From: David Kaye on 3 Apr 2010 03:37 My main computer got a drive-by infection of AVE.EXE earlier today. The first thing I heard about it was Windows warning me that the firewall had been turned off. Then I got a "scan" from "XP Defender". The offender is ave.exe. I rolled back the registry and eliminated it, but I'm rather pissed that the latest Avast did not see it at all. Avast has normally been very good about checking out programs (exe, dll, etc) and blocking them if suspicious, but this one sailed right through. It launched as an app and it showed up as ave.exe in the task manager. How'd it get in? Also, if anybody has a clue as to where I could have gotten it. I had visited some rather innocuous websites, didn't click on any downloads, didn't install any updates to anything. Windows did not warn me about any exe downloads, either. I'm stymied.
From: ~BD~ on 3 Apr 2010 06:08 David Kaye wrote: > My main computer got a drive-by infection of AVE.EXE earlier today. The first > thing I heard about it was Windows warning me that the firewall had been > turned off. Then I got a "scan" from "XP Defender". The offender is ave.exe. > I rolled back the registry and eliminated it, but I'm rather pissed that > the latest Avast did not see it at all. Avast has normally been very good > about checking out programs (exe, dll, etc) and blocking them if suspicious, > but this one sailed right through. It launched as an app and it showed up as > ave.exe in the task manager. How'd it get in? > > Also, if anybody has a clue as to where I could have gotten it. I had visited > some rather innocuous websites, didn't click on any downloads, didn't install > any updates to anything. Windows did not warn me about any exe downloads, > either. > > I'm stymied. > Booby-trapped web pages are growing at an alarming rate with unsuspecting firms acting for nurseries for botnet farmers, according to a new study. Security watchers at Sophos are discovering 6,000 new infected webpages every day, the equivalent of one every 14 seconds. Four in five (83 per cent) of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from those of antique dealers to ice cream manufacturers and wedding photographers, have hosted malware on behalf of virus writers, Sophos reports. The study sheds fresh light on the well-understood problem of drive-by-downloads from compromised sites, a tactic that's come to eclipse virus-infected email as a means of spreading malware. Cybercrooks target users by spamvertising emails containing links to poisoned webpages, exposing unsuspecting victims to malware. At least one in ten web pages are booby-trapped with malware, according to a separate study by Google published last May. Often these malware packages are designed to put compromised zombie PCs under the control of hackers. Around half a million computers are infected by bots every day according to data compiled by PandaLabs, the research arm of anti-virus firm Panda Software. Approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent, it said. http://www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/ -- Dave - I tried to tell you this before! ;)
From: FromTheRafters on 3 Apr 2010 09:05 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hp6nn2$cj1$1(a)news.eternal-september.org... > My main computer got a drive-by infection of AVE.EXE earlier today. > The first > thing I heard about it was Windows warning me that the firewall had > been > turned off. Then I got a "scan" from "XP Defender". The offender is > ave.exe. > I rolled back the registry and eliminated it, but I'm rather pissed > that > the latest Avast did not see it at all. Avast has normally been very > good > about checking out programs (exe, dll, etc) and blocking them if > suspicious, > but this one sailed right through. It launched as an app and it > showed up as > ave.exe in the task manager. How'd it get in? > > Also, if anybody has a clue as to where I could have gotten it. I had > visited > some rather innocuous websites, didn't click on any downloads, didn't > install > any updates to anything. Windows did not warn me about any exe > downloads, > either. > > I'm stymied. Were you running as administrator at the time of the "attack"? It is possible, while browsing to a legitimate site, to get redirected to a site that launches several browser exploits aimed at executing a rogue application on your machine. When such a site is able to cause a download, the downloadable file may be changed programatically (server-side) to avoid detection by your antimalware component. Similar to the way a virus can be self-polymorphic - a downloaded program file can take many forms.
From: gufus on 3 Apr 2010 14:18 Hello, The! You wrote on Sat, 3 Apr 2010 07:49:11 -0700: | Avast is an antivirus application not an antimalware application. That | said the latest version is 5 do you have that version, mine detects it. Yep... to be safe, people /need/ both. I use MS Defender @ Avira. Good coverage IMHO -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: gufus on 3 Apr 2010 14:21
Hello, The! You wrote on Sat, 3 Apr 2010 07:49:11 -0700: | Avast is an antivirus application not an antimalware application. That | said the latest version is 5 do you have that version, mine detects it. Yep... to be safe, people /need/ both. I use MS Defender @ Avira. Good coverage IMHO -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca |