Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Blackwulf on April 03, 2011, 10:06:14 AM
-
I had a run-in with this stupid thing this morning, so thought I'd pass along a heads-up for those who are not computer savvy.
A new malware attack is going around, nicknamed "Lizamoon" it is the usual SQL code line that redirects your browser to a web page that does a fake scan of your computer, and of course finds all sorts of viruses that you have to delete right away with their special software! It also has an annoying pop up window that blocks you from being able to just browse away.
There is no way to know if web page you are going to is infected, so once this pops up you have to deal with it, which is fortunately very simple. This piece of crap has infected a huge number of websites, not just the usual culprits, so you are likely to run into it no matter how safe your browsing usually is.
1. Do NOT click to download or run the app. This is a no-brainer.
2. Do NOT click to close the pop up window, it usually is coded to give permission to run the app as though you had clicked "yes" no matter what you click on, including the red X button that normally closes a window.
3. Hit alt-ctrl-del and bring up the task manager. Highlight your browser in running apps, and close it using task manager.
4. Delete your temporary internet files and browsing history using CCleaner (recommended) or manually. If your browser asks to restore session, tell it no. Not an essential step if you use an old browser, but better to be safe and not have any links or code from this hanging around. Also after closing this way, some browsers will restore session automatically if you don't delete the temp files, and that will just take you right back to the malware.
5. I call first dibs to hang the originator of this by his family jewels with piano wire.
-
what about a system scan with an anti-malware / virus cleaner?
-
A lot of the anti virus software will miss this one if it gets on your system, but it is easy to avoid, hence my post. My post is about keeping it off your system in the first place.
There are a lot of people who don't know the trick of using task manager to close their browser. The only nice thing about this one is if you don't give it permission to download and run on your system, it can't.
Just having your web browser redirected is not enough to infect your system, so don't panic if the web page pops up, just follow the steps above. I hope they never figure out a way to make it auto install.
The infection is on the server side, and has been installed on the web page, not your system, unless you accept the download. It would be dead in the water if more admins kept their software up to date, and understood security better. Deleting the temp files will prevent you from just being brought right back to the scam page, as well as deleting any code your browser may have pre-fetched.
-
Using firefox + noscript this will not even happen.
-
Using firefox + noscript this will not even happen.
i should be safe then if this is the case :rock
-
Using firefox + noscript this will not even happen.
Unless your like my wife and instead of enabling only the part of the page she wants to see will choose "allow all this page"
For those that havent figured it out on their own yet. you can choose to either permanently enable or temporarily enable only the parts of a page you want to see.
Say if a page had a video you want to see. move the mouse pointer over where the video is and look at the bottom of the window. the properties of that link/video should show up there. Then just right click on the page and go down to "no script" and allow the properties of the video or other portion you want to view.
That was you can see what you want to see and not enable the entire page.
-
Thanks for the info, upgraded to FF + NS it works great! I also like the download them all addon, very handy at times.
-
Had no idea SQL could do that
-
oh fantastic.. bet I'll be seeing this at work in the next few days
-
Thanks for the info, upgraded to FF + NS it works great! I also like the download them all addon, very handy at times.
Especially when downloading skins
-
Had no idea SQL could do that
:rolleyes:
-
:rolleyes:
Shut it old man. I know how to inject sql statements. Everyone knows if the look at Wiki. I don;t get how you can get a virus from it
-
Shut it old man. I know how to inject sql statements. Everyone knows if the look at Wiki. I don;t get how you can get a virus from it
I was agreeing with you ... :huh
Maybe he was thinking ... javascript ?
-
:rolleyes:
:rofl :rofl
-
I was agreeing with you ... :huh
Maybe he was thinking ... javascript ?
Oups :D
-
Had no idea SQL could do that
Decent firewalll should sort it out, unless work is dumbed out and went cisco?
-
http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Escalates-Out-of-Control-378108/
This gives the details, and like I said, you still need to give permission for the app to run on your system before it can do real harm. Anti virus doesn't block it, as it is not a normal virus attack. Firefox with script blocker is working great, I have also recommended switching our browsers at work over to it, but having the same problem getting my boss to understand how it works, and why our anti-virus isn't the solution.
-
you too Blackwulf?
I've tried for four years to get management to make the employees use Firefox with absolutely no luck. And every time there's a problem with someones machine 'oh look a toolbar'.
bunch of nitwits.
-
you too Blackwulf?
I've tried for four years to get management to make the employees use Firefox with absolutely no luck. And every time there's a problem with someones machine 'oh look a toolbar'.
bunch of nitwits.
Hey, as a company, who do you call for firefox support?
-
you :)
In all seriousness though I've never had a problem with FF or any person I recommended (forced) it on. Cut wayyy down on instances of malware etc.
-
I had a run-in with this stupid thing this morning, so thought I'd pass along a heads-up for those who are not computer savvy.
A new malware attack is going around, nicknamed "Lizamoon" it is the usual SQL code line that redirects your browser to a web page that does a fake scan of your computer, and of course finds all sorts of viruses that you have to delete right away with their special software! It also has an annoying pop up window that blocks you from being able to just browse away.
There is no way to know if web page you are going to is infected, so once this pops up you have to deal with it, which is fortunately very simple. This piece of crap has infected a huge number of websites, not just the usual culprits, so you are likely to run into it no matter how safe your browsing usually is.
1. Do NOT click to download or run the app. This is a no-brainer.
2. Do NOT click to close the pop up window, it usually is coded to give permission to run the app as though you had clicked "yes" no matter what you click on, including the red X button that normally closes a window.
3. Hit alt-ctrl-del and bring up the task manager. Highlight your browser in running apps, and close it using task manager.
4. Delete your temporary internet files and browsing history using CCleaner (recommended) or manually. If your browser asks to restore session, tell it no. Not an essential step if you use an old browser, but better to be safe and not have any links or code from this hanging around. Also after closing this way, some browsers will restore session automatically if you don't delete the temp files, and that will just take you right back to the malware.
5. I call first dibs to hang the originator of this by his family jewels with piano wire.
This is where you can put your knowledge of the Alt+F4 trick to good use for you too. If it looks like something you don't even want to touch with your mouse, just hit Alt+F4 a few times first, it often will do the trick of just stopping and closing your web browser program, but if not then some cntrl+alt+delete forced process stopping/canceling should do the trick.
-
Hey, as a company, who do you call for firefox support?
Me, unoffically LOL
I have been forced into using IE at work until the other day, hence my warning being mostly for IE users. I may have been a little unclear on that fact as my original post was written from work on a break, and I was still in IE mode.
We have a contract with the local college (who we also rent our office space from) for things like maintaining our server or installing new equipment, but for the day to day stuff everyone runs to me, as it can take several days for a response to a problem. My boss is very hands-off when it comes to the computers, and panics at the thought of me doing anything, so we have to do it on the sly. Basically he is a college snob, I don't have a computer degree, so to him I obviously don't know anything about computers. (My first personal computer was a TRS-80, and I opted for technical college instead of my last two years of High School. I was running jobs on a Digital 1250 mainframe in COBOL and RPG-II via punch cards while he was still in kindergarten. I don't even begin to claim to be the end-all of computer knowledge, but I am no 12 o'clock flasher when it comes to tech) [Now I have dated myself pretty good I think]
At the same time, I am the one who is maintaining our website, and am in the process of rewriting the whole thing from scratch. Any time I talk about computer stuff, or my progress on the website his eyes glaze over and he brushes me off real quick. I thought he was going to have a heart attack one time when he found out that I had opened the case on my CPU and gave it a good cleaning and rerouted the ribbon cables to get better air flow. The next time one of the college guys comes by, I am going to ask him to give a recommend to my boss for Firefox, and that should resolve the issue for me. (And he will march into my office and order me to do it like it was his personal revelation from God) Unkown to him, I also have a blank check to do whatever I want, hardware or software, on my system from the college guys, they drop by to "talk shop" now and then. Sorry to prattle on, but my boss drives me nuts!
In the meantime, I just hope no one gets hit with this thing. Given the frequency that they have to come over and remove malware from the other computers, I think it is a pretty safe bet they will do the recommendation for me. I have been running FF on my home comp for years as I have always liked it's features better, but didn't know about the no script addon. I have quietly installed FF and no-script on my system at work, to um, test my webpage updates in multiple platforms, of course......
-
geez black
sounds like my job excepting the blank check of course.
'the network is down' - fixed (ipconfig release / renew)
'my computer is slow' - fixed (thanks for installing that tool bar tool boy)
'my email isn't working' - fixed (you changed your settings to 'view unread messages idjit')
'can you move these pictures for me' - sure (come ON buy your own freaking camera and learn how to use it)
but when I tell them to move out of their comfort zones I run into a brick wall. I'm hardly an expert. I'd give myself an 'okay' rating at fixing stuff but who is the guy that gets yelled at when the owner can't open a pdf file? ME.
Then I come here if I can't fix it and say 'HAAAAALLLLLPPPPPPP!!!!' and the AH community
always comes through. :D
Speaking of.. does anybody know a way to block IE on XP so I can force my coweinies to use FF?
-
I started my day today by unjamming and resetting the copier, and explaining to my co-worker that you have to properly unfold the originals before they will feed through the auto-feeder. >sigh<
Maybe we need to start a new thread for these stories.
-
I started my day today by unjamming and resetting the copier, and explaining to my co-worker that you have to properly unfold the originals before they will feed through the auto-feeder. >sigh<
Maybe we need to start a new thread for these stories.
Now that would be a funny thread :lol
-
Indeed it would