websites?

Posted: Mon Aug 17, 2009 10:52 am
by CoreyPlover
Win32:RustNT is a variant of the Rustock rootkit (a rather nasty spamming bot that eluded antivirus manufacturers for a year or so). I still can't find information online about this (or any other virus) exploiting regular browsing behaviour though. There was an earlier report of Firefox 3.5 and 3.5.1 being susceptible to arbitrary browser exploits but this was countered by Mozilla saying that such an exploit would crash the browser and not lead to infection.

This whole issue has sparked my curiosity and I too am keen to find more information (about the virus, and the means of infection). What was the spelling error you noticed: The usual Windows File Protection dialog says:
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your product CD-ROM now.

Re: Advice: How to protect against malicious code on websites?

Posted: Mon Aug 17, 2009 11:09 am
by Dazzled
Teaguechod, do you have the NoScript extension for Firefox?

Re: Advice: How to protect against malicious code on websites?

Posted: Wed Sep 02, 2009 7:50 am
by teaguechod
No, but I will certainly look that up...

Re: Advice: How to protect against malicious code on websites?

Posted: Wed Sep 02, 2009 6:53 pm
by dbr
I too use http://noscript.net/ It is amazing to see just how many scripts that run without your knowledge on nearly all pages!