Advice: How to protect against malicious code on websites?

Malware detection, cleaning and prevention
Post Reply
teaguechod
Posts: 69
Joined: Fri Apr 18, 2008 11:36 am
Location: Newcastle

Advice: How to protect against malicious code on websites?

Post by teaguechod » Sat Aug 15, 2009 4:43 pm

Hi everyone!

I am just looking for some advice... I recently got a massive virus infection on my computer (resulting in a complete wipe, its all fixed now) from simply going to a website. I opened a few tabs of websites to search for freeware audio recorders, none of them particularly dodgy looking, but instantly it infected a few core windows files. Avast picked it up, and so did Malwarebytes Anti-Malware program, but even though they 'cleaned' it all it still turned my comp into a plague-ridden brick.

I always scan files I download. I never go to any websites, or download anything, that looks dangerous. I have Avast realtime scanning, but no firewall (my Billion modem has an inbuilt firewall. I find Windows Firewall to be a total attention seeking douchebag of a program, and other firewalls have caused many issues). In any case, I was told a firewall wouldn't have stopped the malicious code from executing.

So, my question is: is there any way to protect against malicious code on websites? I'm using Firefox, if that makes any difference.

User avatar
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Advice: How to protect against malicious code on websites?

Post by Dazzled » Sat Aug 15, 2009 5:21 pm

Try Opera, which would be the most secure browser under Windows, and immensely configurable and scriptable. It is compatible with FF plugins. As long as Windows is underneath, you are exposed. A Mac, or one of the new Linux distros on your PC, are both safe against this sort of trouble and run without any anti-malware suite onboard. You can amuse yourself surfing warez sites in Opera/Linux.

The browser is at http://www.opera.com/. There are lots of useful users' customisations at http://operawiki.info/Opera

{an illustrative aside - there have been requests here for an Opera usage meter like the FF one. It can be done in a free standing Opera widget, but not in the browser proper, because Opera will not permit javascript to load code from a different server (Exetel's) from the page source (the meter code). "Security Violation" is what it tells you. Something similar to this may have happened to you]

User avatar
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Advice: How to protect against malicious code on websites?

Post by Dazzled » Sat Aug 15, 2009 5:50 pm

For a recorder, try this reputable site http://audacity.sourceforge.net/

For all-round media goodness, try VLC http://www.videolan.org/vlc/

teaguechod
Posts: 69
Joined: Fri Apr 18, 2008 11:36 am
Location: Newcastle

Re: Advice: How to protect against malicious code on websites?

Post by teaguechod » Sat Aug 15, 2009 6:59 pm

Hey, thanks for the advice re: VLC and Audacity, I actually have both of those and love them!

But they can't (as far as I have figured out) record streaming audio (such as played from websites). That's what I was trying to find, and did indeed find a small application that does the trick. In any case, I'm just suprised that malicious code can access a computer so easily!

Also thanks regarding the Linux/Opera comment, it is food for thought, but I still hope to stick with WinXP for a while longer (Im a sucker for punishment apparently). :?

User avatar
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Advice: How to protect against malicious code on websites?

Post by Dazzled » Sat Aug 15, 2009 7:37 pm

Have you tried this way to capture sound? http://audacity.sourceforge.net/help/fa ... =streaming
VLC can capture a stream also.
The VLC plugin may be of interest http://www.videolan.org/doc/vlc-user-guide/en/ch07.html

PS VLC can capture the changing screen too - use file->wizard and from an existing playlist choose screen://

teaguechod
Posts: 69
Joined: Fri Apr 18, 2008 11:36 am
Location: Newcastle

Re: Advice: How to protect against malicious code on websites?

Post by teaguechod » Sun Aug 16, 2009 8:00 am

Ah thanks. I think I must have a quite old version of Audacity, because I can't do that in mine. Time to update I guess!

In any case... does everyone agree there's no way to protect against malicious code, except to change browsers or OS's?

User avatar
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Advice: How to protect against malicious code on websites?

Post by Dazzled » Sun Aug 16, 2009 10:36 am

Teaguechod, with Windows you need to keep alert - you are every blackhat's target because there are so many unaware users, and also because the design is unsound from the bottom up. Many drive-by exploits involve javascript operating within your browser, or unannounced website redirects to collect something, so your browser should be able to limit or configure what happens here. You can also get code planted in images and the like. Of the Windows browsers, Opera is most capable in these respects. It has a bonus, it doesn't run ActiveX or VB, both security nightmares.

User avatar
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Advice: How to protect against malicious code on websites?

Post by CoreyPlover » Sun Aug 16, 2009 12:11 pm

teaguechod wrote:I recently got a massive virus infection on my computer (resulting in a complete wipe, its all fixed now) from simply going to a website. I opened a few tabs of websites to search for freeware audio recorders, none of them particularly dodgy looking, but instantly it infected a few core windows files.
I have only known of one instance where navigation to infected web sites can cause infection and that was under Internet Explorer 6 several years ago. I have not heard of this behaviour occurring under Firefox (or Opera).
teaguechod wrote:In any case, I was told a firewall wouldn't have stopped the malicious code from executing.
Correct
teaguechod wrote:So, my question is: is there any way to protect against malicious code on websites? I'm using Firefox, if that makes any difference.
Firefox should protect you just as well as Opera. Can you recall the name of the virus(es) that AVG detected?

teaguechod
Posts: 69
Joined: Fri Apr 18, 2008 11:36 am
Location: Newcastle

Re: Advice: How to protect against malicious code on websites?

Post by teaguechod » Mon Aug 17, 2009 10:21 am

I am interested to hear that malicious code off websites is not well-known...? I was using the second-to-latest version of Firefox (have upgraded now, with the reformat and all).

It was Win32:RustNT doing most of the merciless attacking on my system files, although it apparently downloaded a few of its friends automatically somehow. (I thought my comp was clean, after 3 scans, restarts, and registry and startup cleaning, but the instant I plugged my internet back in it reappeared with TWICE as many infected files and more viruses).

It is true that I simply opened a website and was infected - within a second, Windows File Protection popped up in my system tray, saying that my Windows files had been changed and that if I put in my WinXP cd it could restore them. This is apparently a real Windows service, however, the pop-up notice had a spelling error in it so I was extremely wary that it could be the virus mimicking it instead. It disappeared before I could decide what to do in any case.

I don't know what website it was - as I said, I opened about 6 different 'options' at once and it must have been one of them. I'm certainly not going to go back and look again!

User avatar
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Advice: How to protect against malicious code on websites?

Post by CoreyPlover » Mon Aug 17, 2009 10:52 am

Win32:RustNT is a variant of the Rustock rootkit (a rather nasty spamming bot that eluded antivirus manufacturers for a year or so). I still can't find information online about this (or any other virus) exploiting regular browsing behaviour though. There was an earlier report of Firefox 3.5 and 3.5.1 being susceptible to arbitrary browser exploits but this was countered by Mozilla saying that such an exploit would crash the browser and not lead to infection.

This whole issue has sparked my curiosity and I too am keen to find more information (about the virus, and the means of infection). What was the spelling error you noticed: The usual Windows File Protection dialog says:
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your product CD-ROM now.

User avatar
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Advice: How to protect against malicious code on websites?

Post by Dazzled » Mon Aug 17, 2009 11:09 am

Teaguechod, do you have the NoScript extension for Firefox?

teaguechod
Posts: 69
Joined: Fri Apr 18, 2008 11:36 am
Location: Newcastle

Re: Advice: How to protect against malicious code on websites?

Post by teaguechod » Wed Sep 02, 2009 7:50 am

No, but I will certainly look that up...

dbr
Posts: 493
Joined: Fri Feb 08, 2008 2:33 pm
Location: Sale VIC

Re: Advice: How to protect against malicious code on websites?

Post by dbr » Wed Sep 02, 2009 6:53 pm

I too use http://noscript.net/ It is amazing to see just how many scripts that run without your knowledge on nearly all pages!
http://www.saferoz.com.au
First Aid * Fire * Safety

Post Reply