From: David Kaye on
My main computer got a drive-by infection of AVE.EXE earlier today. The first
thing I heard about it was Windows warning me that the firewall had been
turned off. Then I got a "scan" from "XP Defender". The offender is ave.exe.
I rolled back the registry and eliminated it, but I'm rather pissed that
the latest Avast did not see it at all. Avast has normally been very good
about checking out programs (exe, dll, etc) and blocking them if suspicious,
but this one sailed right through. It launched as an app and it showed up as
ave.exe in the task manager. How'd it get in?

Also, if anybody has a clue as to where I could have gotten it. I had visited
some rather innocuous websites, didn't click on any downloads, didn't install
any updates to anything. Windows did not warn me about any exe downloads,
either.

I'm stymied.

From: ~BD~ on
David Kaye wrote:
> My main computer got a drive-by infection of AVE.EXE earlier today. The first
> thing I heard about it was Windows warning me that the firewall had been
> turned off. Then I got a "scan" from "XP Defender". The offender is ave.exe.
> I rolled back the registry and eliminated it, but I'm rather pissed that
> the latest Avast did not see it at all. Avast has normally been very good
> about checking out programs (exe, dll, etc) and blocking them if suspicious,
> but this one sailed right through. It launched as an app and it showed up as
> ave.exe in the task manager. How'd it get in?
>
> Also, if anybody has a clue as to where I could have gotten it. I had visited
> some rather innocuous websites, didn't click on any downloads, didn't install
> any updates to anything. Windows did not warn me about any exe downloads,
> either.
>
> I'm stymied.
>

Booby-trapped web pages are growing at an alarming rate with
unsuspecting firms acting for nurseries for botnet farmers, according to
a new study.

Security watchers at Sophos are discovering 6,000 new infected webpages
every day, the equivalent of one every 14 seconds. Four in five (83 per
cent) of these webpages actually belong to innocent companies and
individuals, unaware that their sites have been hacked. Websites of all
types, from those of antique dealers to ice cream manufacturers and
wedding photographers, have hosted malware on behalf of virus writers,
Sophos reports.


The study sheds fresh light on the well-understood problem of
drive-by-downloads from compromised sites, a tactic that's come to
eclipse virus-infected email as a means of spreading malware.
Cybercrooks target users by spamvertising emails containing links to
poisoned webpages, exposing unsuspecting victims to malware. At least
one in ten web pages are booby-trapped with malware, according to a
separate study by Google published last May.

Often these malware packages are designed to put compromised zombie PCs
under the control of hackers.

Around half a million computers are infected by bots every day according
to data compiled by PandaLabs, the research arm of anti-virus firm Panda
Software. Approximately 11 percent of computers worldwide have become a
part of criminal botnets, which are responsible for 85 percent of all
spam sent, it said.

http://www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

--
Dave - I tried to tell you this before! ;)
From: FromTheRafters on
"David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message
news:hp6nn2$cj1$1(a)news.eternal-september.org...
> My main computer got a drive-by infection of AVE.EXE earlier today.
> The first
> thing I heard about it was Windows warning me that the firewall had
> been
> turned off. Then I got a "scan" from "XP Defender". The offender is
> ave.exe.
> I rolled back the registry and eliminated it, but I'm rather pissed
> that
> the latest Avast did not see it at all. Avast has normally been very
> good
> about checking out programs (exe, dll, etc) and blocking them if
> suspicious,
> but this one sailed right through. It launched as an app and it
> showed up as
> ave.exe in the task manager. How'd it get in?
>
> Also, if anybody has a clue as to where I could have gotten it. I had
> visited
> some rather innocuous websites, didn't click on any downloads, didn't
> install
> any updates to anything. Windows did not warn me about any exe
> downloads,
> either.
>
> I'm stymied.

Were you running as administrator at the time of the "attack"?

It is possible, while browsing to a legitimate site, to get redirected
to a site that launches several browser exploits aimed at executing a
rogue application on your machine. When such a site is able to cause a
download, the downloadable file may be changed programatically
(server-side) to avoid detection by your antimalware component. Similar
to the way a virus can be self-polymorphic - a downloaded program file
can take many forms.


From: gufus on
Hello, The!

You wrote on Sat, 3 Apr 2010 07:49:11 -0700:

| Avast is an antivirus application not an antimalware application. That
| said the latest version is 5 do you have that version, mine detects it.

Yep... to be safe, people /need/ both. I use MS Defender @ Avira.

Good coverage IMHO
--
With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca


From: gufus on
Hello, The!

You wrote on Sat, 3 Apr 2010 07:49:11 -0700:

| Avast is an antivirus application not an antimalware application. That
| said the latest version is 5 do you have that version, mine detects it.

Yep... to be safe, people /need/ both. I use MS Defender @ Avira.

Good coverage IMHO
--
With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca