12. June 2011 by admin.

Starting on September 1st, 2011, GFI is going to drop their free ClearCloud DNS service, which saves countless people from surfing to web sites known to be infected or otherwise listed as a bad destination.  To me, this is an incredibly bad, self serving decision considering the number of infected web sites increases daily and has been estimated to number no less than 100,000 on any given day. 

To me, this lack of concern for public safety shows that GFI’s policy is, as always ”me first!”.  In true GFI fashion,  they somehow try to  rationalize their decision by saying mostcustomers do not want to receive this very valuable free service, but instead would prefer to purchase GFI’s (originally SunBelt Software’s) Vipre Premium product for their web filtering.

Well, it’s their product and we just need a “work-around”, so here are my suggestions:

1) Web of Trust (WOT) provides about the same function but in a different way. Go to http://www.mywot.com and download their plug-in(s) or your web browser(s).

2) Change your DNS server settings to OpenDNS:   208.67.220.220 and 208.67.222.222

These two changes will give you the same protection without relying on the commercial sector.

Below is the message that is displayed when you enter a non-existent website or an infected website while using ClearCloud DNS:

“Effective September 1, 2011, GFI’s ClearCloud DNS service will be discontinued and no longer available for consumer use. While we have many loyal ClearCloud DNS users, we have found that most customers prefer the more robust web filtering solution available as a feature in our VIPRE Premiumproduct. We would like to thank all of the beta testers for their valuable feedback throughout this last 12 month evaluation period. To discontinue using the ClearCloud DNS service, you will need to reconfigure your network connection. If this is not done prior to September 1, 2011, your Internet connectivity will be interrupted. Learn how to remove ClearCloud DNS from your computer by clicking here.”

Posted in Drive-by Infection, security, DNS, Malvertising, Beta Versions, Trojan, Virus, Worm, Malware | Print | No Comments »

18. April 2010 by admin.

A serious vulnerability exists in Java and Sun has known about this vulnerability since around April 9th. This exploit can occur because the Java Browser Plugin  is running “javaws.exe” without validating command-line parameters.  Last week, when confronted about the problem, Oracle said they did not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

A U.S.-based Web site, Songlyrices.com was compromised by attackers, and was redirecting visitors to a Russian server feeding the Java attack as well as other exploits.

Now that users have started reporting that they are being infected by the drive-by Java attacks, Oracle has changed its mind and issued a patch.  If you haven’t already patched this vulnerability you can download Java software at http://www.java.com/en/download/index.jsp

Posted in security, Drive-by Infection, Patches, Malware, Computers | Print | No Comments »

24. March 2010 by admin.

Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.

Malware has previously been found in ads running on normally trustworthy sites like The New York Times, the Drudge Report.com, TechCrunch and WhitePages.com. The practice has been dubbed “malvertising.”

Researchers at Avast say some large ad delivery systems including Yahoo’s Yield Manager and Fox Audience Network’s Fimserve.com (together they cover more than 50 percent of online ads), and to a much smaller degree Google’s DoubleClick, are delivering much of the Malvertising. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.

“It’s not just the small players but the ad servers connected with Google and Yahoo have been infected and served up bad ads,” said Lyle Frink, public relations manager for Avast.

The most compromised ad delivery systems were Yield Manager and Fimserve, but a number of smaller ad systems, including Myspace, were also found to be delivering malware on a lesser scale, Avast Virus Labs said.

In these cases, JavaScript code that Avast dubbed “JS:Prontexi,” was found in ads delivered from those networks. Avast researcher Jiri Sejtko said this is a Trojan in script form that targets the Windows operating system.

It trys to find vulnerabilities in Adobe Reader and Acrobat, Java, QuickTime, and Flash and launches fake antivirus warnings when it does find them, Sejtko said. “The Google portion of JS:Prontexi is quite small and has gotten visibly even smaller as Google has taken steps to improve the situation,” Sejtko said. “That is not the case with Yahoo and Fox.”

Users don’t need to click on anything to get infected; a computer becomes infected immediately after the ad is loaded by the browser, Avast said.

Since the malware started spreading in late December, Avast has registered more than 2.6 million instances of it on customers’ computers.

This same post is available on my local blog at http://www.networkingdelaware.com/blogpage.html

Posted in Drive-by Infection, Malvertising, Malware | Print | 1 Comment »