Prev: Ignore - personal reflection only.
Next: Threats from cyber criminals underestimated!
From: MEB on 2 Mar 2010 00:17
On 03/01/2010 09:59 PM, Geoff wrote:
> On Mon, 01 Mar 2010 14:14:12 -0500, MEB <MEB-not-here(a)hotmail.com>
> wrote:
>
>>
>> On 03/01/2010 12:29 AM, David Kaye wrote:
>>> Geoff <geoff(a)invalid.invalid> wrote:
>>>
>>>> I don't know of one off-hand but do you really want to trust the
>>>> content of your restricted sites list to another anonymous program?
>>>
>>> That's why I asked for a script. I want to look it over first.
>>>
>>
>> If I may:
>>
>> I'm not sure of what you hope to achieve with such a script, as
>> anything you might find and attempt to place may change at any time.
>> This would appear to not address or ignore the methodology being
>> employed within these types of attacks. Any given entry found and placed
>> may not be viable within a matter of hours at the whim of the
>> controllers, or as pre-defined, or due to a take-over of a legitimate
>> site, or other common deployment methods.
>>
>> Examples/References:
>>
>> http://blog.threatexpert.com/2008/11/srizbis-domain-calculator.html
>>
>> https://st.icann.org/reg-abuse-wg/index.cgi?malware_botnet_control
>>
>> http://blog.threatfire.com/
>>
>> Moreover, it would appear what you desire would require something more
>> in-line with advanced intrusion detection services/applications used *in
>> conjunction with* other methods.
>>
>> http://www.google.com/search?&q=advanced+intrusion+detection+in+Windows&btnG=Search
>
> I agree, they love to obfuscate their addresses and domains and they
> have demonstrated agility at retargeting their links as needed.
>
> This is part of the problem with direct IP addresses as you (David)
> found with your popup. If the IP is globally black-holed they simply
> compromise another host and redirect their traffic to it.
>
> FWIW, IE8 stores the security ranges in the registry:
> HKEY_USERS\S-1-5-21-**********-*********-**********-****\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Ranges
>
> If you want an automated method of preventing access to known bad
> sites then you should consider SpyBot S&D, it's still reactive and you
> have to do updates manually but it can help against known active
> malware sites. Believe it knows how to manipulate these keys.

I would agree as long as there isn't a reliance on *just* these types
of protections, as what this uses are as well known as the
AV/anti-malware's protection schemes/methods, and definitions.

And SpyBot S&D relies upon user input for a large part of its
assignments, which may be dated or changed by the time of update to
include those ranges or IP to be blocked. Not saying its not effective,
just the simple reality involved with its usage.
So per usual, the old layered/multi protections still remains viable
while/when attempting to control the activities along with those found
in the system and browser, and other Web interfaces.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
From: David Kaye on 3 Mar 2010 04:09
Geoff <geoff(a)invalid.invalid> wrote:

>If you want an automated method of preventing access to known bad
>sites then you should consider SpyBot S&D, it's still reactive and you
>have to do updates manually but it can help against known active
>malware sites. Believe it knows how to manipulate these keys.

That wasn't the question. Avast along with an early copy of ZoneAlarm are
quite nice in and of themselves. I was just hoping for something I could give
my customers (like the MVP hosts file) and be done with 90% of the problems.

From: Hot-text on 10 Mar 2010 11:04
First we need to know is!
you on a Windows 9x, or 2000's, Xp, Vista, on the New Windows 7?
your Internet Explorer is 5, 6, 7, or 8

Know one here can help you if you can gave us this Info first!




"james" <nospam(a)nospam.com> wrote in message
news:ut3MlD6tKHA.732(a)TK2MSFTNGP06.phx.gbl...
> I was using IE on a web site "wordtwist.org" playing a game while all of a
> sudden the browser disappeared (closed?), replaced by a dialog saying
> there's some suspicious activity on my PC and I needed a scan, etc. I did
> not touch that dialog.
>
> I disconnected from the internet, then I killed the IE process with task
> manager. Everything seemed ok after that.
>
> My question is where did this pop-up come from? Is it from wordtwist.org?
> It doesn't seem like a malicious site and I have been using it for weeks
> without any problem until today. And if it is from wordtwist.org, how is
> it able to close my browser window?
>
> Is there a way to prevent this type of pop-up?

First  |  Prev  | 
Pages: 1 2 3 4
Prev: Ignore - personal reflection only.
Next: Threats from cyber criminals underestimated!