Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Auto download adware carries vicious payload
vnunet.com ^ | 03 Mar 2005 | Robert Jaques

Posted on 03/03/2005 1:39:36 PM PST by holymoly

Security experts issued a warning this morning after detecting infections caused by Searchmeup, the first adware to use the Exploit/LoadImage vulnerability which downloads itself onto computers without the user's permission.

Panda Software's PandaLabs warned that the pages from which Searchmeup are downloaded also contain a series of exploits to download other malware onto the computer, such as the Tofger.AT Trojan, which steals banking passwords, Dialer.BB and Dialer.NO, and adware called Adware/TopConvert.

Searchmeup is downloaded onto the computer when the user visits maliciously coded web pages. Once installed it changes the home page to that of a search engine that displays pop-ups every time it loads with the aim of installing spyware and diallers on infected computers.

Searchmeup affects computers running Windows 2003, XP, 2000, NT, Me and 98, and allows arbitrary code to be run.

It could be exploited by an attacker hosting a specially crafted cursor or icon on a malicious web page or HTML email. Microsoft has released a patch to correct this problem, and users are advised to install it immediately.

The web pages from which Searchmeup is downloaded also drop Tofger.AT onto computers, a Trojan which runs every time Internet Explorer is opened.

Tofger.AT keeps track of the user's internet activity, logging passwords for secure 'https' connections which are often used for connections with online banks. Once it has collected this information, Tofger.AT sends it to a remote server.

Searchmeup can also generate an error in the 'services.exe' file, informing users that the computer will be restarted in one minute.

After the restart, the computer operates perfectly. On some occasions Searchmeup can also display blue screen errors, and Tofger.AT can actually update itself to a new version.

"The Exploit/LoadImage vulnerability can be used on web pages or HTML email by crafting a special icon or image file that causes a buffer overflow that in turn can be used to take control of the user's computer," said Patrick Hinojosa, chief technology officer at Panda Software US.

"This can be very serious as the user does not have to do anything unusual like opening a suspicious attachment. This is what is sometimes referred to as a 'drive by' attack."

Luis Corrons, director of PandaLabs, added: "The appearance of Searchmeup is a sign of the continuous evolution of malware, and of spyware and adware in particular.

"The first stage was that adware reached computers as a component of a freeware application, then web pages appeared that installed adware on users' computers using ActiveX.

"Now they have gone a step further, as Searchmeup exploits a vulnerability that even virus creators had not used until now."


TOPICS: News/Current Events
KEYWORDS: adware; autoinstall; browser; dialer; driveby; hijack; malware; spyware; trojan
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-115 next last
To: TomGuy
Anyone caught intentionally pushing malware on PCs should be shot, I mean it. Them and whatever idiot invented blister packs for medications.

And that clear plastic packaging that is so impossible to get into.

41 posted on 03/03/2005 2:24:04 PM PST by HairOfTheDog (It is no bad thing to celebrate a simple life!)
[ Post Reply | Private Reply | To 40 | View Replies]

To: Republicanus_Tyrannus

BS.

42 posted on 03/03/2005 2:25:03 PM PST by Nick Danger (The only way out is through)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Moose4

Note that IE doesn't need to be running to be vulnerable; that's just one of the many benefits derived from tight OS/browser integration.


43 posted on 03/03/2005 2:27:48 PM PST by larryw408
[ Post Reply | Private Reply | To 32 | View Replies]

To: RedBloodedAmerican
Is this scanner for trojans worms and bugs good ?
44 posted on 03/03/2005 2:37:57 PM PST by Prophet in the wilderness (PSALM 53 : 1 The ( FOOL ) hath said in his heart , There is no GOD .)
[ Post Reply | Private Reply | To 28 | View Replies]

To: dfwgator
"Anyone caught intentionally pushing malware on PCs should be shot...

Maybe using a variation of Internet goat hunting, but with a robotic boxer we can take turns controlling? After sentencing, of course.

45 posted on 03/03/2005 2:38:33 PM PST by polymuser
[ Post Reply | Private Reply | To 4 | View Replies]

To: holymoly
Really appreciate the link. I'll check it out. But is seems like a bit of trouble to go through just so I can check out Drudge's site.

Are they any other advantages to firefox? I've found the best protection is simply to surf safe. Perhaps impossible completely but it amazes me how many people will let their computer sleep with any other computer that asks.

Abstinence!
46 posted on 03/03/2005 2:42:00 PM PST by BJungNan (Junk mail is killing email. Don't buy from spam emails!!!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: holymoly

bttt


47 posted on 03/03/2005 2:46:35 PM PST by aberaussie
[ Post Reply | Private Reply | To 12 | View Replies]

To: BJungNan

Mozilla and Firefox have two features which I value.

The first is cookie management, which allows you to prohibit the sites you choose from placing cookies on your system.

The second, of course, is tabbed browsing, where you may have any number of sites open within the browser.

There are probably others I'm forgetting.



48 posted on 03/03/2005 2:54:02 PM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 46 | View Replies]

To: holymoly

I have nearly 300 cookies, is that bad?


49 posted on 03/03/2005 3:03:42 PM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 48 | View Replies]

To: Nick Danger

Whatever. Fact is that Firefox Downloaded 4, not 1, not 2, not 3, but FOUR trojans.

Fact is that with Norton, the same sites failed to penetrate IE. But I see this kind of blind fanboyism all the time online by hyped pseudo 'experts'. Excuse me whilst I roll my eyes at you.

There.

Your opinion doesn't change my log files, nor the fact that Firefox was wide open. I call BS on your assertion - because where I'm from facts speak louder than fanboyism.
If you aren't able to secure IE then I suggest that you don't have the backing of your so ineloquent and sophomoric barb.


50 posted on 03/03/2005 3:04:58 PM PST by Republicanus_Tyrannus
[ Post Reply | Private Reply | To 42 | View Replies]

To: holymoly

When I scanned at Panda I got a virus alert from AntiVir and the scan did not complete.

So I deleted the virus, dumped the cache and aborted the Panda scan.

Has this ever happened to anyone?


51 posted on 03/03/2005 3:04:58 PM PST by WestCoastGal (Damn, J.R., I told you to go get me the four biggest writers in racing, not the 4 fattest asses" "E")
[ Post Reply | Private Reply | To 12 | View Replies]

To: WestCoastGal
dumped the cache

Excuse my ignorance but what is cache?

52 posted on 03/03/2005 3:08:20 PM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 51 | View Replies]

To: pbrown
I have nearly 300 cookies, is that bad?

That sounds like an awful lot.

Some cookies are helpful. Freerepublic will place a cookie so you don't have to login everytime you visit.

Some are benign. A site may be counting the number of visitors, and may place a cookie on your system so they don't count you as multiple visitors (particularly if you refresh the page, or return within the hour).

Others can be less nice, tracking your surfing habits, etc.

Some sites won't work if they can't place cookies (as I recall, Best Buys' site won't).

It doesn't hurt to delete the cookies once in a while. (Though you may have to login on your next visit to FR.)
53 posted on 03/03/2005 3:15:53 PM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 49 | View Replies]

To: Prophet in the wilderness

If I may horn in for a moment, two well-recommended free antiviruses, which install on your drive, are:

AVG 7.0 free edition
http://free.grisoft.com/freeweb.php/doc/2/

Free avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home2.html

In addition, it doesn't hurt to run an onlinescan, which sometimes catches things- this one:

HouseCall
http://housecall-beta.trendmicro.com/en/start_corp.asp

has been upgraded to scan for viruses, trojans, spyware, and security holes.


54 posted on 03/03/2005 3:16:01 PM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 44 | View Replies]

To: dfwgator
Anyone caught intentionally pushing malware on PCs should be shot, I mean it.

In Nazi Germany, this was the case.

Of course, the Nazi's all used Macs.

55 posted on 03/03/2005 3:18:18 PM PST by Lazamataz (Proudly Posting Without Reading the Article Since 1999!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: pbrown
Excuse my ignorance but what is cache?

What is a browser cache?

"Your browser saves a copy of every page you visit. Every word, every image. Why? Because it is always faster to load a file from your hard drive than it is to download it from the Internet, and rather than load pages over again when you hit the Back button or revisit a page, your computer checks to see if it already has a current copy of that page. If it does, it uses that instead of wasting time downloading it again."
56 posted on 03/03/2005 3:21:55 PM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 52 | View Replies]

To: holymoly

I love WinPatrol for many things, but the ability to see and discard the cookies you don't want is the greatest.

Thanks holymoly for Scotty the WinPatrol dog!!


57 posted on 03/03/2005 3:25:16 PM PST by WestCoastGal (Damn, J.R., I told you to go get me the four biggest writers in racing, not the 4 fattest asses" "E")
[ Post Reply | Private Reply | To 53 | View Replies]

To: holymoly
Thanks. I looked at them a couple of months ago. I couldn't tell one from the other so I left them alone. These two fingers can cause a lot of havoc. One wrong button, and I might end up spitting these keys outta my mouth, and plucking them outta my eyes.

Others can be less nice, tracking your surfing habits, etc.

They must think I am the most boring person on the planet. :-)

58 posted on 03/03/2005 3:29:33 PM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 53 | View Replies]

To: holymoly

Cautionary notice: I just did an auto-update from Trend Micro.


New Virus Pattern Release

Pattern Version: 2.466.00
Release Type: New Malware Threat
Notes: WORM_AGOBOT.AMH, WORM_AGOBOT.AMI, WORM_AGOBOT.AMK


March 03, 2005, 06:04:24 (GMT -08:00)



New Viruses Detected:


There are [724] new viruses detected by the pattern file.







59 posted on 03/03/2005 3:29:49 PM PST by TomGuy (America: Best friend or worst enemy. Choose wisely.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Republicanus_Tyrannus

Nice speech.


60 posted on 03/03/2005 3:32:41 PM PST by Nick Danger (The only way out is through)
[ Post Reply | Private Reply | To 50 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-115 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson