Ah... Security Vulnerabilities

[yettitheman]

Yep, it's been a while since I've been on.

Now... onto the good stuff.

Yesterday morning, I was doing a routine Google search.
What's this???

Hmm.... not... good.
Tried the search on a few other search engines... did not get Avast to fire off.

Also, I tried searching for the site domain name itself and did not get any warning. So, it leads me to believe that it's just that particular search sting that's infected.

Now... the search itself is not a search redirect hack, at least from what I can tell. Every other search still works like it's supposed to.

* * * WARNING * * *
I DO NOT recommend using this phrase in Google search unless you have the proper software, knowledge, or expertise to work with live malware.
* * * END WARNING * * *

If someone wants to confirm what I'm seeing, search for "synch point blog" in Google. I've tried this on two computers, both with Avast and Firefox with NoScript installed. Searching for "bro-usa.com" (which is the actual web site you would have gone to) should bring up nothing.

If you want to know what the website is, it USED to be a website for Broccoli USA, a distributor for Anime in the US. (This website given next is legit and safe.)
http://www.animenewsnetwork.com/news/2008-11-19/broccoli-international-usa-to-shut-down-by-year-end

Really, the whole reason I went to look for this was that my FLCL Ultimate Edition Disc One was incorrectly stamped from the factory; there was a blog on the site that dealt specifically with this issue, but looks like it never was and never will be rectified.

 

[njedpx3]

Be Very Careful !

Be very careful with any malware, grayware or spyware! -- Especially those that purport to have discovered a virus problem and suggest you install or worse buy them to fix the problem they found.

Hopefully, you have a highend Anitvirus Software installed with current/up-to-date Virus and Malware signatures. Some good comercail software poducts are : Symantec's ( Norton), Trend Micro, and McAfee.

There are also two excellent FREE products.

SpyBot Search & Destroy ( be very careful there are a lot of know-off wanabes, that are not near as good and what to charge you $$$)

Here is one place to download it from : http://www.safer-networking.org/en/


Lavasoft- AD-AWARE ( the FREE version is very good, don't pay $$$)
http://www.lavasoft.com/products/ad_aware_free.php

Be careful they make a hard sales pitch to buy the $$$ version, don't
Keep following the FREE path.


Run these at least once a month or sooner if your PC slows down or starts acting strange ( highly technical term ).

But the key thing to remember is to "RUN" software the PC will always ask your permsssion. If you did not initiaite the install then cancel because that means some virus, Trojan, worm, BOT, spyway, gray ware, malware, or other malicious code is trying to "run" or "install"the software on your behalf with your credentials.


Peace and PC Security -- and don't forget Good Sound ,

Forest Man

 

[lsiberian]

Be very careful with any malware, grayware or spyware! -- Especially those that purport to have discovered a virus problem and suggest you install or worse buy them to fix the problem they found.

Hopefully, you have a highend Anitvirus Software installed with current/up-to-date Virus and Malware signatures. Some good comercail software poducts are : Symantec's ( Norton), Trend Micro, and McAfee.

There are also two excellent FREE products.

SpyBot Search & Destroy ( be very careful there are a lot of know-off wanabes, that are not near as good and what to charge you $$$)

Here is one place to download it from : http://www.safer-networking.org/en/


Lavasoft- AD-AWARE ( the FREE version is very good, don't pay $$$)
http://www.lavasoft.com/products/ad_aware_free.php

Be careful they make a hard sales pitch to buy the $$$ version, don't
Keep following the FREE path.


Run these at least once a month or sooner if your PC slows down or starts acting strange ( highly technical term ).

But the key thing to remember is to "RUN" software the PC will always ask your permsssion. If you did not initiaite the install then cancel because that means some virus, Trojan, worm, BOT, spyway, gray ware, malware, or other malicious code is trying to "run" or "install"the software on your behalf with your credentials.


Peace and PC Security -- and don't forget Good Sound ,

Forest Man

Install malware(norton, McAfee) to prevent it. Can't say I'm surprised.

If you stop searching for certain sites on the internet. You won't need to slow down your computer 20%

 

[10010011]

If someone wants to confirm what I'm seeing, search for "synch point blog" in Google. I've tried this on two computers, both with Avast and Firefox with NoScript installed. Searching for "bro-usa.com" (which is the actual web site you would have gone to) should bring up nothing.

I just used your search phrase and came up with this:

Clicking on the first link "www.bro-usa.com/sp_blog" does gives a warning from Google about it being a bad site.

Going directly to "www.bro-usa.com/sp_blog" sets off Symantec.
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.193
File: C:\DOCUME~1\Bob\LOCALS~1\Temp\plugtmp-3\plugin-onePoint.swf

Looks like they are using a Shockwave Flash exploit to install malware.

 

[yettitheman]

Be very careful with any malware, grayware or spyware! -- Especially those that purport to have discovered a virus problem and suggest you install or worse buy them to fix the problem they found.

Hopefully, you have a highend Anitvirus Software installed with current/up-to-date Virus and Malware signatures. Some good comercail software poducts are : Symantec's ( Norton), Trend Micro, and McAfee.

There are also two excellent FREE products.

SpyBot Search & Destroy ( be very careful there are a lot of know-off wanabes, that are not near as good and what to charge you $$$)

Here is one place to download it from : http://www.safer-networking.org/en/


Lavasoft- AD-AWARE ( the FREE version is very good, don't pay $$$)
http://www.lavasoft.com/products/ad_aware_free.php

Be careful they make a hard sales pitch to buy the $$$ version, don't
Keep following the FREE path.


Run these at least once a month or sooner if your PC slows down or starts acting strange ( highly technical term ).

But the key thing to remember is to "RUN" software the PC will always ask your permsssion. If you did not initiaite the install then cancel because that means some virus, Trojan, worm, BOT, spyway, gray ware, malware, or other malicious code is trying to "run" or "install"the software on your behalf with your credentials.


Peace and PC Security -- and don't forget Good Sound ,

Forest Man

I'm a security specialist / network tech / computer hardware tech by trade, so keeping my machines running well isn't too difficult.
My last rig ran 7 years without any type of Anti-Virus protection, needless to say, that the hard drive in it just got so old from running nearly 24/7. After that, I thought it would be a good idea to install AV on it as well, seeing as unnecessary risks without running some would be, for lack of a better term, stupid. Not to mention, it gets tiresome managing permission settings and execution rules all the time, so yeah, I'm lazy too

And... I will NEVER use another Norton/Symantec product again... EVER!
Reason being, it wants to control WAY too much and it latches onto system files too hard.

 

[yettitheman]

I just used your search phrase and came up with this:

Clicking on the first link "www.bro-usa.com/sp_blog" does gives a warning from Google about it being a bad site.

Going directly to "www.bro-usa.com/sp_blog" sets off Symantec.
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.193
File: C:\DOCUME~1\Bob\LOCALS~1\Temp\plugtmp-3\plugin-onePoint.swf

Looks like they are using a Shockwave Flash exploit to install malware.

Cool. Since mine pretty much clamped down on connections when it found the file, it never specified what or exactly where it was coming from, other than the fact that it found something trying to come in off of the connection.

The sad part, is that most of the "bad files" typically show up in the temp folder.... and they will execute through that and propagate.
Almost every machine I've had to fix or clean up seems to have an infection in the Temp folder and spread elsewhere.... usually Java or Flash files cause it.

 

[Zaluss]

Tried it today on an auxillery machine. Microsoft Security Essentials caught it. I also did get the google warning.

 

[10010011]

Cool. Since mine pretty much clamped down on connections when it found the file, it never specified what or exactly where it was coming from, other than the fact that it found something trying to come in off of the connection.

The sad part, is that most of the "bad files" typically show up in the temp folder.... and they will execute through that and propagate.
Almost every machine I've had to fix or clean up seems to have an infection in the Temp folder and spread elsewhere.... usually Java or Flash files cause it.

I run the corporate edition of Symantec anti-virus not the "Norton" commercial crap. I think if it's good enough for my company it's good enough for me. But anyway the file was quarantined automatically and moved from the temp directory, and I deleted it.