Any comments?

The blogger claims 9500 new legitimate sites being infected daily with
malware engines.

RL

http://ddanchev.blogspot.com/2007/07...ncreasing.html

The emerging trend of malware embedded sites

Malware embedded web sites are steadily gaining a priority in an
attacker's arsenal of infection and propagation vectors, and we've
been witnessing the trend for over an year and a half now. Malware
authors seem to have found an efficient way to hijack, inject and
exploit legitimate sites or Web 2.0 services in order to serve the
obfuscated payload which is no longer purely relying on social
engineering tactics, but is basically exploiting unpatched client side
vulnerabilities to infect the visitors. Also, malware authors seem to
have started thinking as true marketers, taking into consideration
that a visitor will go through a potentially malware embedded site
only once and wouldn't visit it given the lack of content -- blackhat
SEO garbage -- so that they've stopped relying on having a malicious
site exploit a single vulnerability only, and started hosting multi-
browser, multi-third-party malware embedded sites, thus achieving
malicious economies of scale.

Here's a great summary courtesy of Sophos showcasing the increasing
number of sites with malware embedded payload :

"The figures compiled by Sophos's global network of monitoring
stations show that infected web pages continue to pose a threat,
affecting official government websites as well as other legitimate
pages. On average this month, Sophos uncovered 9,500 new infected web
pages daily - an increase of more than 1000 every day when compared to
April. In total, 304,000 web pages hosting malicious code were
identified in May."

The stats are a great wake up call for those still believing that
malware comes in the form of executables and is mostly using email as
propagation and infection vector. Moreover, these stats show great
similaties with the ones released by ScanSafe an year ago whose
conclusion was that based on 5 billion web requests there was once
piece of malware hosted on 1 of every 600 social networking pages

RayLopez99 wrote:
> Any comments?
>
> The blogger claims 9500 new legitimate sites being infected daily with
> malware engines.
>
> RL
>
> http://ddanchev.blogspot.com/2007/07...ncreasing.html

[...]

I can believe it. It's real easy to capture some of those obfuscated
scripts being served up. I'm not personally aware of any that served up
software exploits, but lots of fake-AV scareware and a few fake "Codec"
trojans.

Bullwinkle. wrote:
> Sounds like a job for you and david brooks (bd).. go get'em!

Why?

On Tue, 24 May 2011 03:56:54 -0700 (PDT), RayLopez99
<(E-Mail Removed)> wrote:

>Any comments?
>
>The blogger claims 9500 new legitimate sites being infected daily with
>malware engines.
>
>RL

Visiting this site:

www.dremel.com

actually caused my Windows Installer program (WINXP SP3) to start up.
I CTRL+ALT+DEL and killed the iexplorer process in task manager. No
alert popped up from Kaspersky AV on my system. This is THE ONLY site
that ever caused this type of behavior that I have run into. I talked
to a customer service rep about it over the phone when ordering some
parts from Dremel. Any idea what might have cause my Win Installer to
start up?
Dave

(E-Mail Removed)d wrote:
> On Tue, 24 May 2011 03:56:54 -0700 (PDT), RayLopez99
> <(E-Mail Removed)> wrote:
>
>> Any comments?
>>
>> The blogger claims 9500 new legitimate sites being infected daily with
>> malware engines.
>>
>> RL
>
> Visiting this site:
>
> www.dremel.com
>
> actually caused my Windows Installer program (WINXP SP3) to start up.
> I CTRL+ALT+DEL and killed the iexplorer process in task manager. No
> alert popped up from Kaspersky AV on my system. This is THE ONLY site
> that ever caused this type of behavior that I have run into. I talked
> to a customer service rep about it over the phone when ordering some
> parts from Dremel. Any idea what might have cause my Win Installer to
> start up?

A script?

Maybe from an infected adserver servicing that page?

Clues *might* still be found in your temporary internet files.

(E-Mail Removed)d wrote:

[trimmed the Lopez crap]

You should have started a new thread for your specific problem.

> Visiting this site:
> www.dremel.com
>
> actually caused my Windows Installer program (WINXP SP3) to start up.
> I CTRL+ALT+DEL and killed the iexplorer process in task manager. No
> alert popped up from Kaspersky AV on my system. This is THE ONLY site
> that ever caused this type of behavior that I have run into. I talked
> to a customer service rep about it over the phone when ordering some
> parts from Dremel. Any idea what might have cause my Win Installer to
> start up?

What browser were you using? {!important}

I'm not using Windows, but I don't see anything in a quick glance at the
Dremel main page that should do what you say. I do notice that the site
is written in .aspx so it could be Windows-specific.

I also see that jQuery is used. I have seen a lot of complaints lately
like "site doesn't work", or "site crashes my browser", or "Windows
locked up." A high percentage of those sites were using jQuery. Perhaps
those folks have some new-fangled thang that ain't working right.

Just sayin'.

--
-bts
-Four wheels carry the body; two wheels move the soul

On Thu, 26 May 2011 22:59:19 -0400, "Beauregard T. Shagnasty"
<(E-Mail Removed)> wrote:

>(E-Mail Removed) wrote:
>
>[trimmed the Lopez crap]
>
>You should have started a new thread for your specific problem.
>
>> Visiting this site:
>> www.dremel.com
>>
>> actually caused my Windows Installer program (WINXP SP3) to start up.
>> I CTRL+ALT+DEL and killed the iexplorer process in task manager. No
>> alert popped up from Kaspersky AV on my system. This is THE ONLY site
>> that ever caused this type of behavior that I have run into. I talked
>> to a customer service rep about it over the phone when ordering some
>> parts from Dremel. Any idea what might have cause my Win Installer to
>> start up?
>
>What browser were you using? {!important}
>
>I'm not using Windows, but I don't see anything in a quick glance at the
>Dremel main page that should do what you say. I do notice that the site
>is written in .aspx so it could be Windows-specific.
>
>I also see that jQuery is used. I have seen a lot of complaints lately
>like "site doesn't work", or "site crashes my browser", or "Windows
>locked up." A high percentage of those sites were using jQuery. Perhaps
>those folks have some new-fangled thang that ain't working right.
>
>Just sayin'.

I am still using IE 6. I tried to upgrade to later versions and found
the interface to be typical of MS "improvements". Take something
functional and destroy it.
Dave

From: <(E-Mail Removed)>

>>
>> What browser were you using? {!important}
>>
>> I'm not using Windows, but I don't see anything in a quick glance at the
>> Dremel main page that should do what you say. I do notice that the site
>> is written in .aspx so it could be Windows-specific.
>>
>> I also see that jQuery is used. I have seen a lot of complaints lately
>> like "site doesn't work", or "site crashes my browser", or "Windows
>> locked up." A high percentage of those sites were using jQuery. Perhaps
>> those folks have some new-fangled thang that ain't working right.
>>
>> Just sayin'.
>
> I am still using IE 6. I tried to upgrade to later versions and found
> the interface to be typical of MS "improvements". Take something
> functional and destroy it.
> Dave


No problems w/IE6.

In the future, please don't hijack someone else's thread. Please start your own.

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

(E-Mail Removed)d wrote:

> >> Visiting this site:
> >> www.dremel.com
> >>
> >> actually caused my Windows Installer program (WINXP SP3) to
> >> start up.

Heh.

One of the nice things about running win-98. I have no fear about
browser exploits.

Running Firefox 2.0.0.20 I don't see anything wrong with dremel.com.

> > What browser were you using? {!important}
>
> I am still using IE 6.

(choke)

What ?!

I didn't think you could instal SP3 without replacing IE6 with IE7 or 8.

> I tried to upgrade to later versions and found the interface
> to be typical of MS "improvements".

I also didn't think it was possible to down-grade back to IE6 once you
replaced it with IE7/8.

> Take something functional and destroy it.

You think IE6 is functional?

It's a train-wreck of a browser - the bane of web developer for years.

But even using IE6 on my win-98 system, there's nothing wrong with
dremel.com Other than the fact that it caused some sort of problem that
is forcing IE6 to close - while asking if I want to send an error report
to Microsoft.

Dremel's stuff is over-priced anyways.

On Thu, 26 May 2011 23:12:55 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: <(E-Mail Removed)>
>
>>>
>>> What browser were you using? {!important}
>>>
>>> I'm not using Windows, but I don't see anything in a quick glance at the
>>> Dremel main page that should do what you say. I do notice that the site
>>> is written in .aspx so it could be Windows-specific.
>>>
>>> I also see that jQuery is used. I have seen a lot of complaints lately
>>> like "site doesn't work", or "site crashes my browser", or "Windows
>>> locked up." A high percentage of those sites were using jQuery. Perhaps
>>> those folks have some new-fangled thang that ain't working right.
>>>
>>> Just sayin'.
>>
>> I am still using IE 6. I tried to upgrade to later versions and found
>> the interface to be typical of MS "improvements". Take something
>> functional and destroy it.
>> Dave
>
>
>No problems w/IE6.
>
>In the future, please don't hijack someone else's thread. Please start your own.

Actually I thought I was completely on topic to the OP's post, said
post being about malware hi-jacks of legitimate sites. The fact that a
legitimate site caused my Win Installer to start up seemed like
evidence of a possible exploit to me. It's THE ONLY site I have ever
had this happen on.

As I also mentioned, I had spoken with a Dremel customer service rep
on the phone to order parts and mentioned this occurance. Maybe they
have fixed their site. I haven't been back to find out because my
parts arrived in the mail and I have been busy fixing some things
around the house with them.
Dave